Premium Essay

Access Security Week 2

In:

Submitted By dhawkins11
Words 800
Pages 4
Whether your organization already has a classification policy, or is just defining one now, it’s best to start simple. Many organizations use three categories:
A category such as “Public” to indicate non-sensitive information
An “Internal” category for information that should stay within the organization
A category such as Confidential or Restricted for information that is particularly sensitive.
The classification level assigned to data will guide data owners, data custodians, business and technical project teams, and any others who may obtain or store data, in the security protections and access authorization mechanisms appropriate for that data. Such categorization encourages the discussion and subsequent full understanding of the nature of the data being displayed or manipulated. Data is classified as one of the following:
Public (low level of sensitivity)
Access to “Public” institutional data may be granted to any requester. Public data is not considered confidential. Examples of Public data include published directory information and academic course descriptions. The integrity of Public data must be protected, and the appropriate owner must authorize replication of the data. Even when data is considered Public, it cannot be released (copied or replicated) without appropriate approvals.
Sensitive (moderate level of sensitivity)
Access to “Sensitive” data must be requested from, and authorized by, the Data Owner who is responsible for the data. Data may be accessed by persons as part of their job responsibilities. The integrity of this data is of primary importance, and the confidentiality of this data must be protected. Examples of Sensitive data include purchasing data, financial transactions that do not include restricted data, information covered by non-disclosure agreements and Library transactions.
Restricted (highest level of sensitivity)

Similar Documents

Premium Essay

It 244 Week 1

...sections of an Information Security Policy. Final Project Timeline You should budget your time wisely and work on your project throughout the course. As outlined below, the assignments in the course are designed to assist you in creating your final project Information Security Policy. If you complete your course activities and use the feedback provided by the instructor, you will be on the right track to successfully complete your final project of creating an Information Security Policy. □ Week One: Introduction Review the two company profiles provided in your syllabus and select the one you will use for your final project company. You design the Information Security Policy for this company throughout the course. Once you have decided which company you are using, it may not be changed; therefore, considerable thought should be put into this decision. Next, decide which type of information security policy—program-level, program-framework, issue-specific, or system-specific—is appropriate for your final project company. Assignment: Final Project Information Security Policy: Introduction Complete and submit Appendix C. Note. Section 1 Introduction of Appendix C corresponds to Section 2 of Appendix B in the final compilation due in Week Nine. In completing Appendix C, provide an overview of your final project company, describe the type of security policy that is appropriate for your scenario, and explain your security goals in terms of confidentiality...

Words: 899 - Pages: 4

Premium Essay

Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes

...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...

Words: 1428 - Pages: 6

Premium Essay

Capstone

...GROUP 2 PROJECT PART 1: DESIGNING A NETWORK PART 2: TYPES OF EQUIPMENT PART 3: PROTOCOL CHOICES PART 4: COMPANY PHONE SYSTEM PART 5: SECURITY PROPOSAL Project scenario: ABC Company with worldwide offices in the U.S. (San Francisco, Detroit, Washington, Indianapolis, and Tampa), Europe (Paris, Liverpool), Japan (Tokyo), and South America (Sao Paulo), is engaged in the development of audio and video special effects for the entertainment and advertising industry. The main design centers are in San Francisco, Detroit, Paris, Tokyo, and Sao Paulo. Corporate Headquarters are in San Francisco. The remaining offices are sales offices. Consider the company to operate on a 24x7 basis, because it is global. To meet the goals of this scenario, Group 2, made up of the members below, have been assigned the following tasks in designing a network structure for this project: 1. Sean Dillon: Project Manager, Contributor; Editor Parts 1, 2, 3, 4 and 5; Submitter. 2. Denzel Chatman: Project Contributor; Section 3. Parts 1, 2, 3, 4 and 5. 3. Christopher Foster: Project Contributor; Section 1-A. Part 1; Part 2; Part 3; Part 4; Part 5. 4. William Collado Cancel: Project Contributor; Section 1-E. Part 1; Part 2; Part 3; Part 4; Part 5; Microsoft Project Editor. 5. Alex Graves: Project Contributor; Section 1-B. Part 1; Part 2; Part 3; Part 4; Part 5. 6. Mark Fortune: Project Contributor; Section 1-C. Part 1;...

Words: 10833 - Pages: 44

Premium Essay

Le Vlademe Eh

...Instructor Information ITSY 2300- ‘Operating Systems Security’ Instructor: Danny A. Dominguez Campus and Office Number: Valle Verde Campus - Room A-1109 Office/Voice Mail Number: (915) 831-2833 Office Hours: Monday/Wednesday/Friday 8:00am – 9:00am 11:00am – 12:00pm Monday/Wednesday 3:00pm - 5:00pm By Appointment E-Mail Address: adomi146@epcc.edu II. Text and Materials A. Fundamentals of Information Systems Security 2nd Edition, Kim, David. Students have two options. They can order from the EPCC campus bookstore, or they can order from the publishers shopping portal (www.shopjblearning.com). Below are the bundle breakdowns and options: OPTION 1: Purchase at EPCC Bookstore: Printed Access Code (For Bookstore) Print Bundle: a. Print Text + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07445-1 Bookstore sets student price: eBundle: a. eBook Rental + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07444-4 Bookstore sets student price: OPTION 2: JONES & BARTLETT: E-mailed Access Code (For Student). Students can go to: www.shopjblearning.com, enter the ISBN in the Search field, and then Add to Cart- proceeding through the checkout process. Print Bundle: b. Print Text + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07440-6 Approx. cost to the student: $170 eBundle: b. eBook Rental + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07439-0 Approx. cost...

Words: 1345 - Pages: 6

Free Essay

Is404 Week 1 Lab

...Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? ...

Words: 1093 - Pages: 5

Premium Essay

Database Security

...CSS330-1502A-01 Database Security Individual Project Key Assignment Chris Pangburn 27 April, 2015 Table of Contents Week 1: Database Security Architecture 4 Differentiate between a Database Management System and a database 4 Network Infrastructure for the best security posture 4 Additional Security mechanisms to protect the Database Server 6 Week 2: User Account Security 7 Creating Schemas 7 Creating Users, Creating Roles, Assigning Privileges based on Access Control Lists 7 Creating Views 10 Week 3: Database Vulnerabilities 11 Description of tools used to perform scans 11 Scan Information 11 False Positive Information 12 Discuss SQL injection attack 12 Week 4: Auditing Techniques 14 Security hardened network design 14 Research of auditing features 14 Description of a trigger 14 Implementation of auditing 14 Week 5: Auditing Policies 15 Write SQL 15 Report based on access 15 Report based on system privileged 15 Audit report showing connection details 15 Report showing object access 15 References 16 Week 1: Database Security Architecture Differentiate between a Database Management System and a database Databases at their essence are nothing more than a collection of organized information (Mullins, 2013). A database can contain stored procedures, tables, fields, indexes, functions, views, security, and many other objects. Relationships between the data can be created which brings more meaning to how the data can be...

Words: 1807 - Pages: 8

Premium Essay

Is4550 Week 5 Lab

...------------------------------------------------- Week 5 Laboratory: Part 1 Part 1: Assess and Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap. Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network...

Words: 1625 - Pages: 7

Premium Essay

Information Security Policy

... What are the effects of international trade to GDP, domestic markets and university students? What are the effects of international trade to GDP, domestic markets and university students?University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Date: 03/25/12 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. This new strategy guide for Bloom Design Group provides a comprehensive strategy for providing a safe and secure work environment. Several new policies and procedures will be implemented...

Words: 3916 - Pages: 16

Premium Essay

Database Lab

...Lab 1.3 (Group B) – Create a Statement of Work Step 1: Read the Grandfield College scenario on p. 18 of the textbook. Step 2: Identify the major topics for this database Step 3: Write a draft statement of work that includes the scope, objectives, and a preliminary timeline. You will need to turn in a Word document to the instructor by the end of class. Step 2: Major Topics for Database: a. Software b. Software Version c. Licensed Agreement d. Machine e. Machine Location f. Install Data g. Software Request h. Availability i. Software location j. Access level Step 3: Scope Grandfield College wants a database to track faculty and staff computers, what software is installed on each, who has access to each computer, and requests for new software. Being able to track install issues would also be of great benefit for easier troubleshooting. Objectives ● Track what software is installed and removed and the licensing and type of install (local vs. server) for the software on faculty and staff computers in one place. ● Track the location of the faculty and staff computers and who has access to each. ● Track requests for new software and when software is checked out to faculty with administrator privileges on their machines. Tasks and Timeline 1. Gathering Data: This task will consist of obtaining the spreadsheets that contain the lists of the listing of software, the type of licensing for the software...

Words: 459 - Pages: 2

Premium Essay

Information Security Policy

... Information Security Policy Student Name: Brice Washington Axia College IT/244 Intro to IT Security Instructor’s Name: Professor Smith Date: 11/7/2011 Table of Contents 1. Executive Summary 1 2. Introduction 1 3. Disaster Recovery Plan 1 3.1. Key elements of the Disaster Recovery Plan 1 3.2. Disaster Recovery Test Plan 1 4. Physical Security Policy 1 4.1. Security of the facilities 1 4.1.1. Physical entry controls 1 4.1.2. Security offices, rooms and facilities 1 4.1.3. Isolated delivery and loading areas 2 4.2. Security of the information systems 2 4.2.1. Workplace protection 2 4.2.2. Unused ports and cabling 2 4.2.3. Network/server equipment 2 4.2.4. Equipment maintenance 2 4.2.5. Security of laptops/roaming equipment 2 5. Access Control Policy 2 6. Network Security Policy 3 7. References 3 Executive Summary Due in Week Nine: Write 3 to 4 paragraphs giving a bottom-line summary of the specific measureable goals and objectives of the security plan, which can be implemented to define optimal security architecture for the selected business scenario. With advancements in technology there is a need to constantly protect one’s investments and assets. This is true for any aspect of life. Bloom Design is growing and with that growth we must always be sure to stay on top of protecting ourselves with proper security. For Bloom Design the...

Words: 4226 - Pages: 17

Premium Essay

Dfhdfh

... |College of Natural and Behavioral Sciences | | |Department of Computer Science | | |http://csc.csudh.edu | |Course Title: |Communication Systems Security | |Course Number: |CTC 362 | |Instructor Name: | Mehrdad S. sharbaf, ph.d. msharbaf@csudh.edu, Office: tba, phone: tba, office Hours: tba | |Date: |Spring Semester, 2016 | |Course Length: |_15_ Weeks | |Web Companion |N/A | |Blackboard Web Site |HTTP://toro.csudh.edu...

Words: 1433 - Pages: 6

Premium Essay

Kudler Fine Foods Network Design Project

...Protocol (HTTP) is used for transfer of multimedia files, video, sound, and text over the internet. Kudler Fine Foods will implement File Transfer Protocol (FTP) to download files, transfer files, delete files, copy and rename files from the internet as needed. Mesh Protocol will be used to connect all devices such as printers, computers, and scanners on the network. In a true mesh topology every node has a connection to every other node in the network ("Common Physical Network Topologies ", 2014).   The network will consist of a hardware firewall blocking unwanted access from outside of the location. The next step is to set up a hub or switch that will connect all of the stores terminals. All of these terminals such as registers and remote locations such as warehouse will be hardwired with twisted pair CAT 5 Ethernet cable. The server will be located in a room in each store with the hub or switch. A wireless access point/router will be centrally located in the store to provide good signal in every part of the store for employees using their handheld devices to be able to view and update the store inventory while on the sales floor Since the blade servers are easily expanded upon, cost efficient, and energy efficient as well upgrading will be easy, for that reason a Cisco UCS E-Series Server, will...

Words: 4817 - Pages: 20

Premium Essay

Dlis Information Security Risk Assessment

...| DLIS Compliance Risk Management Plan | | | Battle Creek, MIRich FranklinMauricio MosqueraHerby ThomasLouis Zayas * 13-Jan-14 | | * Table of Contents COVER 1 TABLE OF CONTENTS 2 DOCUMENT CHANGE LOG 3 Project Risk Management Plan Purpose AND SCOPE 4 Key Roles and Responsibilities 4 Risk Management Process and Activities 5 Risk Management Plan Audit Log 5 Risk Assessment and Management Table 6 COMPLIANCE LAWS AND REGULATIONS 8 PROPOSED SCHEDULE 9 Risk Management Plan Approvals 10 * Department: Information Technology Product or Process: Risk Management Document Owner: Battle Creek, MI IT Version | Date | Author | Change Description | 0.1 | 1/6/14 | RFranklin | Initial Draft | 0.2 | 01/12/14 | RFranklin | Revision 1 | 0.3 | 1/13/14 | RFranklin | Revision 2 | * Project Risk Management Plan Purpose and Scope The purpose of this Risk Management Plan is to identify the strategies, methods, and procedures to be used within the Michigan Air National Guard, Battle Creek, Michigan supply chain in identifying, evaluating, and mitigating the risk involved in daily and long term operations. All Department of Defense and federal agencies must at least comply with the minimum standards set forth in Law, DOD directives, branch of service regulations, and local base regulations. This plan provides local guidelines for applying the FISMA standards using...

Words: 1209 - Pages: 5

Premium Essay

Course Discription

...& Brown, L. (2008). Computer security principles and practice. Pearson Education, Inc. Software Microsoft® Project 2010 (Virtual Desktop) Microsoft® Visio® 2010 (Virtual Desktop) Microsoft® Excel® 2010 (Virtual Desktop) Microsoft® Word 2010 (Virtual Desktop) All electronic materials are available on the student website. Supplemental Resource Microsoft. (2012). Microsoft Office Project 2010. Hoboken, NJ: Wiley. Article References Barr, J. G. (2012). Business continuity for web sites. Faulkner Information Services, 1-9. Barr, J. G. (2012). Identity management market trends. Faulkner Information Services, 1-10. Barr, J. G. (2013). Common criteria overview. Faulkner Information Services, 1-10. Barr, J. G. (2013). Biometrics market trends. Faulkner Information Services, 1-7. Week One: IT Security Overview Details Due Points Objectives 1.1 Recognize the importance of IT security implementation. 1.2 Identify major security issues associated with physical and operating system security. 1.3 Describe basic advantages and disadvantages among the various security implementations. Course Preparation Read the course description and objectives. Review the Learning Team Toolkit. NOTE: TestOut LabSims are available for this course. See Week One, Course Materials Page. Reading Read Ch. 1, “Overview,” of Computer Security Principles and Practice. Reading Read Ch. 2, “Cryptographic Tools,” of Computer Security Principles and Practice. ...

Words: 949 - Pages: 4

Premium Essay

Friends

...license agreement for particular software, it is essential for the institution to know which software is installed on which machine, where that machine is located, and which users have access to that machine. It is also important to track when the software is uninstalled from a machine and when a machine is retired. Grandfield college currently uses several spreadsheets to track this information. They also track requests for new software, software checkouts to faculty with administrative privileges on their machines, and if installs are successful or run into any problems. When requests for software are received, the software management team must manually access a spreadsheet to see if the school has the data. When new software arrives, they must manually check the licensing agreement online when they don’t know off the top of their head. These agreements vary between being accessible to any computer on site via a server install or having a limited number of copies that must be installed client-side. A database would allow Grandfield to effectively track all of these things in one place and to be able to draw a better view of what the demands are over time. Scope Grandfield College wants a database to track faculty and staff computers, what software is installed on each, who has access to each computer, and requests for new software. Being able to track install issues would also be of great benefit for easier troubleshooting. Constraints Software for student machines...

Words: 615 - Pages: 3