Premium Essay

Assignment 2: Identifying Potential Risk, Response, and Recovery

In:

Submitted By adrelatedemail
Words 1056
Pages 5
The CIO Company will use firewalls, intrusion detection systems, virus scanners and other protective software to provide some assurance that the security policies for the site are properly implemented. Firewalls are the basis of computer and network security defense. They are widely deployed. They are very hard to configure properly, and people who configure them may not know the current threats and attacks. For example, an administrator maybe working on some task and might leave something open in a firewall where attackers can enter through. Some firewalls have the vulnerability that enables attackers and be defeated. By identifying the network components, you can evaluate their vulnerabilities. These vulnerabilities can have flaws in the technology, configuration, or security policy. Vulnerabilities can be fixed different ways, applying software patches, reconfiguring devices, or deploying countermeasures such as firewalls and antivirus software. Threat is when people take advantage of vulnerability and cause a negative impact on the network. If threat occurs it needs to be identified, and the associated vulnerabilities need to be addressed to minimize the risk.
As of today, most of the hackers are interested in hacking services such as HTTP (TCP Port 80) and HTTPS (TCP Port 443), which are open in many networks. By using access control devices, they can detect malicious exploits aimed at these services. Now these days applications has improve and very hard for hackers to get into but the technology need to stay up to date and be more intelligent. The attack methodology requires firewalls to provide not only access control and network protection, but also to understand application behavior to protect against attacks and hazards. Hackers’ always targeting applications and their goal is to get into one of these: Denying service to legitimate users

Similar Documents

Premium Essay

Is305 Project

...Risk Management Plan Project Name: IS305 Project Manager: Paul Bettinger Date: October 1, 2013 RISK management PLAN INTRODUCTION 2 PURPOSE AND SCOPE 2 RISK MANAGEMENT PLANNING 3 RISK MANAGEMENT ASSIGNMENTS 6 RISK MANAGEMENT TIMELINE 7 MITIGATION PLAN Introduction 8 Cosiderations 8 Prioritizing 9 Cost benefit analysis 10 Implementation 11 Follow-up 11 Buisness impact analysis Introduction 12 Scope 12 PURPOSE AND objectives 13 Steps of bia 13 final review 15 BUSINESS CONTINUITY PLAN Introduction 16 oBJECTIVES 16 BCP PLANNING 17 PLAN UPDATES AND TRAINING 21 computer incident response team Introduction 22 Purpose 22 elements of the plan 23 incident handling process 23 cirt members 23 detection 24 containment 24 recovery and review 24 cirt policies 25 FINAL THOUGHT RISK MANAGEMENT PLAN INTRODUCTION A risk management plan is a process for identifying, assessing, and prioritizing risks that could cause the company a loss. Identifying these risks, threats and vulnerabilities and taking action to prevent or control them now and in the future. Creating a risk management consists of measuring and prioritizing risks involved and taking actions to reduce any loss the company may encounter. Being that indirectly we work with the Department of Defense, which as you knows is a department of the United States Government dealing with national security, a well-developed risk management plan is of the upmost importance. Without updating...

Words: 5009 - Pages: 21

Premium Essay

Explain The Five-Step Process Of Following The Oppsec

...With any type of threat especially one that may be eminent emotions and doubt will be uncontrolled and as the emergency manager it will be necessary to maintain a sense of practicality and composure. To maintain control and focus it would be essential to follow the OPSEC outlined by Maniscalco & Christen (2011) in the five-step process: 1. Identification of critical information: Critical information is factual data about an organizations intentions, capabilities and activities that the adversary needs to plan and act effectively to degrade operationally effectiveness or place the potential of organizational success at risk (Maniscalco & Christen, 2011). Part of the initial actions as emergency manager is to reaffirm the credibility of the threat with local law enforcement and the federal partners and perhaps identify additional critical information regarding the threat. 2. Analysis of the threat: To know as much as possible about each adversary and its ability to target the organization and to tailor the threat to that actual activity and to the extent possible (Maniscalco & Christen, 2011). The purpose of this step is focused on the possible severity of the actions and the impact once carried out. 3. Analysis of vulnerabilities: The analysis attempts to identify weaknesses...

Words: 1060 - Pages: 5

Premium Essay

Business

...BUSN300-1204A-02 Lower Division Capstone Assignment Name: Unit 5 Individual Project Deliverable Length: 4-5 body pages, 1 PERT chart, 1 Gantt chart Details: Using your current work organization (or an organization of interest) as the subject matter, research the elements of business and prepare an APA formatted paper that: • Analyzes the organization’s basic legal, social, and economic environments • Analyzes the organization’s managerial, operational, and financial issues including: o Project Management o Project Timelines o Critical Paths and Contingency Planning o Implementation Plan Contingencies o Staffing Needs and Tools o One Gantt Chart Example o One PERT Chart Example • Analyzes the impact of potential change factors and the impact on the functions of management There are so many issues that face business owners. Just to name a few are the basic supply and demand concerns when setting prices and hours of employees. Workers and potential injuries. Payroll, general book keeping, and employee benefits. The list goes on. I think one of the biggest areas that potential business owners neglect is legal advice because they precieve it as to expensive. Well there is a company out there that has made it affordable to small business owners so they can have access to the legal system and protect their investment. All About Project Management Project management is a carefully planned and organized effort to accomplish a successful project. A projectis a one-time...

Words: 2312 - Pages: 10

Premium Essay

Unit 5021 Operational Risk Management

...Level 5 Diploma in Management and Leadership Unit 5021 – Operational risk management CARE 4 ME Angela Jackson Content 1. Be able to understand the concept of risk management 2. Be able to understand the identification of risk and risk probability 3. Be able to understand the management of risk response approaches 1.Be able to understand the concept of risk management 1.1 - Discuss the meaning of risk to an organisation Good risk management awareness and practice at all levels is a critical success factor for any organisation. Risk is inherent in everything that an organisation does: treating patients, determining service priorities, project management taking decisions about future strategies or even deciding not to take any action at all. Risk management is the process of identifying, quantifying and managing the risks that an organisation faces. As the outcome of business activities are uncertain, they are said to have some element of risk. These risks include strategic failures, operational failures, financial failures, market disruptions, environmental disasters and regulatory violations. When it is impossible that companies remove all risk from the organisation, it is important that they properly understand and manage the risks that they are willing to accept in the context of the overall corporate strategy. The management of the company is primarily responsible for risk management, but the stakeholders; external auditor and other professionals...

Words: 3249 - Pages: 13

Premium Essay

Uniformed Services Unit 15

...the role of the organisations involved in planning for major incidents The purpose of emergency planning is to provide an integrated response to major incidents with a view to bringing about a successful end to an incident. Planning and preparation for emergencies and possible major incidents forms a large part of the work of the emergency services and other public services. Emergency plans are drawn up so that, in the event of a major incident, the public services can respond efficiently because they are prepared for it. In this assignment I will be explaining the main considerations when planning and preparing for major incidents and also the role of the organisations involved in planning for major incidents. When planning for an emergency personnel should; * Know their roles- This means that the person knows what they are required to do * Be competent to carry out the task- This means they are able to carry out their job efficiently and with little guidance. * Have access to resources- They have all the equipment they need to be able to do their job. * Have confidence in other responders- This means that everyone in the team has confidence that everyone in the team is competent at their role. When emergency planning is undertaken by category 1 responders, a great deal of thought is given to identifying possible risks. A risk is a hazard or threat that could cause serious harm to; * The community * Organisations * Individuals * The nation *...

Words: 3088 - Pages: 13

Premium Essay

Identifying Potential Risk, Response, and Recovery

...Assignment 2: Identifying Potential Risk, Response, and Recovery Emory Evans August 26, 2012 Dr. Robert Whale CIS 333 There are a myriad of potential threats and vulnerabilities that leave a system open to malicious attack, anytime you have a computer network that connects to the internet there is a potential for malicious attack so it is important that you know the vulnerabilities of a system to protect it from potential threats and malicious attacks. “A vulnerability is any weakness in a system that makes it possible for a threat to cause harm.” (Kim & Solomon, 2012, p. 96). There are several common vulnerabilities that exist within the seven domains of an IT infrastructure for example there is the lack of awareness or concern for security policy vulnerability in the User Domain as well as intentional malicious activity ( Kim & Solomon, 2012). Within the Workstation Domain there exists unauthorized user access, weakness in installed software, and malicious software introduced vulnerabilities, unauthorized network access, transmitting private data unencrypted, spreading malicious software, exposure and unauthorized access of internal resources to the public, introduction of malicious software, loss of productivity due to internet access, denial of service attacks, brute-force attacks on access and private data are all examples of vulnerabilities within the seven domains of IT infrastructure which are User, Workstation, LAN...

Words: 705 - Pages: 3

Premium Essay

Nist Cyber Security Frame Work

...©iStockphoto/Ljupco 36 June 2015 | practicallaw.com © 2015 Thomson Reuters. All rights reserved. The NIST Cybersecurity Framework Data breaches in organizations have rapidly increased in recent years. In 2014, the National Institute of Standards and Technology (NIST) issued a voluntary framework that is fast becoming the de facto standard for organizations to assess their cybersecurity programs. RICHARD RAYSMAN JOHN ROGERS PARTNER HOLLAND & KNIGHT LLP CHIEF TECHNOLOGIST BOOZ ALLEN HAMILTON INC. Richard’s practice concentrates on computer law, outsourcing, complex technology transactions and intellectual property. He has significant experience in structuring technology transactions and has represented clients in billions of dollars of outsourcing transactions in addition to litigating reported cases. Richard is a guest contributor to The Wall Street Journal on technology issues, and Chambers has selected him as a leading technology attorney. Prior to practicing law, Richard was a systems engineer for IBM Corporation. © 2015 Thomson Reuters. All rights reserved. John has extensive information security experience in a variety of industries including financial services, retail, healthcare, higher education, insurance, non-profit and technology services. He focuses on improving client cybersecurity programs, assessing these programs against industry standards, designing secure solutions and performing cost/benefit analyses. ...

Words: 4438 - Pages: 18

Premium Essay

Writing Essay Fema

...This Course Unit 1 Objectives Course Objectives Case Study: Tornado in Barneveld, Wisconsin Your Place in the Emergency Management System Case Study: Hazardous Chemical Release Activity: Where Do I Fit? Unit 2: Overview of the Principles of Emergency Management and the Integrated Emergency Management System Introduction and Unit Overview FEMA Mission and Purpose Response Authorities History Principles of Emergency Management Recent Changes to Emergency Planning Requirements Why an Integrated Emergency Management System? Emergency Management Concepts and Terms Partners in the Coordination Network Activity: Partners in the Coordination Network Emergency Management in Local Government Activity: Where Is Emergency Management in My Community? Unit 3: Incident Management Actions Introduction and Unit Overview Introduction to the Spectrum of Incident Management Actions Prevention Preparedness Response Activity: Response Operations Recovery Mitigation Unit 4: Roles of Key Participants Introduction and Unit Overview The Role of the Local Emergency Program Manager State Emergency Management Role How the Private Sector and Voluntary Organizations Assist Emergency Managers Federal Emergency Management Role The National Response Framework Activity: Emergency Management Partners Emergency Management Functional Groups Case Study: Emergency Management Coordination Unit 5: The Plan as a Program Centerpiece Introduction and Unit Overview ...

Words: 35531 - Pages: 143

Premium Essay

Informative

...hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT COPY 103 Graded Assignment Requirements 104 Unit 1 Discussion 1: Importance of Security Policies 105 Unit 1 Assignment 1: Security Policies Overcoming Business...

Words: 18421 - Pages: 74

Free Essay

International Shipping Management

...Assignment (Individual) Course: Diploma in Logistics Management Batch: DLM 12/42 Lecturer: Eddie Tan Module: International Shipping Management Submission Date: 20th May 2013 Name of Student: Teh Jin Hock Assignment Question: What risks and perils are present in global transportation? Discuss how exporters and importers can manage these risks. Table of Contents 1. Introduction 2. Potential Threats and Risks of Global Transportation 3. Manage the Risks 4. Conclusion 5. Reference Introduction Thanks to globalization, lean processes, and the geographical concentration of production, among other factors, supply chain and transport networks are more efficient than ever before. This increasing sophistication and complexity, however, is accompanied by increasing risk. Major disruptions in the past five years—including the global financial crisis, the Yemen parcel bomb scare, flooding in Thailand, and the Japanese earthquake and tsunami—have illustrated the vulnerabilities of finely tuned, closely interconnected supply chain and transport networks. Although risks have increased, there are concerns about the ability of organizations to address this new risk profile. As the recent , New Models for Addressing Supply Chain and Transport Risk, points out, most enterprises have logistics and transportation risk management protocols that can address localized...

Words: 1521 - Pages: 7

Premium Essay

Virus Attacks

...essential functions if information technology support is interrupted.” On average, over 40% of businesses that don't have a disaster plan go out of business after a major loss. What Is Contingency Planning? The overall planning for unexpected events is called contingency planning (CP). CP is the process by which organizational planners position their organizations to prepare for, detect, react to, and recover from events that threaten the security of information resources and assets, both human and artificial. The main goal of CP is the restoration to normal modes of operation with minimum cost and disruption to normal business activities after an unexpected event. CP Components Incident response plan (IRP) focuses on immediate response to an incident. Disaster recovery plan (DRP) focuses on restoring operations at the primary site after disasters occur. Business continuity plan...

Words: 3573 - Pages: 15

Premium Essay

Adms

...School of Administrative Studies Faculty of Liberal Arts and Professional Studies York University Fall 2013 Course Outline AP/ADMS 4552 3.0 Section A and B Information Systems Audit Term: Fall 2013 COURSE: AP/ADMS 4552 3.0 Sections A and B Information Systems Audit Schedule First day of class: Section A: Wednesday, September 11, 2013 11:30 AM – 2:30 PM, Location: HNE 030 Section B: Thursday, September 12, 2013 7:00 PM – 10:00 PM, Location: HNE 032 REQUIRED COURSE TEXT/READINGS: • Hall, James A., (2011), Information Technology Auditing, 3e, Mason: South-Western Cengage Learning (Referred to as “IT Audit Text” in the Readings List for each class) • Additional material as listed in the course outline. This includes articles referenced by links, readings from books that were required for prerequisite courses, cases and assignment details posted on our web site. • CICA Assurance Handbook, as available online from York University library, (referred to as “Handbook” in the Readings List for each class). Selected readings are from: [Note this book is available on reserve at the business library in the Schulich building if you do not have a copy.] • Arens, A., R. J. Elder, M. S. Beasley and I. B. Splettstoesser-Hogeterp. 2011. Auditing: The Art and Science of Assurance Engagements, Canadian 11th Edition, Pearson Prentice Hall: Toronto. (Referred to as “Audit Text” in the Readings List) References for the 12th Canadian...

Words: 3433 - Pages: 14

Premium Essay

Contingency Plan

...Contingency Plan Torey A. Shannon Dreamz Security Plan I. Overview 2.1 Objectives The operative objectives of this security plan is to provide employees with a safe and secure work environment that implements efficient security controls that protect the confidentiality of employees’ and clients information while employing efficient protocol to thwart and/or counteract potential security threats. To protect employees and clients from threats from unauthorized personnel and foreign agents, physical and technical security will be strategically placed within the organization through employee policy and technical support. Dreamz Incorporated will create security education, training, and awareness programs to further safeguard against potential threats and minimize loss from security intrusions. 2.2 Strategic Corporate Officers CEO - Raymond Williams (PH) 678-873-9087, (Email)Rwilliams@dreamz.org CIO - MarciaCamos (PH) 678-873-9088, (Email)Mcamos@dreamz.org CISO - James Korve (PH) 678-873-9089, (Email)Jkorve@dreamz.org 2.3 Information Security Governance Assignments CEO * Oversee Corporate Security policy * Brief board, customers, and public on corporate activities and policies. CIO, CISO * Set security policy, procedures, programs and training for the organization. * Respond to security breaches and coordinate independent audits. * Implement, enforce and access company’s security protocols. Site Managers ...

Words: 4878 - Pages: 20

Premium Essay

Risk Management Part Two

...include the following: Business Contingency Plan (BCP) Definition: “Business continuity planning (BCP) ‘identifies an organization's exposure to internal and external threats and synthesizes hard and soft assets to provide effective prevention and recovery for the organization, while maintaining competitive advantage and value system integrity’. It is also called business continuity and resiliency planning (BCRP). A business continuity plan is a roadmap for continuing operations under adverse conditions such as a storm or a crime,” (Business continuity planning, n.d.). 1. Analyze strategic pre-incident changes the company would follow to ensure the well-being of the enterprise: Notes: outline proactive suggestions that can be made in advance of potential risks actuating into disaster, e.g., training, drills, company policies and procedures and so forth. Create strategic pre-incident strategy that incorporates the following elements and considerations: • Identify potential risks for each IPC business operation in all its domestic and international locations. This identification process may include:  Potential risks may be inherent to the various IPC business operations. For example, refinery business operation inherent risks may include occupational hazards such as fires due to highly flammable chemicals. Another such example may include toxic chemical spills that may affect IPC stakeholders such as its employees, chain supply entities, residents living near such...

Words: 9611 - Pages: 39

Premium Essay

Tinab Ennett

...Disaster Recovery Plan Template By Paul Kirvan, CISA, CISSP, FBCI, CBCP Revision History |revision |date |name |description | |Original 1.0 | | | | | | | | | | | | | | Table of Contents Information Technology Statement of Intent 5 Policy Statement 5 Objectives 5 Key Personnel Contact Info 6 Notification Calling Tree 7 External Contacts 8 External Contacts Calling Tree 10 1 Plan Overview 11 1.1 Plan Updating 11 1.2 Plan Documentation Storage 11 1.3 Backup Strategy 11 1.4 Risk Management 11 2 Emergency Response 12 2.1 Alert, escalation and plan invocation 12 2.1.1 Plan Triggering Events 12 2.1.2 Assembly Points 12 2.1.3 Activation of Emergency Response Team 12 2.2 Disaster Recovery Team 13 2.3 Emergency Alert, Escalation and DRP Activation 13 2.3.1 Emergency Alert 13 2.3.2 DR Procedures for Management 14 2.3.3 Contact with Employees 14 2.3.4 Backup Staff 14 2.3.5 Recorded Messages / Updates 14 2.3.7 Alternate Recovery Facilities...

Words: 4679 - Pages: 19