Free Essay

Computer Security Assessment

In:

Submitted By kanishkajain99
Words 550
Pages 3
Answer a) The MPS is a very large organisation which employs over 50,000 people. A dedicated “solution” is needed for-
• Keeping the records of the employees.
• Limited access to data from the database.
• Automatic upgradation as promotions and demotions of employees takes place.
• A single, unique and effectively managed identity repository to help reduce cost and save time.
RBA approaches are accepted as strong and efficient technologies for access control.

Answer b) If MPS is to strengthen user authentication then biometric techniques will bring a definite improvement by increasing the level of security and being cost effective. That’s because biometric techniques are the authentication methods that use one or more intrinsic physical or behavioural characteristics for recognising an individual. So, there is no question of forgetting passwords or access by some other person by steeling password of the authentic person.

Current biometric systems use the enrolment process. This process has a risk of an attacker gaining access to the stored template. If once the biometric measurements are stolen then it is impossible to change the owners’ physical characteristics. So, there is need for template free biometric techniques which is free from templates which stores pre-captured data for comparison before authentication is achieved. This will reduce unauthorised access to confidential information and fraudulent information authoring.

Answer c) Biological identity contains data that uniquely describes an entity with means of biometric techniques whereas Digital Identification is about recognising individuals based on either “what you have” or “what you know” (Wayman.,2008 )

For the Police Computer Crime Unit both of these authentication means can be used. Since the cases are highly sensitive, more secured identification processes are needed. Computer crimes are Hi-Tech crimes. Because there is a large increase in the number of offenders committing this crime, so it is necessary by an officer will be able to use multiple identities, using digital identity. On the other hand, full proof security is ensured by biological identity because it provides secure access.

The role of signed X.509 certificate is to enable the Certification Authority to give receiver of certificate a means through which it can trust not just the public key of the certificate's subject, but also that other information about the certificate's subject.

Answer d) The use of PKI client/server authentication which provides Confidentiality, Integrity and Authenticity (CIA) by the MPS in this context is justified.
PKI is a framework for creating a secure method for exchanging information based on public key cryptography (Al-Khouri & J.Bal , p 361). The exchanged information and management of public keys normally occur through the use of Certification Authorities (CA) (Weise, p 8).
PKI is the only practical mechanism which capably provides strong and efficient security. If the key is kept private and if properly installed then PKI is unbreakable.
For trusting cryptographic techniques Cross Certification should be considered. RSA provides the CIA environment and access control. It uses two keys- Public Key, known to every one and Private Key, known to owners only.

Reference List:

James L. Wayman, 2008, Biometrics in Identity Management Systems, Published by IEEE computer Security.

A.M. Al-Khouri and J.Bal of Wawick University, UK. Journal of Computer Science. Pg 361.

Joel Weise of SunPSSM Global Security Practice. Public Key Infrastucture Overview. Pg 8-10.

Similar Documents

Premium Essay

Threat Assessment

...Threat Assessment Robert Nassar SEC 440 February 20, 2012 Threat Assessment When conducting an assessment to a company’s information or (computer) security system, the person or personnel must determine all possible risks that may threaten a company’s security. Risk as defined by OHSAS (Occupational Health & Safety Advisory Services) is the product of the probability of a hazard resulting in an adverse event, times the severity of the event the possibility of losing something. With this being said an assessment needs to include the possibility of loss, and how to minimize the risk of loss or the manageable way to contain all possible risks. To determine what types of risks a company maybe associated with is an on going process since in the cyber world new viruses, worms and thousands of different types of spyware are created everyday, the system must be monitored daily. Vulnerability is the potential point of attack, such as a computer without a password to access the system, which makes the system vulnerable to unauthorized access to the system. If a password was installed to the system it can reduce the risk of unauthorized access. While conducting an assessment one can understand the vulnerabilities and the difficulty of exploiting vulnerability, with a result in containment and deterrence of such a threat, with priority of such threats as a guideline. Depending of the level of threat, the vulnerability of access to a company’s information can be analyzed from high...

Words: 1457 - Pages: 6

Premium Essay

Healthy Body Wellness Center

...HEALTHY BODY WELLNESS CENTER, OFFICE OF GRANTS GIVEAWAY HEALTHY BODY WELLNESS CENTER OFFICE OF GRANTS GIVEAWAY SMALL HOSPITAL GRANTS TRACKING SYSTEM INITIAL RISK ASSESSMENT PREPARED BY: WE TEST EVERYTHING LLC Jerry L. Davis, CISSP, Sr. Analyst EXECUTIVE SUMMARY .......................................................................................................... 4 1. INTRODUCTION..................................................................................................................... 7 Background ............................................................................................................................................................... 7 Purpose .....................................................................................................................................................................7 Scope ........................................................................................................................................................................7 Report Organization..................................................................................................................................................8 2. RISK ASSESSMENT APPROACH ........................................................................................ 9 2.1 Step 1: Define System Boundary ....................................................................................................................9 2.2 Step 2: Gather Information...

Words: 10420 - Pages: 42

Free Essay

Is404 Week 1 Lab

...Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong 2. Why would you add permissions to a group instead of the individual? It is more resourceful and less time consuming. 3. List at least 3 different types of access control permissions available in Windows. Full Control, Modify, Execute, Read, Write 4. What are the least permissions that you need in order to view the contents of a folder? Read, so the user has access to any file on the system that they are entitled to, but they are not able to make any changes. 5. What are other available Password Policy options that could be enforce to improve security? Enforce password...

Words: 1093 - Pages: 5

Premium Essay

Cmgt/441

...Data Security Issues/Concerns Data security is “the method of keeping data protected against corruption as well as not authorized accessibility” (SpamLaw, 2011), having the main aim being the security of private and company data through secrecy. With the huge increase of the Internet and electronic commerce (E-commerce), data protection is a lot more significant because of the potential for hackers, viruses, as well as malware. Current Specifications By analyzing data security in relation to Riordan, it's clear that almost no or none in any respect is present. Riordan’s data protection has a wide variety of haphazard and unorganized systems which contain sensitive data; but, not any of these systems are connected, nor are any of them up-to-date with regard to memory, speed, as well as processing power. In addition to that, worker information including payroll data, finished coaching, and situations related to complaints as well as harassment, are cataloged using Microsoft Excel that has got no real safety measures apart from a meager password protection alternative. In addition to that, hardcopy files of organization, worker, and customer information are saved in manager’s offices which are just protected by a wooden door (Apollo Group, 2004). Recommendations Because of a terrific lack in data protection features, the following suggestions are recommended: technique as well as risk evaluation, update on physical protection parts, and perform computer system and...

Words: 540 - Pages: 3

Premium Essay

Is4550 Lab 9

...Risk-Threat-Vulnerability IT Security Policy Definition Unauthorized access from Public Internet Acceptable Us Policy User Destroys Data in application and deletes all files Asset Identification and Classification Policy Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability Assessment and Management Policy Intra-office employee romance gone bad Security Awareness Training Policy Fire destroys primary data center Threat Assessment and Management policy communication circuit outages Asset Protection Policy Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy Unauthorized access to organization owned Workstations Asset Management Policy Loss of production data Security Awareness Training Policy Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy Remote communications from home office Asset Protection Policy LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy User downloads an unknown e-mail attachment Security Awareness Training Policy Workstation browser has software vulnerability Vulnerability Assessment and Management Policy Service provider has a major network outage Asset Protection Policy Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management Policy User inserts CDs and USB hard drives with personal photos...

Words: 616 - Pages: 3

Premium Essay

Security Issues and Procedures in Communication Networks

...SECURITY ISSUES AND PROCEDURES OF COMMUNICATION NETWORKS Student’s Name Institutional Affiliation Currently prompt evolution in computer communications linked to terminal-based, multi-operator systems, and in computer networks. Almost all these arrangements interconnect process, keep important data that is consider reserved or patented by their possessors and managers, or that should be protected from illegal access as a requisite of the law. Additionally, telecommunication systems, connected terminals, communication processors, and computers should be safeguarded from invaders who may strive to modify programs or files in the system, or to interrupt the facilities offered. The above threats are existent, as it is not challenging to interrupt communications in telecommunication systems, and the probability of connecting illegitimate terminals or computers into the scheme with the aim of “managing" the usual terminal-computer network, or making the system inaccessible to others. The security of such systems against the several dangers encompasses identification, and verification of the individuality, organized right to use to computers and their databases, and shelter of the information being carried in the telecommunication system. Related to every threat is various conceptual, along with technical challenges and a diversity of solutions. Local area network (LAN) refers to an assembly of PCs and other devices spread over a reasonably limited area and linked by a communications...

Words: 3002 - Pages: 13

Premium Essay

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own Organizations...

Words: 93588 - Pages: 375

Premium Essay

Authentic Assessment Project

...Authentic Assessment Project By Jaime Galvan CMIT 320 Introduction Global Distribution, Inc. (GDI) would benefit from having an internal IT department rather than outsourcing. Several policies can be put in place in order to reduce the risk of computer attacks. By having an internal IT department any attacks can be dealt with immediately rather than depending on a third party to inform on the situation. The protection of the customer’s information should be the highest priority next to the company’s files. GDI Roles and Responsibilities The CSM will be responsible for the network and all its components in GDI. The staff will consist of 11 personnel who will assist in this endeavor. Policy Directives Information Security Policy Policy Information security is the protection of information from threats in order to ensure business continuity, minimize business risks, and maximize business opportunities. GDI information security program is managed by the Computer Security Manager (CSM). The CSM ensures that an acceptable level of information security is achieved. Information Security is not the purview of any one functional group and requires the cooperation of all. Members of the workforce are responsible for the information and assets that they receive, store, utilize and transmit. (Louis, 2014) Security Management Guidelines Guideline The CSM will provide the following services to GDI 1. Will be the computer security manager for GDI 2. The create...

Words: 1859 - Pages: 8

Premium Essay

Security Assessment

...Security Assessment for JLJ Information Technology Group By John Jacobs Table of Contents Company Description 3 Management Controls 3 Operational Controls 4 Technical Controls 5 Concerns and Recommendations 6 Conclusion 7 References 8 Company Description JLJ Information Technology Group helps organizations of all sizes to successfully do business online. Their complete portfolio of technology services drives business effectiveness and profitability for many customers not only in the United States but also around the world. The breadth of their offering extends from helping small businesses build an online presence through to managing the complex technology environments of large enterprises and governments including Internet domain name services, critical web hosting, online brand protection and promotion, video content delivery, application development services, managed cloud and security services and more. JLJ IT Group’s culture of integrity, innovation, collaboration and customer centricity has been built by its large team of passionate professionals that have been delivering managed online services since 2001. The customers range from small businesses to Fortune 500 companies and internationally recognized government organizations. Here at JLJ IT Group they design, build and manage software enabled Cloud and Mobile Solutions for large Corporate and Government organizations...

Words: 2610 - Pages: 11

Premium Essay

Wgu Fyt2 Task3

...HEALTHY BODY WELLNESS CENTER, OFFICE OF GRANTS GIVEAWAY HEALTHY BODY WELLNESS CENTER OFFICE OF GRANTS GIVEAWAY SMALL HOSPITAL GRANTS TRACKING SYSTEM INITIAL RISK ASSESSMENT PREPARED BY: WE TEST EVERYTHING LLC Jerry L. Davis, CISSP, Sr. Analyst EXECUTIVE SUMMARY .......................................................................................................... 4 1. INTRODUCTION..................................................................................................................... 7 Background ............................................................................................................................................................... 7 Purpose .....................................................................................................................................................................7 Scope ........................................................................................................................................................................7 Report Organization..................................................................................................................................................8 2. RISK ASSESSMENT APPROACH ........................................................................................ 9 2.1 Step 1: Define System Boundary ....................................................................................................................9 2.2 Step 2: Gather Information...

Words: 10420 - Pages: 42

Free Essay

Secuiirty

...Running head: SECURITY ASSESSMENT AND RECOMMENDATIONS Security Assessment and Recommendations for Quality Web Design Mike Mateja October 9, 2011 Submitted to: Dean Farwood SE571 Principles of Information Security and Privacy Keller Graduate School of Management 1 SECURITY ASSESSMENT AND RECOMMENDATIONS 2 Table of Contents Executive Summary ............................................................................................ 3 Company Overview............................................................................................. 4 Security Vulnerabilities ....................................................................................... 4 Hardware Vulnerability: Unrestrained Components .................................................................. 4 Software Vulnerability: Unsecure Wireless Access Points .......................................................... 6 Recommended Security Solutions ....................................................................... 7 Hardware Solution: Physical Restraints ...................................................................................... 7 Impact: Hardware Solution ..................................................................................................... 8 Budget: Hardware Solution ..................................................................................................... 9 Software Solution: Configuring the Wireless access points for security ............

Words: 2829 - Pages: 12

Premium Essay

Conduct Online Transactions

...Conduct online transaction Assessment 2 TSL – Transport layer security: a set of rules or protocol for secure communication, so sites that use TLS require users to enter a password to log in, and if valid password is entered all subsequent information is sent via an encrypted channel Password authentication – every user of a site is given a unique user name and password, therefore unauthorised users who attempt to access the site with incorrect passwords will be denied entry, so the first line of defense against breaches of security and privacy Anti-virus programs – need to be installed on all computers and servers and should be updated regularly to avoid data and to be destroyed or stolen Secure payments – can be organised by banks or other payment processing organisations and instruct an organisation how to establish the necessary systems to provide end-to-end encryption of customer credit card or bank account information between the customer’s computer, the organisation’s website and the bank or payment processing service Firewall – designed to ensure that only authorised and legitimate information can come into and go out of computer Security certificates – are issued by licensed certification authorities and once seen confirm that valid security certificates are in place Encryption – protects information by changing it into a coded language that appears to be nonsensical and cannot then be read of they are intercepted Fingerprint recognition devices – automated...

Words: 1109 - Pages: 5

Premium Essay

Impact of Legislation on Organization

...$170 million (Lewis). General Keith B. Alexander, head of the National Security Agency recently stated, “there has been a 17-fold increase in computer attacks on American infrastructure between 2009 and 2011, initiated by criminal gangs, hackers and other nations (Sanger).” These attacks are being carried out just for the hell of it, or governments are seeking out highly skilled individuals for the purpose of gaining knowledge or trying to gain access to other countries infrastructure for harm. Recently the United States government has been pushing for more laws and policy concerning cyber attacks. The Cybersecurity Act of 2012 is designed to create a system of guidelines that protect the critical infrastructure of the country, both public and private. The Department of Energy would be one such organization that would be affected by the passing of this act. In sec 244 of the 2011 Cybersecurity Proposal it states that: the Secretary shall protect federal systems from cybersecurity threats by carrying out a cybersecurity program. That program includes the need for risk assessment, including threat, vulnerability, and impact assessments, and penetration testing, on federal systems (Proposal). The Department of Energy has a similar adaptation of that in its Cybersecurity Program; it states the need to tailor cyber security protections based on risk assessments to cost-effectively reduce information security risks (DOE O 205.1B). With this aspect of the law the...

Words: 845 - Pages: 4

Premium Essay

Security Plan Basics

...To perform a security plan, a full risk assessment has to be performed. This involves developing security policies and implementing controls to prevent computer risks from becoming reality. Risk assessment is a very important part of computer security planning. It provides a baseline for implementing security plans to protect assets against various threats that could occur in all of the seven domains of IT infrastructure. The User Domain is the weakest domain, therefore measure need to be taken to reduce the chance that user’s activity can bring down a system unknowingly or knowingly. A mandatory Computer Security training will need to be implemented in order to educate the users on the proper use of work computers. Train the users to use their machine properly and can effectively cut down on mistakes that can leave systems vulnerable to attacks. Also, there will be restriction to user’s ability to bring in and corrupt data using CDs, DVDs, and USB drives. Remote Access Domain, with the condition that the users are off sites, it is hard to know if their password has not been compromised. In cases where data is accessed without proper authorization, data should be completely encrypted to prevent sensitive materials from being presented to the open market. To prevent unauthorized people from logging onto the system, password delay and or denial after several tries should be implemented. Also, real time lock out should be implemented. Workstation Domain, the problem associated...

Words: 433 - Pages: 2

Premium Essay

The Handbook

...Technology Technology Administration U.S. Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . ....

Words: 93564 - Pages: 375