Premium Essay

Computer Security Management

In:

Submitted By vishaljindal
Words 4051
Pages 17
CSE 4482 Computer Security Management: Assessment and Forensics

Introduction to Information Security

Instructor: N. Vlajic,

Fall 2010

Learning Objectives
Upon completion of this material, you should be able to:


Define key terms and critical concepts of information security. List the key challenges of information security, and key protection layers. Describe the CNSS security model (McCumber Cube). Be able to differentiate between threats and attacks to information. Identify today’s most common threats and attacks against information.



• •



Introduction
“In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid, …, information security is no longer the sole responsibility of a small dedicated group of professionals, …, it is now the responsibility of every employee, especially managers.”

http://www.businessandleadership.com/fs/img/news/200811/378x/business-traveller.jpg http://www.businessandleadership.com/fs/img/news/200811/378x/businesshttp://www.koolringtones.co.uk/wp-content/uploads/2010/01/mobile-phones.jpg http://www.koolringtones.co.uk/wp- content/uploads/2010/01/mobile-

Information Technology
• Information Technology – enables storage and transportation of information from one business unit to another in many organizations, information is seen as the most valuable asset

• Information System – entire set of data, software, hardware, networks, people, procedures and policies necessary to use information as a resource in an organization each of 7 components has its own strengths, weaknesses, and its own security requirements

Information Technology (cont.)

Information Security
Security = state of being

Similar Documents

Premium Essay

Computer Updating and Security Management

...Computer Updating and Security Management Once again the IT Administrators have asked to clarify certain points to them on the implementation of the new network being installed. This takes in account that they know the basics of Server 2008 for windows, and have some knowledge working it. Let us then answer their questions on computer updating and security management. The first thing to address is the software and service Microsoft Server 2008 had in place for centralized updates. IT has a program called WSUS that allows all updates to be centralized from one place. It allows update support for a lot of computers up to 100,000, which leaves more than enough room for the school to grow. Since the main office will be the center I would set up a standard Hierarchy of WSUS (Moskowitz, n.d.). An upstream server which is located in the main office will approve and deploy the updates. The downstream server would be located at the school site. They will download the updates from the upstream server and parceled out to the computers/clients allowed. This will be a good fit for updates that are deemed unnecessary or not wanted by the organization and easily managed from a central location. The security measures in place will be of course IPSec. The communications from the main office to the school will be using Layer Two Tunneling Protocol or L2TP (Freelancer, 2008). This will ensure a secure connection at the highest possible setting. Group policies will be in place in order to...

Words: 591 - Pages: 3

Premium Essay

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own Organizations...

Words: 93588 - Pages: 375

Premium Essay

Case Study Data Breaches and Regulatory Requirements

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer...

Words: 1570 - Pages: 7

Premium Essay

The Handbook

...Technology Technology Administration U.S. Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . ....

Words: 93564 - Pages: 375

Premium Essay

Maximum Security in Database Management

...Maximum Security in Database Management Maximum Security in Database Management Rackspace Introduction In the current world there people and organization experience un-eventualities and risk of their confidential information. My organization, Rackspace, is a hosting and cloud system organization. For this company it is vital that information is stored in data bases that are run by organizations, locally hosted on personal computers. Intruders can access this information if it is not properly secured. Therefore the purpose of this study is to inform about the current savvy technologies that can be applied to completely thwart intruders from accessing such delicate information within Rackspace. Part 1: Project Identification and Business Environment For this project to go on in a smooth and effective manner different individuals must carry on certain specified task. For Rackspace, this means that every person must hold on to a responsibility to properly and pursue it to the end. Some of the responsibilities are interdepended and other are depended. In case of an interdependent responsibility there will be a proper communicated channel of events that will ensure that information is traversed from one source to another to smoothen up events. Therefore, the following a list of responsible individuals who will implement the process of securing the database of an organization. Company Chief Executive Officer Responsible for overseeing the success of...

Words: 3927 - Pages: 16

Premium Essay

Vut2-Rtft Task 1

...UVT2-RTFT Task 1 Competency 427.2.4: Advanced Social Engineering William J. Lawson MS Information Security & Assurance - 5/1/13 Student ID:000311942 My Mentor: Mary Gordon c: 317-448-3045 Indianapolis, IN - Eastern Time wlawson@my.wgu.edu[->0] A. Create a memo discussing how you believe the intruder gained access to the company's network using social engineering. Incident Memo to Management Recently The Company was a victim of a Social Engineering (SE) attack, perpetrated by an unknown entity. Social Engineering is a method used by confidence men (con-men) to acquire information through human interaction that will be used to support a cyber attack. It often involves some form of trickery. In this case a supervisor assigned to handle customer complaints received an email from a suspected customer claiming that one of the products listed on the website was incorrect. The email also included a URL to the web page in question. I suspect that the attacker acquired the Supervisor's email address by first contacting the customer support desk and posing as disgruntled customer. Once the customer (attacker) stated his/her complaint to the employee and the employee responded the customer pretended that he was not satisfied and stated to the employee that his complaint was not completely satisfied. He then asked the employee for the supervisor's name, and contact information. In order to satisfy the customer the employee provides the...

Words: 1996 - Pages: 8

Premium Essay

Computer Systems Security

...Michael Anderson Principles of Info Security Professor Corey Jackson Outline In order for a company to be successful it needs to ensure that the security of its network is up to par and can protect the data from 2.0 Incident-Response Policy for Gem Infosys. |Gem Infosys Policy Sections | |1.0 |Identification of Incidents/Threats | | |Gem Infosys incident-response policy requires that every personnel including the Information Security Office (ISO), report suspicious| | |activity during system usage, or while conducting a proactive monitoring of the organization’s network and information system | | |activities (Yale University Policy, 2012; SANS Institute, 2001). Reports will be done via incident reporting system tickets which | | |shall be sent to the authorized individuals or departments. | | |Symptoms of Computer Security Incidents; | | |System alarm from incorporated intrusion detection tools | | |Unsuccessful login attempts ...

Words: 1040 - Pages: 5

Premium Essay

Research Topic of Interest

...requirement. Thank you. ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Faculty Use Only ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Dr. Randy Brown Annotated Biographies Oreku, G. S., & Li, J. (2009). End user authentication (EUA) model and password for security. Journal of Organizational and End User Computing, 21(2), 28-43. Retrieved from http://search.proquest.com.proxy1.ncu.edu/docview/199920202?accountid=28180 This article proposes an End User Authentication flexibility model to form a set of services that will constitute a flexible authentication model for a modern computing systems or infrastructure. This method would provide multiple authentications that will enable suppliers access a particular network system with varying levels of guarantee. It describes a simple three level ticket system used by clients and servers to achieve prevention of...

Words: 2303 - Pages: 10

Premium Essay

Aircraft Solutions

...SOLUTIONS SE571 Principles of Information Security and Privacy Phase II Course Project Company Overview Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Located in Southern California, AS has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company's workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. AS will help the customer through all phases of new product deployment, from initial prototypes through final large-volume production and assembly. By involving itself in all phases of customer product development, AS hopes to establish long-term relationships and secure repeated follow-on business with its customers. In addition, AS continues to invest heavily in workforce education and training, so as to improve capability to serve its customers. Security Vulnerabilities Overall the network has...

Words: 1895 - Pages: 8

Premium Essay

Principles of Security 5th Edition Chapter 1 Review Questions

...the difference between vulnerability and exposure? Vulnerability is a weakness is a system that leaves the system open to attacks. Exposure is the known vulnerabilities that make a system weak and open to attacks without protection. 3. How is infrastructure protection (assuring the security of utility services) related to information security? If the infrastructure of a network is exposed and accessible to anyone this leaves the network vulnerable to damage both to hardware and software. The infrastructure must be protected to allow only authorized user to have access to the network. 4. What type of security was dominant in the early years of computing? Physical security. 5. What are the three components of the C.I.A. triangle? What are they used for? Confidentiality, Integrity and availability are the three components of the C.I.A triangle. They are used as a standard for computer security. 6. If the C.I.A. triangle is incomplete, why is it so commonly used in security? The C.I.A triangle provides a basic standard of what is needed to keep information secured. 7. Describe the critical characteristics of information. How are they used in the study of computer security? Availability ensures that only authorized user have access to information. Accuracy makes sure that the date it has no errors. Authenticity ensures that the data is genuine. Prevents unauthorized user from have access to information. Integrity ensures that information is not damaged...

Words: 829 - Pages: 4

Premium Essay

Case Study: Rainier Health And Fitness

...tool called Report Security. This tool allows for the segregation of employee access based on hiring status. Employees who are full-time have the highest level of access. This means that they are able to see and edit members personal and financial information. The contractors and volunteers have read only access. Furthermore, these employees only have access to the rights for checking members in and out. As a security precaution, the menus and links to access the other parts of the system are removed from the application...

Words: 1746 - Pages: 7

Free Essay

Password Security

...Password Security And Other Effective Authentication Methods [pic] Table of Contents Introduction 1 User Accounts 1 Account and Password Policy 2 Password Attacks 4 Authentication Methods and Password Management 5 Public Key Infrastructure 6 Single Sign-On (SSO) 6 One-Time Password (OTP) Tokens 7 Biometrics 7 Fingerprints 7 Face Scans 7 Retina Scans 7 Iris Scans 7 Palm Scans 8 Hand Geometry 8 Heart Patterns 8 Voice Pattern Recognition 8 Signature Dynamics 8 Keystroke Patterns 8 Password Managers 8 Conclusion 9 Bibliography 10 Introduction Human beings are arguably the weakest link in computer and information security. People pose such a significant threat to their own computer networks and personal information simply because they don’t keep password security in the forefront of their mind. This is one of the reasons passwords are considered a poor security mechanism. Still, passwords are the most common method for user authentication on computer systems and websites. Passwords are so easily hacked and used to steal personal information such as bank account credentials, credit card numbers, etcetera, contributing to the significant growth of identity theft, most of which could be prevented by using strong passwords and not writing them down. End user education on more secure authentication methods such as strong password creations and two factor authentication can help to improve cyber security for all organizations...

Words: 2777 - Pages: 12

Premium Essay

Cyber Security

...CYBER SECURITY INTRODUCTION It is also known as “Computer Security or IT security”. It is applied to the security of computer, computer network and the data stored and transmitted over them. Today the computer system are used in wide variety of “smart devices, including Smartphone’s,  televisions and tiny devices as part of the Internet of Things, and networks include not only the Internet and private data networks, but also Bluetooth, Wi-Fi and other networks. Computer security covers all the processes and mechanisms by which digital equipment, information and services are protected from unintended or unauthorized access, change or destruction and the process of applying security measures to ensure confidentiality, integrity, and availability of data both in transit and at rest. There are the various elements of the cyber security which are as: 1. Application Security 2. Information Security 3. Network Security 4. Mobile Security 5. Internet Security 6. Cyberwarfare One of the most problematic elements of cybersecurity is the quickly and constantly evolving nature of security risks. The traditional approach has been to focus most resources on the most crucial system components and protect against the biggest known threats, which necessitated leaving some less important system components undefended and some less dangerous risks not protected. "The threat is advancing quicker than we can keep up with it. The threat changes faster than our idea of the risk. It's no longer...

Words: 3559 - Pages: 15

Premium Essay

Contract Management Course Project 3

...Future Tek, Inc.’s resume, technical capabilities and pricing information. Copyright © 1998 by Ann Poe Future Tek, Inc. has been in the Information Technology for a total of 11 years. During those years we’ve dealt mainly with the integration of new information technology systems into Financial based institutions. We are looking to not only expand our services to other industries outside of banking. After reviewing the bid solicitation information provided, we believe that we will make a good candidate for this opportunity. If awarded this contract, Future Tek, Inc.’s is able to provide all information technology related services that are needed for this project. These include but are not limited to Computer Systems Security Analysis, Computer Systems Analysis, Desktop Support, Help Desk Support, IT Operations...

Words: 2807 - Pages: 12

Premium Essay

Best Ever

...Salix Pharmaceuticals Security Policy Introduction The Salix Pharmaceuticals Security Policy Template is for the use of creating a strong security policy. Each sub policy contains a title with a description and a brief summary of what the certain section will contain. The purpose of the security policies is to ensure that Salix Pharmaceuticals is safe and under strong commands. The Salix Pharmaceutical Security Policy should be reviewed when new materials and changes are to be preceded amongst this company. Scope Salix Pharmaceuticals security policy will keep the company running for years if followed by the procedures. Following the sub policies will lead to a successful company that will be ran smooth and processed like no other company. Antivirus, encryption, passwords, and backups will protect this company like no other before. Purpose Salix purpose for the security template is to have the company, employees, managers, assistant manager, and volunteer’s, and temporary follow all these policies to make the company operate under a easy and fast pace. By making this policy the company should be protected from several things and kept up to date on every policy. Employees should obey this policy and read over every so often in case changes and updates are needed to be added. Acceptable Use Workers must report any signs of violation and a misunderstanding of the policies. Workers are not allowed to access any information they do not have the authority to look...

Words: 1087 - Pages: 5