...Kaplan University Lab 2 The three most common risk/threats/vulnerabilities that are commonly found in the user domain are: The “domain enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges” (CVE, 2013), If the domain user logs into the domain with a space at the end of the domain name it will cause an error and wont accurately download a system policy (CVE, 2013), and the domain user or admin have a guessable password in Windows NT (CVE, 2013). In the first article it discusses the use of USB devices in the workplace. USB’s are used for transporting data from one computer to another. These allow for business requirements to be reached at a faster pace but they also pose a number of security challenges. Those challenges may be “disgruntled workers, careless users and malicious individuals” (Couture, 2009, p. 6). Ways to migrate this issue is by gluing shut the ports, disable USB ports in BIOS, prevent users from installing a USB device by denying permission on files called usbstor.pnf and usbstor.inf, making USB ports read only, disable USB ports in Group Policy, or disable Autorun (Couture, 2009, p. 11). In the second article it discusses the vulnerabilities of the BIOS. The BIOS performs power up test amongst the hardware components and memory and without this program the computer wouldn’t know what to do after it was turned on. The BIOS can be accessed by the use of backdoor passwords, cracking the BIOS password, deleting the contents...
Words: 1760 - Pages: 8
...Delores Patton Intro to Security 1-27-14 Unit 5 Assignment 2 Define and Acceptable Use Policy(AUP) An acceptable use policy (AUP) is the policy that companies used to ensure that a user must agree to follow in order to be provided with access to a network or to the Internet. LAN-to- WAN is when the network system links to a wide area network and internet. Security Administrators should monitor what users are accessing on the network, setup firewalls, apply antiviruses to identify unknown files and emails, disable pinging, probing, and port scanning on all exterior devices, and denial of outbound traffic using source IP addresses. Web Surfing is accessing the internet using different web browsers. As a Security Administrator, you should apply domain-name content filtering at the internet entry/access point. By doing this, employees might not be able to surf certain web sites on the internet. The advantage of not having access to the internet is that it could prevent the network from getting viruses and the employees will only be allowed to use the company accounts to send out emails to customers. The disadvantage of this is what if an employee is trying to assist a customer by answering a question that they need to access the internet to answer. As Richman Investment employees, guidelines to usage of email are covered under email usage policy. The following traffic is not allowed: No peer-to-peer file sharing or externally reachable file transfer protocol...
Words: 379 - Pages: 2
...Written Assignment 2 Thanks to an earlier incident in which an employee allowed malicious software to infect the servers, it has been decided to implement a stricter policy in regards to what employees are allowed to access and do with their workstations. Three other company’s policies will be compared and used to help define the policy, ending with an AUP describing said policy. The first company’s AUP that will be analyzed is Iowa Network Service’s AUP (http://support.netins.net/AUP.shtml). In it, subjects such as what costumer’s are not allowed to do with the services are detailed, such as forbidding the use of illicit material, and using the services provided for criminal activity. It also details a “Remote Service Support” in which netINS can help customers with their problems, provided they have been given proper permission and said technician is qualified. Also included is a policy for idle connections, which will be disconnected in the event they are idle for 20 minutes. The second company to be compared is Tellurian Network’s AUP (http://www.tellurian.com/usagepolicy.asp). TN promises to never sell customer information to third parties to prevent the spread of spam emails, something it considers extremely damaging to the internet’s integrity. A “No-Busy Signal” policy is a major part of the company’s AUP, in which they assure the costumer that they will order more phone lines as capacity reaches max, though they do include that there are rare situations where busy signals...
Words: 501 - Pages: 3
...Investments ACCEPTABLE USE POLICY Information Security Policy Number 12345 Effective 10/15/2013` I. Introduction An Acceptable Use Policy (AUP) is an organization-wide policy that defines what is allowed and what is not allowed regarding use of Information Technology (IT) assets by employees. The following policy is to be followed by all employees of Richman Investments, authorized individuals, vendors, and contractors who use any information technology (IT), electronic, or communication devices owned and/or provided by Richman Investments for the purpose of assisting them with their job-related duties. Access to the Internet is a privilege and all employees must adhere to the policies regarding computer, email, and Internet usage. Violation of these policies will result in disciplinary and/or legal action that may include counseling, revocation of company devices, termination of the employee, and legal action. II. Roles and Responsibilities Every employee must acknowledge that they have received a copy of the AUP and confirm that they have a complete understanding and agree to abide by the rules set forth in the AUP. Receipt and signing of the AUP will occur at Employee Orientation, and in the event of changes to the policy, a revised AUP must be signed. III. Policy Directives A. Acceptable Use Management Requirements A Standard Operating Procedure (SOP) will be established to support the development and maintenance of this AUP. Richman Investments’...
Words: 747 - Pages: 3
...Questions 1. Define an SLA and state why it is required in a risk adverse organization. A SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of business and formulation of disaster recovery. 2. Using the user domain, define risks associated with users and explain what can be done to mitigate them. The user domain has several risks involved, as people are involved and there is no way employees can be monitored without the use of CCTV, Social engineering a person trying to obtain information through malicious means. The greatest tool in mitigating risk in the user domain is training and reminders for users to be aware of their surroundings. No acceptable users policy, AUP, or lack of training employees on the correct usage of the network. User accounts left active, if the employee is terminated, and another employee has the log on credentials. Mitigation would to be disabling all user accounts upon termination. 3. Using the workstation domain, define risks associated within that domain and explain what can be done to reduce risks in that domain. The use of USBs or disk, the files could contain viruses and infect other files or applications on the network. No acceptable users policy, AUP, or lack of training...
Words: 462 - Pages: 2
...Acceptable Use Policy or AUP is a written policy and an agreement that defines what is allowed and not allowed to be used by employees regarding the use of internet. Here at Richman Investment are giving you, the employees the details and what the policy entails. The use of the Internet is a privilege, not a right, and inappropriate use will result in a cancellation of those privileges. The purpose of the internet resources is to help employees in the performance of their job related functions and not for personal usage. Each employee that is given privileges will have to comply with the company’s policy. Internet usage should be conducted for the company business only. Internet use creates the possibility of virus attacks or allowing any unauthorized people to get into our system with the potential of accessing company’s confidential information. The use of personal internet must be limited and only to be used for web based emails only with the approval of your Supervisor or Manager. Under no circumstances may Company network to be used on Social networking such as Facebook, or video viewing such as you tube, pornographic, or any unethical use. These websites will be restricted and prohibited for viewing. Doing so can lead to disciplinary action up to and including termination of employment. Like the internet, email should also be for Company purposes only. Any employees are not allowed to send personal emails using Company email...
Words: 576 - Pages: 3
...IS4550: Security Policies and Implementation Mr. Shane Stailey Edy Ngou Date: 09/20/2015 Lab week 1: Organization Wide Security management AUP worksheet ABC Credit Union Acceptable Use Policy Policy Statement The acceptable Use Policy is to ensure compliance with laws such as the Gramm-Leach-Bailey Act (GLBA) and the Federation trade commission (FTC). This policy is also to assist the Credit Union ensuring information technology (IT) security best practices with regard to it associates. Purpose / Objective The purpose of ABC Credit Union’s acceptable use policy is to define requirements for Credit Union acceptable use policies, and define the acceptable and unacceptable uses of computer equipment, internet / intranet / extranet related systems, and email by ABC Credit Union associates in the performance of their duties. This policy requires that all Credit Union electronic information systems be used for Credit Union business with minor exceptions. These rules are in place to protect the associates and ABC Credit Union. These objectives of this policy are: * To keep the business process in a high working order in order to achieve the maximum amount of profit gained. * To keep morale law, so that employees are constantly being replaced. Scope This policy applies to associates, contractors, consultants, and other workers at ABC Credit Union, including all personnel affiliated with third parties. Also this policy applies to all...
Words: 461 - Pages: 2
...Acceptable Use Policy or AUP is a written policy and an agreement that defines what is allowed and not allowed to be used by employees regarding the use of internet. Here at Richman Investment are giving you, the employees the details and what the policy entails. The use of the Internet is a privilege, not a right, and inappropriate use will result in a cancellation of those privileges. The purpose of the internet resources is to help employees in the performance of their job related functions and not for personal usage. Each employee that is given privileges will have to comply with the company’s policy. Internet usage should be conducted for the company business only. Internet use creates the possibility of virus attacks or allowing any unauthorized people to get into our system with the potential of accessing company’s confidential information. The use of personal internet must be limited and only to be used for web based emails only with the approval of your Supervisor or Manager. Under no circumstances may Company network to be used on Social networking such as Facebook, or video viewing such as you tube, pornographic, or any unethical use. These websites will be restricted and prohibited for viewing. Doing so can lead to disciplinary action up to and including termination of employment. Like the internet, email should also be for Company purposes only. Any employees are not allowed to send personal emails using Company...
Words: 307 - Pages: 2
...Unit 5 Assignment 2: Define an Acceptable Use Policy (AUP) Acceptable Use Policy Richman Investments holds requirements for the usage of the company network including filtering policies for network traffic. LAN – WAN is where the IT infrastructure links to a wide area network and internet. For Security (Administrators and Managers) - Security monitoring controls for intrusion - Apply email server and attachment antivirus and email quadrating for unknown file types - Disablement for ping, probing, and port scanning on all exterior IP devices - Denying of outbound traffic using source IP addresses - Apply file transfer monitoring, scanning and alarming for unknown file types Web Surfing is the usage of the internet browsing a series of web browsers For Security (Administrators and Managers) - Apply domain-name content filtering at the internet entry/access point - Employees may lose productivity while searching web for no work related material Cons putting a limitation to web surfing may cause the employee to lack independence of finding information. What if they need to look up an answer to a customers’ question and has to find it on the web? Pros not using the internet could prevent a wide variety of viruses and the company is only allowed to use their company accounts to send out emails to customers. Guidelines to usage of email are covered under email usage policy Richman Investment Employees: Certain traffic is expressly forbidden: - No peer-to-peer file...
Words: 339 - Pages: 2
...Impact of a Data Classification Standard | Unit 1 Assignment | Domain This Domain is where only one user will have entrance to it. This can be configured to internal usage only. By default, the IT department tries to sustain a certain level of Security for this, so that nobody can enter from the outside, only the IT Department may grant access privilege for Remote Access. The User Domain will enforce an acceptable use policy (AUP) to define which user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the safekeeping of the environment. 2. LAN Domain The Local Area Network Domain is a group of computers that are all connected to a single LAN domain. The LAN Domain is a collection of computers connected to each another or to a common medium. All LAN domains have data closets, physical elements of the LAN, and logical elements as designated by authorized personnel. It involves strong security and access controls. This domain can access company-wide systems, applications, and data from anyplace within the LAN. The LAN support group is in control of maintaining and securing the domain. The biggest threat to the LAN domain is an Un-authorized access to anything on the network. For example: LAN, the systems, and data. One thing we can do is require strict security protocols for this domain, such as disabling all external access ports for the workstation. This would cause a no access...
Words: 358 - Pages: 2
...Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 2 General Security Concepts “The only real security that a man can have in this world is a reserve of knowledge, experience and ability.” —HENRY FORD In this chapter, you will learn how to ■ Define basic terms associated with computer and information security ■ Identify the basic approaches to computer and information security ■ Distinguish among various methods to implement access controls ■ Describe methods used to verify the identity and authenticity of an individual ■ Describe methods used to conduct social engineering ■ Recognize some of the basic models used to implement security in operating systems 20 P:\010Comp\BaseTech\619-8\ch02.vp Wednesday, November 09, 2011 2:01:20 PM I n Chapter 1, you learned about some of the various threats that we, as security professionals, face on a daily basis. In this chapter, you start exploring the field of computer security. Color profile: Disabled Composite Default screen BaseTech / Principles of Computer Security: CompTIA Security+™ and Beyond / Wm. Arthur Conklin / 619-8 / Chapter 2 ■ Basic Security Terminology The term hacking has been used frequently in the media. A hacker was once considered an individual who understood the technical aspects of computer operating systems...
Words: 16889 - Pages: 68
...Digital Citizenship in K-12: It Takes a Village Randy Hollandsworth, Lena Dowdy, and Judy Donovan Students will require awareness that online behaviors can impact people within their immediate circle of friends but also outside of that circle. Abstract Digital citizenship encompasses a wide range of behaviors with varying degrees of risk and possible negative consequences. Lack of digital citizenship awareness and education can, and has, led to problematic, even dangerous student conduct. If our educational village does not address these issues, the digital culture establishes its own direction, potentially pushing a productive, long-term solution further out of reach. By tapping into the experience of various practitioners and experts in the field this article provides the reader with a number of suggestions that can help the professional to help their students become better digital citizens. Keywords: Digital Citizenship, School Library Media A ccording to Wikipedia (2010), the Nigerian Igbo proverb, “Ora na azu nwa”, translates as “it takes a village to raise a child” (Proverb Question section, para. 6). Whether this popular phrase derives from international cultures or from one’s own experiences in life, it provides a framework for our schools and society to meet a cultural shift in a global society. Creating awareness and enhancing digital citizenship in our society could best be assessed as having reached a pivotal point. Weigel, James...
Words: 6973 - Pages: 28
...resources on another system or on a network. This usually happens when a PC attempts to access a printer across the network. * Processes- A process is most commonly a subject when an application process requests low-level access to the file system. * Applications- An application is a subject when it needs to access external resources such as a printer or the network. *A technology subject doesn’t have a username & password the way a human subject might, but it does have the same authorized, unauthorized, or unknown status. P.6 2) A well-defined access ctrl system consists of 3 elements: *Policies- Rules developed by someone with a strong knowledge of the organization, its assets, goals & challenges. *Procedures- Nontechnical methods used to enforce policies. *Tools- Technical methods used to enforce policies. *Organizations typically use procedures & tools together to enforce policies. P.5 3) The purpose of access ctrl is to regulate interactions between a subject which is usually, but not always, a human user, and an object such as data, a network, or device. The key difference between the subject and the object is passivity: the subject acts upon a passive object. There are 3 key components of access ctrl: identification, authentication, & authorization. P.16 4) Confidence in any authentication system can be measured by 2 components: the type...
Words: 2358 - Pages: 10
...Network Security | Jevon Wooden ISSC341: Introduction to NetworkingProfessor Belkacem KraimecheAmerican Military University7/13/2012 | | What is network security? According to Cisco, Network security refers to any activities designed to protect your network. Specifically, these activities protect the usability, reliability, integrity, and safety of your network and data. Effective network security targets a variety of threats and stops them from entering or spreading on your network. (What is network security?, para. 2) This essay will discuss how network security works, threats against network security, the importance of network security being properly designed, monitored, and tested, and the future trends of network security and global implications. In order to understand the definition of network security, an analysis of what threatens your network and the countermeasures to stop them needs to be obtained. It also needs to be understood that no network is 100% “hackerproof”. Your job is to make things difficult by designing a network that is hardened and ready for cyber warfare. Before going too far into the design and hardening aspect, let us discuss threats that wage war upon your network. The first type to be considered are insider threats which can range anywhere from an untrained user downloading media off the Internet that have viruses, to a disgruntled employee looking to corrupt or steal confidential information to sell it. Internal threats pose as a significant...
Words: 3481 - Pages: 14
...Guidelines for Secure Use of Social Media by Federal Departments and Agencies Information Security and Identity Management Committee (ISIMC) Network and Infrastructure Security Subcommittee (NISSC) Web 2.0 Security Working Group (W20SWG) Version 1.0 September 2009 This document is publicly releasable Intended Audience This document is intended as guidance for any federal agency that uses social media services to collaborate and communicate among employees, partners, other federal agencies, and the public. Note: The Federal CIO Council does not endorse the use or imply preference for any vendor commercial products or services mentioned in this document. Guidelines for Secure Use of Social Media by Federal Departments and Agencies Page 2 TABLE OF CONTENTS INTENDED AUDIENCE............................................................................................................................................2 REVISION HISTORY ................................................................................................................................................4 ACKNOWLEDGEMENTS ........................................................................................................................................5 EXECUTIVE SUMMARY .........................................................................................................................................6 RISKS ......................................................
Words: 7347 - Pages: 30
