...Maintaining Information Security CMGT-400 Assurance and Security 5-25-2013 Maintaining Information Security Maintaining the security of information couldn’t have been said any clearer than by Lindsey Walker of InfoSec Island, when in 2010 she wrote an article about sensitive information becoming breached. She said “Preventing information security breaches needs to become a main priority for any company when handling both customer and company information”. Sharing information has become much easier than in previous years, from the widespread mainstream use of USB thumb drives or the constant urge to share some secret news or research on Twitter and other social media. The need for a company to constantly review and update their information security policy periodically has never been greater than now. Security Policy An Information security policy should be written in a way that defines how digital information should be protected and accessed by all company employees. Most information that is used to define the Information Security Policy can be gathered by first running a risk analysis report. These reports look at your business model and create a data structure that can be used to inform a company about where their greatest risks are within the company and around the entire work place. Certain “must-have” check boxes for items that should be included in an information security policy are Acceptable Use Policy, Wireless Policy, Email Policy, and Encryption Policy. These are just...
Words: 1928 - Pages: 8
...Discussion 1: Importance of Security Policies The important part of deployment is planning. It’s not possible to plan for security, however, until a full risk assessment has been performed. Security planning involves developing security policies and implementing controls to prevent computer risks from becoming reality. The policies outlined in this paper are merely guidelines. Each organization is different and will need to plan create policies based upon its individual security goals and needs: The discussion of tools and technologies in this paper is focused on features rather than technology. This emphasis allows security officials and IT managers to choose which tools and techniques are best suited to their organizations' security needs. Developing Security Polices and Controls A company's security plan consists of security policies. Security policies give specific guidelines for areas of responsibility, and consist of plans that provide steps to take and rules to follow to implement the policies. Policies should define what you consider valuable, and should specify what steps should be taken to safeguard those assets. Policies can be drafted in many ways. One example is a general policy of only a few pages that covers most possibilities. Another example is a draft policy for different sets of assets, including e-mail policies, password policies, Internet access policies, and remote access policies. Two common problems with organizational policies are: 1. The policy is a...
Words: 432 - Pages: 2
...1: Importance of Security Policies There can definitely be a problem if an organization has no Internet use policy. Having all of the internet sites available can lead to many problems. The first of the problems is possibly downloading malware. If a user downloads a third-party software from the internet, for example, it could contain malicious code that could damage the system and/or infect the network. Another problem I see is having access to personal email accounts through the internet, as people could easily use these and transfer sensitive data to them from a personal email account, thus taking the data off-site which could potentially be used against the organization. An issue with external devices, is similar to Internet usage policy, in that the user can use this external device, like a Universal Serial Bus (USB) to take company data and copy it onto the drive which can be taken off-site , as well as potentially downloading third-party data to the drive that may contain malware. An Employee Identity policy is necessary for companies so that there is some sort of authentication necessary to log into the computers and not just anyone can access them. An example of an Employee Identification would be a Common Access Card (CAC) that has a pin associated with it, or more common, a username and password that must meet a certain complexity (ex. 16 characters minimum; 1 special character minimum). Computer use policy kind of goes alongside the Internet use policy and...
Words: 331 - Pages: 2
...Abstract This document will briefly discuss the need and methods of patch management, the importance and considerations of a written business security policy and cross-platform security. Contents Table of Contents 1 Abstract 2 Contents 2.1 Table of Contents 2.2 Table of Figures 2.3 List of Tables 3 Patch Management 3.1 Patch Management Defined 3.2 Patch Management Applications 3.3 Patch Management Scripting 4 The Written Business Security Policies 4.1 Importance of the Written Business Security Policy 4.2 Considerations of Creating the Written Business Security Policy 5 Cross-Platform Security Configurations 6 Conclusion Table of Figures Figure 1: Windows to Linux Authentication List of Tables Table 1: Patch Management Applications Patch Management Patch Management Defined Over the years common security practices have evolved. With these practices the view on patch management has evolved as well. Just a few years ago the common mentality regarding patches was to install and forget. Many systems were deployed and left to their own, few were ever updated. With the rise of worms and malicious code such mentality is no longer accepted. With the new threat levels comes a new focus on patch management. In today’s network environment different methods of deploying and managing patches exist. Networks are unique, like fingerprints, most often no...
Words: 890 - Pages: 4
...Effective Information Security Requires a Balance of Social and Technology Factors EffEctivE information SEcurity rEquirES MIS Uarterly a BalancE of Social and tEchnology xecutive factorS1,2 Q E Tim Kayworth Baylor University (U.S.) Dwayne Whitten Texas A&M University (U.S.) Executive Summary 2 Industry experts have called for organizations to be more strategic in their approach to information security, yet it has not been clear what such an approach looks like in practice or how firms actually achieve this. To address this issue, we interviewed 21 information security executives from 11 organizations. Our results suggest that a strategically focused information security strategy encompasses not only IT products and solutions but also organizational integration and social alignment mechanisms. Together, these form a framework for a socio-technical approach to information security that achieves three objectives: balancing the need to secure information assets against the need to enable the business, maintaining compliance, and ensuring cultural fit. The article describes these objectives and the security alignment mechanisms needed to achieve them and concludes with guidelines that can be applied to ensure effective information security management in different organizational settings. INFORMATION SECURITY HAS BECOME A STRATEGIC ISSUE Information security continues to be a major concern among corporate executives. The threat of terrorism,...
Words: 7959 - Pages: 32
...4 ASSIGNMENT 1 IT SECURITY POLICY FRAMEWORK To purchase this visit here: http://www.activitymode.com/product/cis-462-wk-4-assignment-1-it-security-policy-framework/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 462 WK 4 ASSIGNMENT 1 IT SECURITY POLICY FRAMEWORK CIS 462 WK 4 Assignment 1 - IT Security Policy Framework Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework. You may create and / or assume all necessary assumptions needed for the completion of this assignment. Write a three to five (3-5) page paper in which you: 1. Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization. 2. Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations. 3. Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework. More...
Words: 793 - Pages: 4
...Unit 2 Assignment: Security Policy Implementation Beth A. Grillo, MHA, CPC-A July 19th, 2016 IT540-01: Management of Information Security Dr. Kenneth Flick Kaplan University Table of Contents Unit Two Assignment: Security Policy Implementation 3 Part 1: Step 29 3 Part 1: Step 36 3 Part 3: Step 33 4 Part 3: Significance of Strict Password Policy 5 Reference 6 Unit Two Assignment: Security Policy Implementation Part 1: Step 29 Part 1: Step 36 Part 3: Step 33 Part 3: Significance of Strict Password Policy When attempting to protect company information it is important to utilize strict password policies. According to a Guest Contributor on TechRepublic (2006), the need for “an effective password policy is to prevent passwords from being guessed or cracked”. According to Coconut Daily (2013), “Weak passwords are extremely vulnerable to cracking techniques such as a brute force attack, in which a cracker uses an automated tool to try every single possible password or key until the correct one is found. Brute force techniques are extremely effective at cracking short passwords or passwords in a limited search space (such as those based off a dictionary word)”. For example, when working in a medical practice the information being protected is patient personal information. The password policy needs to be strict according to the HIPAA laws. The personal information within the patient’s medical record requires strict password protection. If the...
Words: 297 - Pages: 2
...Information Systems Security Akilah S. Huggins University Of Phoenix CMGT/400 August 11, 2014 Maintaining Information Systems Security Introduction With the growing development of information systems and networks, security is a main concern of organizations today. The fundamental objectives of information systems security are privacy, integrity, and accessibility. The foundation of organization's security lies in planning, creating and actualizing proper information systems' frameworks' security strategy that adjusts security objectives with the organization's requirements. In this paper the objective is to describe the importance of policies and standards for maintaining information systems security. Specifically, the paper include the discussion of the role employees—and others working for the organization to maintain the information systems security. Also the position paper aim to examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy. Thesis Statement The aim and objective of the underlying paper is to analyze and evaluate the phenomena of maintaining information system security. Importance of Policies and Standards for Maintaining Information Systems Security. Information system security policies primarily address threats. The policies and the tactics...
Words: 1235 - Pages: 5
...Security Policy for McBride Financial Services Introduction to Information Systems Security Management CMGT 441 December 06, 2011 Security Policy for McBride Financial Services The following document was developed to respond to a request by McBride Financial Services for a security policy based perceived needs associated within the loan department and issues in implementing online loan applications (OLA). The security policy will address the current need along with any issues that may arise with their online loan application process. The majority of McBride’s customers are comprised of an affluent demographic of professionals, families looking to purchase a home, and retiree’s requesting mortgages (University of Phoenix, 2005). McBride’s customer base is largely well educated individuals who generally keep an eye on personal information and financial records and would most likely be aware of any unauthorized changes. Therefore, it is of extreme importance that McBride Financial secures this data. The areas included in the security policy for the loan department will include the following: • Physical Security Policy • Account Access Controls Policy • Data Backup Policy • Non-Compliance Policy The implementation of electronic key cards will be recommended to McBride as a source of control in the physical security area. This will restrict employees only to have access to areas they are authorized to be in. Any employee accessing an unauthorized area of the...
Words: 596 - Pages: 3
...IMPORTANCE OF INFORMATION TECHNOLOGY SECURITY Importance of IT Security Table of Contents Introduction .................................................................................................................................................. 2 e-commerce Trends ...................................................................................................................................... 2 Risks .............................................................................................................................................................. 4 Cost of Cybercrime........................................................................................................................................ 6 Prevention Steps ........................................................................................................................................... 7 Conclusion ................................................................................................................................................... 10 References .................................................................................................................................................. 11 1 Importance of IT Security Introduction For the business professional information technology (IT) security is of upmost importance. The reliance that companies have on information systems in conducting everyday business transactions has facilitated the need...
Words: 1863 - Pages: 8
...Hytema is a global aerospace, defense, and security corporation specializing in Department of Defense (DoD) systems that provide aeronautics, electronic systems, information systems and space systems solutions. We will provide a brief overview of the current state of the defense contracting sector and the cyber security threats and policies that govern it. We will also examine the classes of data that the defense contractor must protect and the potential cyber defense technologies that could be implemented in a prioritized strategy to secure that information. This briefing will also provide the priorities for legal and policy compliance amongst Defense contractors. Because Hytema is a Defense contractor the organization must work closely with the Federal Government causing them to adopt many of their policies and regulations. The most strategic and informative policy is the Federal Information Security Management Act (FISMA). All departments and agencies are required to coordinate and cooperate with the Department of Homeland Security as it carries out its cybersecurity responsibility actives as noted in the Office of Management Budget (OMB) (Dhs.gov, 2015) 2. Social Importance 2.1 Effects on society of the sector Defense contractors contribute to a very large part of what is deemed as societal importance in today’s society, however they are often overshadowed. Defense contractors that work for the Department of Defense within the cyber technology sector take...
Words: 1094 - Pages: 5
...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...
Words: 18421 - Pages: 74
...this exploitation, companies subject themselves to lawsuits from their own customers. These companies often are ignorant of the simple fact that they have been exploited until customers report the issues to these companies and corporations. Many times, more than thirty days goes by before someone alerts the company of a possible security breech. Cost of an electronic exploit can be greater than a million dollars per incident as reported by the FBI. This information is found in the FBI’s (Federal Bureau of Investigation) report of cyber threats in the United States. In order to help counterbalance this, smaller to midsized companies could spend less than $5,000 to harden their systems and operating systems to put a statefull firewall in place. As stated in this paper, these companies often lack the resources, materials and funds to do so. With the FBI report showing reported incidents, there are thousands of incidents that go unreported. Often these incidents are yet to be discovered. With this number of small to mid-size corporations ignoring or slowly implementing security measures, more and more electronic computer crimes are beginning to take place throughout the U.S. With extortion now moving into the digital age, many corporations do not report intrusions to law enforcement in order to avoid negative publicity. Reports of an intrusion could directly have a negative effect on the company’s sales and position in a global competitive market. Approximately 35% of...
Words: 2166 - Pages: 9
...Research the following questions and then discuss the questions with your classmates on the forum: * What is the purpose of security policies, and why do organizations need clear and concise policies for the proper use of employer-owned equipment and services? * What is the importance of an effective acceptable use policy (AUP) for a user and an employer? Be sure to include examples from your research to substantiate your responses. Participation Requirements: Discussion forums improve the online learning process by allowing students to engage in meaningful discourse. You can increase your participation grade by following these guidelines: * You should post your responses to the above questions and then respond to a minimum of two of your classmates' posts. Take a position on each question and justify your opinion on the basis of the textbook, the lesson, documents found in the ITT Tech Virtual Library, and your personal or professional experience. The quality of your submissions is a critical element in the evaluation process. Your submissions should not be of the type that state "I agree" or "Good post" as these responses neither have substance nor give any new information for a productive discussion. * If possible, share your own subject-related job experience. Remember, the goal is to learn from the experience of others. * Post your initial reply earlier in the week to maximize the opportunity for thoughtful exchanges between you and your classmates...
Words: 534 - Pages: 3
...both Scotland and France not for security, rather because he felt secure enough to do so. Even Richardson concedes to some extent, despite the title of his article being Eternal Peace, Occasional War. He argues that by the end of the reign Francis could no longer compete for glory after Henry had clearly gained the greater amount in war. The imbalance meant there could be no more ‘Eternal peace’, so relations continued to be cold at best, hence the swift reconquest in 1550 after Henry had died. Given this evaluation, the idea of glory at least towards the end of the reign, being credited through war, seems more legitimate. Whilst it had a role to play in peacetime, the withdrawal from foreign diplomacy in 1546 strongly suggests that the glory he had achieved in war was unparallelled...
Words: 1588 - Pages: 7