Premium Essay

Information Security Evaluation

In:

Submitted By cocolo
Words 615
Pages 3
Information Security Evaluation
CMGT 441
June 16, 2014

Information Security Evaluation Introduction In today's age where technology is constantly developing and shifting faster than most individuals can recognize, one feature stand dependable is company resources. Of these resources, none seems more significant in the age of instant media than information. Safeguarding information can be crucial to a failure or achievement of the company.
Around 2008 to 2009, a consortium of security specialists from the United States government, private industry, and international organizations generate a list of the 20 most critical security controls against threats on the Internet. Transferred in 2013 by SANS Institute the list is to assist network administrators with the most developed Internet security faults (SANS Institute, 2000-2014). This list was intended for network administrators who are flooded with the security threats that are revealed day by day and not known where to begin. Some software defenselessness is because most effective strikes on computer systems because attackers are opportunistic, and take the simplest path by utilizing the most weaknesses in the systems with extensively accessible attack tools. Hackers rely on individuals and organizations not correcting the faults and frequently attack unsystematically by scanning the cyberspace for defenseless systems.
According to SANS Institute (2000-2014), "the present 20 Critical Security Controls are;
1) Inventory of Authorized and Unauthorized Devices
2) Inventory of Authorized and Unauthorized Software

3) Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers
4) Continuous Vulnerability Assessment and Remediation
5) Malware Defenses
6) Application Software Security
7) Wireless Device Control
8) Data Recovery

Similar Documents

Premium Essay

Information Security Article Evaluation

...Information Security Article Evaluation CMGT 441 August 12th, 2013 Information Security Article Evaluation In today’s era where technology is always improving and moving forward faster than most people realize one thing stand consistent, company assets. Of these assets none seem more important in the era of “information highway” or “instant media” than information. Protecting information can be the key to a failure or success of a company. A group of security experts from government, industry, and academia put together a list of the 20 most critical security threats on the Internet. Released in 2001 by the Bethesda, Md.-based System Administration, Networking, and Security Institute (SANS), the list is to help network administrators steer clear of the most exploited Internet security flaws (Savage, June 2000). According to (Savage, June 2000) "The main message we're trying to deliver is that there are a few vulnerabilities that are comprising the vast majority of attacks and attempted attacks that we're seeing," said Jim Magdych, research manager at PGP Security, a division of Network Associates Inc., Santa Clara, Calif., and a project participant.” This list is for network administrators who are inundated with the security risks...

Words: 975 - Pages: 4

Premium Essay

Information Security Article Evaluation

...Information Security Article Evaluation CMGT/441 July 10, 2013 Confidentiality As I was looking on the internet trying to locate a website to write my paper about, an article from Consumerreports.org got my attention. The article was about social media privacy. In June 2012, Consumerreports.org posted an article called “Facebook & your privacy: (Who sees the data you share on the biggest social network”), which attempts to explain and give several reasons how your privacy is being violated by social media. The article has some great points but also had many facts that made me question its validity. The article in Consumerreports.org talks a lot about how Facebook is sharing all of your information and how confusing its privacy controls are. For example, part of the article states that Facebook has many privacy controls, but good luck trying to understand them. A new study by (Siegel &Gale 2012), New York-based consultants, finds that Facebook’s and Google’s privacy policies are tougher to comprehend than the typical bank credit card agreement or government notice. There is some untruthfulness in that because I am an avid Facebook user. Finding the privacy controls are very easy but it does take a little time to decipher what you need to do to make your profile private. I think Facebook...

Words: 898 - Pages: 4

Premium Essay

Informative

...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...

Words: 18421 - Pages: 74

Premium Essay

A Risk Analysis for Information Security and Infrastrucure Protection

...A Risk Analysis for Information Security and Infrastructure Protection Special Topics in Criminology and Criminal Justice Columbia Southern University January 03, 2012 A Risk Analysis for Information Security and Infrastructure Protection OBJECTIVE The sole purpose for performing a risk analysis for IT systems is to ensure businesses and or organizations, whether small or large to accomplish its missions by better securing the IT systems that store, process, or transmit organizational information. The primary function of risk analysis is to identify and correct the vulnerabilities and threats of an IT system. It enables management to make well-informed risk management decisions and justify the spending that is part of an IT budget. This also assists management in authorizing or accrediting the IT systems based on the performance results of a risk analysis. TARGET AUDIENCE Risk analysis will encompass a basic guide for experienced and inexperienced, technical and non-technical personnel who support or use risk analysis for their IT systems. This will included a detail listing and job description of personnel based on the National Institute of Standards and Technology (NIST) research: Senior management and mission owners make decisions about the IT security budget, and they ensure the implementation of risk management for agency systems and the security provided for the IT systems. The Designated Approving Authority (DAA) is responsible...

Words: 1308 - Pages: 6

Premium Essay

Risk Assessment

...vulnerabilities of, an information system, and the potential impact that the loss of information or capabilities of a system would have on national security or your company's bottom line. Identifying threats To identify threats, look at the organization, the guardian organization and the business/nation. At each one level, focus the risk by inquiring as to whether an assailant can represent a danger. Does somebody have the inspiration to endeavor a helplessness? Is there a background marked by effective endeavor? Does somebody have a past filled with focusing on your industry? An alternate approach to distinguish dangers is to consider the properties the association may have: divulgence (trading off radiations, capture, dishonorable support techniques, programmers); interference (tremor, flame, surge, malignant code, power disappointment); adjustment (information passage blunders, programmers, noxious code); decimation (force spikes, fire, characteristic catastrophes); and evacuation (burglary of information or frameworks). To focus vulnerabilities, utilize the grid to meeting staff, audit past security occurrences, and analyze review and framework records and framework documentation. Contact merchants for reports of known framework vulnerabilities, check counseling Web locales and search for security issues by utilizing computerized apparatuses. Utilizing the grid, what vulnerabilities exist in the association's physical regions as connected to data security? Investigate discoveries...

Words: 1345 - Pages: 6

Premium Essay

Information Technology/Network Security Threats

...password, policy, to educate the users. SECURITY CONSIDERATIONS IN THE INFORMATION SYSTEM DEVELOPMENT LIFE CYCLE. Each information security environments unique, unless modified to adapt to meet the organization’s needs. The System Development Life Cycle (SDLC) the system development life cycle starts with the initiation of the system planning process, and continues through system acquisition and development, implementation, operations and maintenance, and ends with disposition of the system. Service decisions about security made in each of these phases to assure that the system is secure. The initiation phase begins with a determination of need for the system. The organization develops its initial definition of the problem that solved through automation. This followed by a preliminary concept for the basic system that needed, a preliminary definition of requirements, and feasibility and technology assessments. Also during this early phase, the organization starts to define the security requirements for the planned system. Management approval of decisions reached is important at this stage. The information developed in these early analyses used to estimate the costs for the entire life cycle of the system, including information system security. An investment analysis determine the appropriate strategy for achieving the system requirements, while taking mission needs and budget constraints into account. Expenditures for security before the system built. It is difficult...

Words: 1444 - Pages: 6

Premium Essay

The Rookie Chief Information Security Officer

...WEEK 10 TERM PAPER “The Rookie Chief Information Security Officer” Terri Cooks Professor Parker SEC 402 June 15, 2014 Part 1: Organization Chart When looking at the many different roles within the management of any organization’s security program there are some titles that stand out. One would be the CISO. The CISO is the executive whose responsibility is to maintain entire security backbone, both physical and digital. In an article written for the Sans Institute by Matthew Cho, “CISO Roles and Responsibilities: According to the latest information, almost sixty percent of the organizations in the United States acknowledge the existence of a CISO dedicated entirely to security (Ware). Responsibilities for these individuals include ensuring proper protection for all physical and technical aspects of the organization. Technical aspects ranging from securing communications, applications, and business systems to performing risk assessments of IT assets exposed to outsiders on the Internet. Physical aspects including non-electronic factors such as physical site access as well as drafting policies and procedures for secure daily operations. Along with overseeing the organization’s physical and technical security implementation, CISOs are also responsible for security management activities. These activities may include training others for security awareness, purchasing security products, planning for and managing disaster recovery, developing secure business and communication...

Words: 4742 - Pages: 19

Premium Essay

Risk Assessment

...with a sight to making inter-risk comparisons for purposes of their control and prevention. Information technology, as a technology with the fastest rate of development and application in all branches of business, requires adequate protection to provide high security. The focus of the safety analysis applied on an information system is to recognize and evaluate threats, vulnerabilities and safety characteristics. IT assets are uncovered to risk of harm or losses. IT security includes protecting information stored electronically. That protection implies data integrity, availability and confidentiality. According to“Risk Assessment of Information Technology Systems” (2009) risk assessment is the most critical part of Information Security Management (ISM).  Risk Management and Risk Assessment involves analysis, planning, implementation, control and monitoring of implemented measurements, and Risk Assessment, as part of Risk Management. It involves several processes: · Risk identification, · Relevant risk analysis, · Risk evaluation The main purpose of Risk Assessment is to make a choice whether a system is acceptable, and which measures would provide its acceptability. For every organization using IT in its business process it is important to conduct the risk assessment. Numerous threats and vulnerabilities are presented and their identification, analysis, and evaluation enable evaluation of risk impact, and proposing of suitable measures and controls for its mitigation on the...

Words: 742 - Pages: 3

Premium Essay

Aircraft Solutions

...Introduction According to information reviewed as part of this project, Aircraft Solutions is a recognized leader and highly respected equipment and component fabrication company. Aircraft Solutions provides full spectrum design and implementation solutions to multiple industries including the electronics, aerospace, commercial, and defense industries. In addition to the background information presented in the course assignment, additional information on geographic layout, business process, and IT architecture were presented. With the information provided, and based on additional research, the primary objective in this assessment was to identify the possible presence of vulnerabilities within the overall framework of Aircraft Solutions operations. Based on the presence on weaknesses, an evaluation of the associated threats was conducted, followed by an analysis of any risks that may be present and potential outcomes. Overview Three areas of potential security weaknesses in Information Technology (IT) for Aircraft Solutions, or any company are hardware, software, and IT policy. In terms of hardware, the provided Network Architecture Map detailed that Aircraft Solutions lacks a firewall between the Commercial Division and the Internet, while all other branches of the company are protected through a firewall in one manner or another. This is a significant vulnerability to the entire system. For Software, Aircraft Solutions uses a Business Process Management System (BPM)...

Words: 1847 - Pages: 8

Premium Essay

Health Body

...Y Information security management system/vlt2-task2 Student Name University Affiliation Information security management system/vlt2-task2 Health Body Wellness Centre (HBWC) is a health facility that sponsors and encourages medical evaluation, research and dissemination of information among health care experts. At HBWC, the department of Office Grants Giveaway is mandated with to distribute medical grants that are supported by the federal government. The Office of Grants and Giveaways achieves the process of medical funding circulation using Microsoft Access database system that is normally referred to as the Small Hospital Tracking Systems (SHGTS). A risk assessment of a small hospital tracking system was carried out to investigate susceptibilities and ascertain the standard of possible risks. This white paper will present an outline of an Information Security Management System (ISMS) for the Health Body Wellness. Further, the paper will make suggestions of supplementary procedures necessary for implementation and maintenance of this plan. This paper will also apply ISO certification 27000 processes to present an architectural frame for the ISMS. The ISMS plan will employ the Plan-Do-Check-Act (PDCA) model of management to provide a methodical process of strategizing, executing and coordinating. The ISMS plan, design and recommend producers will be deliberated further down. A1. Business Objectives Identification of business elements is a critical step that needs to...

Words: 1139 - Pages: 5

Free Essay

With the Development of Technology, More and More Robots Are Used in Various Fields,

...University of Mumbai B.E Information Technology Scheme of Instruction and Evaluation Third Year -Semester VI Scheme of Instructions Sr. Subjects Lect/ No 1 Information and Network Security Middleware and Enterprise Integration Technologies Software Engineering Data Base Technologies Programming for Mobile and Remote Computers Information Technology for Management of Enterprise TOTAL Week 4 Scheme of Examinations Theory T/W Practical Oral Total Hours Marks Marks Marks Marks Marks 3 100 25 -25 150 Pract/ Week 2 Tut/ Week -- 2 4 2 -- 3 100 25 -- 25 150 3 4 5 4 4 4 2 2 2 ---- 3 3 3 100 100 100 25 25 25 --25 25 25 -- 150 150 150 6 4 24 10 1 1 3 -- 100 600 25 150 -25 25 125 150 900 INFORMATION AND NETWORK SECURITY CLASS T.E. ( INFORMATION TECHNOLOGY) HOURS PER LECTURES : WEEK TUTORIALS : PRACTICALS EVALUATION SYSTEM: THEORY PRACTICAL ORAL TERM WORK : SEMESTER VI 04 -02 HOURS 3 ---- MARKS 100 25 25 1. Introduction What is Information Security? Security Goals. 2. Cryptography Crypto Basic, Classic Cryptography, Symmetric Key Cryptography: Stream Ciphers, A5/1, RC4, Block Ciphers, Feistel Cipher, DES, Triple DES, AES, Public Key Cryptography: Kanpsack, RSA, Defiie-Hellman, use of public key crypto- Signature and Non-repudiation, Confidentiality and Non-repudiation, Public Key Infrastructure, Hash Function: The Birthday Problem, MD5, SHA-1, Tiger Hash, Use of Hash Function. 3. Access...

Words: 3868 - Pages: 16

Free Essay

Information Systems

...Information Systems Name: Institution: Course: Date: Issue Specific Security Policy Title: Responsible and Good Use of Wi-Fi Technology Classification: For Internal Use Only Statement of Policy This security policy document is about fair and responsible use of Apple Inc’s Wi-Fi technologies. It cover’s but is not limited protocols, software and hardware associated with Wi-Fi. It is meant for authorized users in Apple Inc. Allowed users are defined as anyone who has been allowed approval to access Apple Inc information and systems. This can be employees and other workers. Appropriate Use Portable gadgets users are permitted, with earlier management approval to use Apple Inc’s internal Wi-Fi. The Wi-Fi should be put to use only when in the perimeter of Apple Inc’s premises. Systems Management It is the responsibility of the Wi-Fi manager, for Apple Inc to make sure all Access Points are set up with proper settings as stated by the Wi-Fi System-Specific Policy. Violations of Policy Incase of inappropriate use of Wi-Fi technologies, Apple Inc reserves the right to take any steps that are deemed appropriate for the situation Policy Review and Modification This policy will be reviewed by Apple Inc Information Security on an yearly basis and as necessitated by change in the technology, and modified where it is deemed appropriate by the management of Apple Inc. Limitations of Liability ...

Words: 370 - Pages: 2

Premium Essay

Security and Compliance

...Security regulation compliance is intended to help institutions comply with the interagency guidelines that establish information security standards. By compliance, an organization summarizes its obligations to protect customer information and illustrate how certain provisions of the security guidelines apply to its particular situations. Some organizations still receive little management support or funding for a sound information security policy program. Over the last few years several Federal, State, and international guidelines have been approved about the security of information. Numerous establishments are now enhancing their information security procedures in reply to legal and regulatory necessities. In particular cases, these guidelines are very precise about the requirements for transcribed security and privacy policies. In other instances a law merely necessitates precautions that are suitable for the size and type of organizations (Gross, 1964). In these cases, enforcement agencies and auditors must accede to admit best practices for control all of which entail written policies. Illustrations of these are the Accepted Information Security Principles (GAISP), Control for Information Technology (COBIT) and ISO/IEC 17799. At the heart of the regulation is the intent of guarding the privacy, integrity and availability of information that influences corporate stakeholders. These laws can be narrowed down to their essential goals that include the establishment and implementation...

Words: 2408 - Pages: 10

Premium Essay

Security Manager Roles

...Security Manager Roles A security manager is one of the most important jobs of any organization. Although the position of security manager may differ from business to business, the main component of the job is to oversee the security operations for that business. Security managers develop and enforce security policies to ensure a safe environment for both employees and visitors. With the different organizations, security managers have key responsibilities that are vital to the daily operations of that organization. To identify the different responsibilities that security manager’s have in different organizations, we can define the key roles of a security manager for the Transportation Security Administration (TSA) and a security manager for an Information Technology (IT) company. Each of these individuals’ roles is crucial to protecting the security needs of their particular organization in their respective fields. A security manager for the Transportation Security Administration is the individual in charge of security operations at an airport terminal. They are in charge of supervisors, leads, and transportation security officers. They also oversee the daily operations schedule and training schedule to assure optimal security coverage on the screening checkpoints. The duties and roles of a security manager is to manage screening checkpoints, recognize and recommend corrections to improper use of equipment or screening procedures, manage employee performance, coordinate...

Words: 1013 - Pages: 5

Premium Essay

Human Error

...Information Security Article Evaluation Kathy Newman CMGT/ 441 October 02, 2013 Matthew R. Ahrens, MSIT Information Security Article Evaluation There are several ways to evaluate a website or article. Evaluating allows people, especially students; an opportunity to obtain a better understanding on the value of the objects that is evaluated. This paper will allow the reader to obtain information about one of the major errors in Information Security. Error: Believe it or not, people are still the biggest threat to information security. Most companies report that 78 percent of their errors are because of a breach created by malicious acts or negligence of either past or present employees. But, not everyone has to be within a company to end up with a system that has been breached. Systems can have breaches because of several risks that were taken by people in general. According to a blog [ (Dell - Andrea B, 2012) ], there are at least “10 risky practices employees routinely engage in that are directly related to information security”. The practices are as following: 1) Linking systems to an Internet with an unprotected wireless net. 2) Not getting ride of data on their system when it is no further needed. 3) Giving out security codes. 4) Reusing the identical security codes and screen names on various sites. 5) Using common USB devices not protected or encrypted. 6) Leaving systems logged on while not being in the office. 7) Misplacing...

Words: 554 - Pages: 3