...CSS150 – Introduction to Information Security Phase 5 Individual Project Kenneth A. Crawford Dr. Shawn P. Murray June 23, 2013 Table of Contents Phase 1 Discussion Board 2 3 Phase 1 Individual Project 5 Phase 2 Discussion Board 8 Richmond Investments: Remote Access Policy 8 Phase 2 Individual Project 11 Richmond Investments: LAN-to-WAN, Internet, and Web Surfing Acceptable Use Policy 11 Phase 3 Discussion Board: Blaster Worm 17 Phase 3 Individual Project 19 Phase 4 Individual Project: 4 Methods to Keeping Systems Secure 22 1. Keep all software up to date: 22 2. Surf the web cautiously: 22 3. Be cautious with e-mail: 22 4. Anti-Virus Software: 23 Phase 5 Individual Project: 4 Methods to Keeping Systems Secure 24 1. Firewalls: 24 2. System Backups: 24 3. Passwords: 25 4. File Sharing: 26 References 27 Phase 1 Discussion Board 2 The “Internal Use Only” (IUO) data classification includes all data and information not intended for public access. The best way to describe this classification is all company and client information that we do not want to see in a newspaper or on the internet. Some examples of this are: Client lists, Client account numbers, Human Resource files, Payroll files, E-Mails, and many others. This data classification affects all seven IT domains. The first and most important IT domain that the IUO affects is the “User Domain”. The users have to be taught general security and proper use of the systems they...
Words: 5085 - Pages: 21
...Name 4 Security Tips that the end user can implement. For this week`s task we have been asked to name four security tips that users can do themselves to help protect their computers. The four security tips that I have selected to discuss are; update Windows software, use strong passwords, run a virus scan on a schedule, and update virus definitions daily. Describe the goal of each security tip. Windows update should be run to make sure that your computer has the latest patches. These updates are designed to close security holes that have been found in the operating system and hopefully will help guard your computer from getting infected or hacked. Strong passwords can be very helpful in slowing down or even defeating different attack methods of compromising the user`s computer. Users should think of passwords like a lock on their door, a strong password will make a strong lock. A hacker`s software toolkit will most likely include an offline dictionary, this automated program can quickly identify simple and commonly used passwords. Running a scheduled virus scan should be done by anyone who has a computer. If the user is running AVG for their anti-virus it is pretty easy to set up a scheduled scan. The user can just right click the AVG icon in the system tray, select the tools menu > advanced settings > schedules. From here the user can set the day and time for the schedule to run. It can be set to run a scan once a week or each day. This software scans for any viruses...
Words: 803 - Pages: 4
...Linda Fernandez Chap 2 Review Questions 1. Why is information security a management problem? What can management do that technology cannot? Both management and IT management are responsible for the protection necessary to secure information. They are the ones who make the decisions regarding the appropriate security system and what level of security will work for the system. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? Data is important because it keeps a record of all changes and activity. Without data, the company or organization may fail because they have no records, and therefore be of no good use. 3. Which management groups are responsible for implementing information security to protect the organizations’ ability to function? General Management and IT Management are responsible because it has to be set up for that specific system. If one part fails, then they are the ones to fix it and make it usable 4. Has the implementation of networking technology created more or less risk for businesses that use information technology? Why? Networking has caused more risk for businesses using information technology because it made it much easier for attackers to breach the security systems. They are even more of a target with the internet connection. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. ...
Words: 1293 - Pages: 6
...Chapter 2 OPERATING SYSTEM CONCEPTS SYS-ED/ Computer Education Techniques, Inc. Solaris System Administration: Introduction Operating System Concepts Objectives You will learn: • Operating system components. • Solaris usage of processes. • File management and file systems. • Use of the Solaris Management Console. SYS-ED/COMPUTER EDUCATION TECHNIQUES, INC. (Solaris – System Admin: Intro - 6.5) Ch 2: Page i Solaris System Administration: Introduction 1 Operating System Concepts Operating System: Definition An operating system is the set of programs that controls a computer. The core of the operating system is the kernel. The kernel is a control program that functions in privileged state that allows all hardware instructions to be executed. It reacts to interrupts from external devices and to service requests and traps from processes. The kernel creates and terminates processes and responds to requests for service. Operating systems are resource managers. The main resource is computer hardware in the form of processors, storage, input/output devices, communication devices, and data. Operating system functions include: • Implementing the user interface. • Sharing hardware among users. • Allowing users to share data among themselves. • Preventing users from interfering with one another. • Scheduling resources among users. • Facilitating input/output. • Recovering from errors...
Words: 2421 - Pages: 10
...244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244...
Words: 522 - Pages: 3
...4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT 244 Week #4 DQ 1 CMGT 244 Week #4 DQ 2 CMGT 244 Week #4 DQ 3 CMGT 244 Week #4 DQ 4 WEEK 5 CMGT 244 Week #5 DQ 1 CMGT 244 Week #5 DQ 2 CMGT 244 Week #5 DQ 3 CMGT 244 Week #5 DQ 4 CMGT 244 Week 1 DQs CMGT 244 Week 2 DQs CMGT 244 Week 2 Assignment CMGT 244 Week 3 DQs CMGT 244 Week 3 Assignment Establishing a Secure Computer Room CMGT 244 Week 4 DQs CMGT 244 Week 4 Assignment Intro to OSI Model CMGT 244 Week 5 DQs CMGT 244 Week 5 Final Project Information Security Policy for the Bloom Design Group Paper CMGT 244 Week 5 Information Security Policy for the Bloom Design Group Presentation PPT A++ graded !! CMGT 244 ENTIRE COURSE http://www.homeworkproviders.com/shop/cmgt-244-entire-course/ CMGT 244 ENTIRE COURSE Product Description CMGT 244 Week #1 DQ 1 CMGT 244 Week #1 DQ 2 CMGT 244 Week #1 DQ 3 CMGT 244 Week #1 DQ 4 CMGT 244 Week #1 DQ 5 CMGT 244 Week #1 DQ 6 WEEK 2 CMGT 244 Week #2 DQ 1 CMGT 244 Week #2 DQ 2 CMGT 244 Week #2 DQ 3 CMGT 244 Week #2 DQ 4 CMGT 244 Week #2 DQ 5 WEEK 3 CMGT 244 Week #3 DQ 1 CMGT 244 Week #3 DQ 2 CMGT 244 Week #3 DQ 3 CMGT 244 Week #3 DQ 4 CMGT 244 Week #3 DQ 5 WEEK 4 CMGT...
Words: 532 - Pages: 3
...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...
Words: 1790 - Pages: 8
...11-9-2013 The first point that I will address consist on the multiple dangers that computer networks are exposed, that are in majority done by perpetrators that get access to servers of Windows and Linux to explode their vulnerabilities.. The use of these codes or malware in the form of viruses, worms, time bombs or any peculiar name this individuals use to give to their destructive toys, are a major concern to the protection of confidential information. Data so sensitive that in their majority is composing of identity, credit, and property information so well collected and compiler that is plenty for the creation of a clone of a company or a person. These identity theft atrocities are not limit to the software and information appropriation; also the attacks diminish computer performance, affecting their velocity and cause computers to crash. The CIO should possess a compendium of way’s to defend his network, and a rapid decision capability to take decisions in a short time period. Furthermore, in general terms security; as we can define “ the act of provide a sense or protection against lost, attack or harm”, can use or integrate a complete protection plan. Depending on the resources of the company the integration of a security plan that can integrate “the five pillars of security IT security operation: policy and audit management, access management, infrastructure and hardware security and incident response.” The real world presents to us a different situation, when in like...
Words: 591 - Pages: 3
...Databases Chapter 1 – Intro Lab 1.2 1. Nouns: doctors, patients, drugs, side effects. 2. Major Topics: doctor Records, patient medical records, side effects / symptoms, and screening records. Lab 1.3 1. Major Topics: faculty, software, and computers. 2. Draft statement of work that includes scope, objectives, and preliminary timeline: a. Scope – A database with the ability to track faculty and staff computers and software. b. Objectives – Faculty software, version, license agreement, record of computers with software, location of computer, user access to computer, software install / uninstall timestamps, status of the computer. i. Additional: ability to track software requests and software availability. c. Timeline ii. Gathering data – gather records of the school computers and its staff, a list of software purchased and in use, interview and questionnaire information understand the faculty needs. Time: 1.5 weeks. iii. Analyzing data – Understanding the data to create data model. Know the needs of the faculty members and type of software / computers in use to determine business rules. Time: 2 weeks. iv. Normalization – Data modeling; entities and relationships normalized. Time: 2 weeks. v. Building the physical database – Create RDBMS database. Time: 4 days. vi. Testing and security – Testing using sample data. Create user permission for different levels of faculty, block out...
Words: 369 - Pages: 2
...Associate Level Material Appendix E Physical Security Policy Student Name: xxxxxxxxxxx University of Phoenix IT/244 Intro to IT Security Instructor’s Name: xxxxxxxxx Date: 4.14.13 Physical Security Policy 1 Security of the building facilities 1 Physical entry controls Like we have in our company, everyone must have an ID Swipe card (smart Card), they must swipe the card coming into and going out of the building. These Smart card readers are at every door externally and internally. This is a big help in also identifying who is in the building and at what times. If there is any issue. This is for employees, for non-employees you need to write your name down and only then will you get a visitor’s pass to enter the building. You return you pass when you leave the building. We also have an alarm system at every external door way this includes the windows too. We do not have a fence but do have a security car that travels around the building all thru the night, as well as sensor lights and camera inside and out. 2 Security offices, rooms and facilities We have a few places that are locked down with keypad entrée’s one is the accounting room and the other is the network room. In the network...
Words: 728 - Pages: 3
...accounting + auditing Intro to XBRL Patricia Francis xbrL Is resHApING tHe FINANcIAL reportING LANDscApe WorLDWIDe, AND LooKs set to Do tHe sAme IN mALAYsIA oNce FuLLY ImpLemeNteD bY LocAL reGuLAtors AND busINesses. Are You xbrL reADY? The objectives of SSM’s SDP II are: • To enhance delivery and improve accuracy of information; • To achieve a standardised and consistent mode of reporting with enhanced analytical capabilities; • To promote data usability and exchange flow with external stakeholders. According to Nor Azimah, SSM also promotes the adoption of XBRL as a nationwide format to be used by key agencies such as the Inland Revenue Board (LHDN), Securities Commission (SC) and Bursa Malaysia and the building of extension taxonomies by the mentioned agencies. The said adoption will provide SSM, other regulators and businesses with detailed data which can be aggregated and made available to stakeholders in the form of industry analysis for industrial benchmarking. The move to XBRL-based reporting is also in line with plans to transform Malaysia into a digital country by 2020, as XBRL reports form part of the digital reporting chain. At the recent Digital Malaysia Press Conference held on 5 July 2012 by the Ministry of Science, Technology and Innovation (MOSTI) along with Multimedia Development Corporation (MDeC), Datuk Badlisham Ghazali, CEO of MDeC told the media that Digital Malaysia will help drive automation and technology adoption to ensure productivity and...
Words: 2550 - Pages: 11
...Introduction [Writing suggestion: Avoid using "intro" or "introduction" if this is a subtitle. At the beginning of the essay, the following could be nothing else] One of the biggest concerns in today’s society relates to security in internal IT and e-commerce applications. Security is handled by passing and transactions between client browser and Internet server entering a secure site. The client browser is passed a public key by which transactions between client, and the web is encrypted. The process of monitoring security plays a vital function in any organization’s computer use both internally and externally. Security Organization Within a secure organization the business structure can cover a system of financial control, such as payroll, human resources, inventory, and general ledger vary the variety of agencies of the organization may be enhanced. Vulnerabilities in organizations will diminish, staff may be eliminated and so will duplications of work within departments, monetary information can stay secure, and most customer service may be better. Internal IT Internal IT is a beneficial service such as, compliance with federal and state laws, add valve to an organization’s internal control. Safeguarding the organization assets, and risk management just to name a few, mainly deals with computer applications monitors and manages employee’s activities, for instance it more of a help desk, side services, or a desk-side service infrastructure and application support...
Words: 663 - Pages: 3
...firm’s own information, but that of its customers, employees, and suppliers. In this paper I will be describing four types of input controls, in user interface design, and their primary functions. Input control includes the necessary measures to ensure that input data is correct, complete and secure (Rosenblatt & Shelly, 2012). Some examples of input controls are audit trails, encryption, password security, and data security, just to name a few. Input Controls To begin, audit trails record the source of data each data item, and when that data enters the system (Rosenblatt & Shelly, 2012). It is a series of records of computer events, about an operating system, an application, or user activities (Gopalakrishna, 2000). It is generated by an auditing system that monitors system activity (Gopalakrishna, 2000). Audit trails have many uses in the realm of computer security (Gopalakrishna, 2000). The uses include: 1. Individual Accountability: A users actions are monitored and tracked giving them accountability of their own actions. This deters users from evading security policies and even if they do evade them, they will definitely be held accountable (Gopalakrishna, 2000). 2. Reconstructing Events: Audit trails can also be used to reconstruct events after a problem has occurred. (Gopalakrishna, 2000). The amount of damage that occurred with an incident can be assessed by reviewing audit trails of system activity to pinpoint how, when, and why the incident...
Words: 821 - Pages: 4
...what you might not expect is the degree of error necessary to render a financing statement “seriously misleading” under revised Uniform Commercial Code §9-506, thereby rendering it ineffective. The new legal standard, coupled with strict search logic standards being adopted by filing offices are making it much easier to challenge the perfection of a security interest on the basis of minor errors in the debtor’s name. So… "What's in a name? Well, when trying to perfect a security interest under Revised Article 9, “that which we call a rose by any other name definitely does not smell as sweet." INTRO: [PMSI] In today’s economy, selling unsecured on open account may carry significant risk for vendors. However, taking a security interest in the merchandise sold may reduce or eliminate such risk. This type of security interest, called a purchase money security interest or "PMSI", is the most common and important secured transaction under article 9. To obtain a valid PMSI, the debtor must first execute a security agreement giving the vendor a security interest in described merchandise. Then, the vendor perfects the security interest by filing a financing statement with the filing office (generally the Secretary of State). The vendor who takes the proper steps to perfect its PMSI is entitled to the cash proceeds from the sale of its merchandise. [Strong Arm Powers] Section 544(a)(1) of the Bankruptcy Code gives the trustee in bankruptcy the status of a judicial lien...
Words: 1862 - Pages: 8
...Computer Ethics Angel L Rivera CIS106020VA016-1146-001 (Intro to Info Technology) Prof MERRITT, JENNIFER 8.7.2014 1-Describe two (2) potential computer ethics issues associated with holding computers hostage. A- Computer Crime: Attacks on Software through Back Doors or Trojan Horses- The intruder creates a malicious code just like they would to create other types of malware. The code is specifically designed to take control of your computer and then hijack all of your files. The files are then placed in an encrypted format so you no longer have access to them. B- Computer Crime: Attacks on People - Sabotage/Destruction of Data -If you fail to pay, the intruder is capable of creating additional malicious code that will destroy the content of your PC a little bit at a time until you pay up. Another type of ransomware presents itself in the form of a Trojan, which scans all of your PC's directories and drives, and then automatically encrypts all of your files so you cannot access them. The Trojan places the finishing touch on the intrusion by leaving a ransom note. 2-Propose two (2) methods that computer users could use to prevent this type of attack. A- Your best defense is to not click on e-mail attachments from unknown sources and avoid clicking anything in a pop up window that you receive while browsing the Internet. B- Make sure your anti-malware software has the latest and greatest definition files so that it is prepared for the current batch...
Words: 512 - Pages: 3