...Scams of the day!!! © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 2 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 3 On to today’s lesson © 2012 Jones and Bartlett Learning, LLC www.jblearning.com FIRST OF ALL… § Let me clear up a misconception § RSA public/private key encryption is THE leader, in terms of security. For all practical purposes, it is impossible to crack a RSA algorithm. § PGP (Pretty Good Privacy) is probably the best implementation of RSA. It is now owned by Symantec. § Other free products (which do not tightly integrate into email, for example) are available § Understand that PKI is NOT the same thing as public key encryption Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 5 Fundamentals of Information Systems Security © 2012 Jones and Bartlett Learning, LLC www.jblearning.com Page 6 Public Key Infrastructure (PKI) is a set of hardware, software, people, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates. In cryptography, a PKI is an arrangement that binds public keys with respective user identities by means of a certificate authority (CA). The user identity must be unique within each CA domain. The binding...
Words: 1799 - Pages: 8
...benefit plan, Colbert is directing the development and installation of a benefit election system to support the tracking and reporting of employee (union and non-union) benefits (Apollo Group Inc., 2011). With the new benefit system coming online brings new security requirements and possible risks that must be addressed. This document will list some of those security requirements and risks of the Benefits Election System of the company. Paper Risks and Security Requirements Huffman Trucking is a national transportation company with 1,400 employees working in logistical hubs across the United States. The human resources department currently maintains several tracking mechanisms for its employee information. The company has an HRIS system that was developed in-house that maintains a database of personal information. One of the company’s managers also maintains an Excel spreadsheet for individual compensation decisions and surveys. With the recommendation to convert the Excel spreadsheet to a database system, it is a wise choice to integrate the paper data into the already made HRIS system database. In either case, there is a need to provide planning and security for the system. To address the one possibility of integrating the Excel spreadsheet into the benefit election system, there are a few risks associated with paper-based systems and security baselines that must be met. Maintaining paper presents risks such as environmental risks. This can include fire, water, and...
Words: 1290 - Pages: 6
...being a project manager for the majority of time over the past ten years; mainly because they were all projects involving many necessary skill-sets which I possess so I may be successful in any organization. These skillsets I am speaking of include paying close attention to all details, compiling/sorting/imputing/merging and importing data, etc. Some other skill sets which I possess include knowing how critical certain attributes are such as confidentiality, thoroughness, being result/self-driven, as well as having sound decision making skills. In addition, I also possess many physical skillsets including but not limited to installing/repairing/maintaining/troubleshooting and upgrading various computers, operating systems, networks, PC’s, laptops, technical equipment such as routers, patch panels, switches, cameras, biometric access systems, printer setups/replacements. Nearly every project and job has required me to conduct several troubleshooting methods depending on the situation and issues involved. I have also spend a great deal of time over the past ten years adding, removing and editing user and group accounts in active directory. I have volunteered in several group homes, classrooms, nursing homes and other places to provide people with little to no experience using today’s technologically advanced tools. Therefore, giving them a chance to learn how to use various forms of technology to keep in touch with their friends and families by teaching technical training...
Words: 1184 - Pages: 5
...0.1 WHAT IS INFORMATION SECURITY? 0.2 WHY INFORMATION SECURITY IS NEEDED? 0.3 HOW TO ESTABLISH SECURITY REQUIREMENTS 0.4 ASSESSING SECURITY RISKS 0.5 SELECTING CONTROLS 0.6 INFORMATION SECURITY STARTING POINT Information security is defined as the preservation of confidentiality, integrity and availability of information … Information security is defined as the preservation of confidentiality, integrity and availability of information … 0.7 CRITICAL SUCCESS FACTORS 0.8 DEVELOPING YOUR OWN GUIDELINES 1 SCOPE 2 TERMS AND DEFINITIONS 3 STRUCTURE OF THIS STANDARD 3.1 CLAUSES Security controls directly address risks to the organization, therefore risk analysis is a starting point for designing controls. Security controls directly address risks to the organization, therefore risk analysis is a starting point for designing controls. 3.2 MAIN SECURITY CATEGORIES 4 RISK ASSESSMENT AND TREATMENT 4.1 ASSESSING SECURITY RISKS Information security policies, standards, procedures and guidelines drive risk management, security and control requirements throughout the organization Information security policies, standards, procedures and guidelines drive risk management, security and control requirements throughout the organization 4.2 TREATING SECURITY RISKS 5 SECURITY POLICY 5.1 INFORMATION SECURITY POLICY 5.1.1 Information security policy document 5.1.2 Review of the information security policy 6 ORGANIZATION OF INFORMATION SECURITY Defines the...
Words: 1623 - Pages: 7
...Anthony Purkapile Introduction Information security continuous monitoring is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This includes Maintaining situational awareness of all systems across the organization Maintaining an understanding of threats and threat activities Assessing all security controls Collecting, correlating, and analyzing security-related information Providing actionable communication of security status across all tiers of the organization Active management of risk by organizational officials Purpose The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility into organizational...
Words: 1881 - Pages: 8
...Introduction: Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. This publication specifically addresses assessment and analysis of security control effectiveness and of organizational security status in accordance with organizational risk tolerance. Security control effectiveness is measured by correctness of implementation and by how adequately the implemented controls meet organizational needs in accordance with current risk tolerance. Organizational security status is determined using metrics established by the organization to best convey the security posture of an organization’s information and information systems, along with organizational resilience given known threat information. This necessitates: • Maintaining situation awareness of all systems across the organization; • Maintaining an understanding of threats and threat activities; • Assessing all security controls; • Collecting, correlating, and analyzing security-related information; • Providing actionable communication of security status across all tiers of the organization; and • Active management of risk by organizational officials. Purpose: The purpose of this guideline is to assist organizations in the development of an ISCM strategy and the implementation of an ISCM program that provides awareness of threats and vulnerabilities, visibility...
Words: 4395 - Pages: 18
...Maintaining Information Security CMGT-400 Assurance and Security 5-25-2013 Maintaining Information Security Maintaining the security of information couldn’t have been said any clearer than by Lindsey Walker of InfoSec Island, when in 2010 she wrote an article about sensitive information becoming breached. She said “Preventing information security breaches needs to become a main priority for any company when handling both customer and company information”. Sharing information has become much easier than in previous years, from the widespread mainstream use of USB thumb drives or the constant urge to share some secret news or research on Twitter and other social media. The need for a company to constantly review and update their information security policy periodically has never been greater than now. Security Policy An Information security policy should be written in a way that defines how digital information should be protected and accessed by all company employees. Most information that is used to define the Information Security Policy can be gathered by first running a risk analysis report. These reports look at your business model and create a data structure that can be used to inform a company about where their greatest risks are within the company and around the entire work place. Certain “must-have” check boxes for items that should be included in an information security policy are Acceptable Use Policy, Wireless Policy, Email Policy, and Encryption Policy. These...
Words: 1928 - Pages: 8
... | ------------------------------------------------- Profile I am industrious, goal-oriented, focused and ambitious person with Computer Hardware & Networking, and Microsoft Certified System Engineering background. I have a dedicated insight into the needs and views of others, and the ability to identify issues or crisis areas and form inventive information technology solutions. My areas of strength include; Networking and System Administration/Security Objectives I aspire to become a Network Systems Security Analyst and Database Administrator and to work in a demanding, competitive, fulfilling and an exciting environment to bring out the best in me. ------------------------------------------------- Education And Professional Qualification Certification Status | Credential | Certification / Version | | Date Achieved | | Ubiquiti airMAX & Unifi Wi-Fi Training | airMAX Certified & Unifi Wi-Fi | | April 12, 2013 | | Modules: * Understanding Wireless Communication * Active Server Pages * Link Planning and ManagementMicrosoft Certified Technology Specialist | Administrator. * Ubiquiti Protocols and Technologies * Hands-on UniFi Campus WIFI Course * RF FundamentalsMicrosoft Internet Security and Acceleration (ISA) Server 2006, Configuration | | Feb 19, 2010 | | Microsoft Certified Professional | Installing, Configuring, and Administering Windows...
Words: 774 - Pages: 4
...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...
Words: 1790 - Pages: 8
...Computers that store personal information, which can be stolen by hackers. It is important to install anti-virus software and ensure their personal computers are secured with passwords. In the military, they have top security firewalls, with these security measures hackers are not able to transfer personal information. Gene Spafford states, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.” Spafford,G. (2012). Keeping your system updated increases the protection of important information, although it is hard to maintain a track record of updates. There are many ways to ensure the disposal of personal data is performed properly, one way to dispose data is to completely erase the information in the system and hard drive. Data storage depends on the current space of your hard drive, but it is important for security measures to be installed and updated frequently. In a computer, there is a control panel to control the users of your computer system, setting up a password for users to specifically view certain websites and also a folder in which only the authorized account holder may access. Identity theft is the most common thing that happens when information is stored without ensuring the security protection on computers are maintained and updated. As we all know your system will have many problems, there will be people out in the world looking to steal data from other systems. It is very important to...
Words: 590 - Pages: 3
...Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)[1] Two major aspects of information security are: • IT security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems. • Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. One of...
Words: 768 - Pages: 4
...requiring this information. For example, modeling the availability of rooms in hotels in a way that supports finding a hotel with vacancies. Database management systems (DBMSs) are specially designed applications that interact with the user, other applications, and the database itself to capture and analyze data. A general-purpose database management system (DBMS) is a software system designed to allow the definition, creation, querying, update, and administration of databases. Well-known DBMSs includeMySQL, PostgreSQL, SQLite, Microsoft SQL Server,Oracle, SAP, dBASE, FoxPro, IBM DB2, LibreOffice Base and FileMaker Pro. A database is not generally portable across different DBMS, but different DBMSs can by using standards such as SQL and ODBC or JDBC to allow a single application to work with more than one database. Contents [hide] * 1 Terminology and overview * 2 Applications and roles * 2.1 General-purpose and special-purpose DBMSs * 3 History * 3.1 1960s Navigational DBMS * 3.2 1970s relational DBMS * 3.3 Database machines and appliances * 3.4 Late-1970s SQL DBMS * 3.5 1980s desktop databases * 3.6 1980s object-oriented databases * 3.7 2000s NoSQL and NewSQL databases * 4 Database research * 5 Database type examples * 6 Database design and modeling * 6.1 Database models * 6.2 External, conceptual, and internal views * 7 Database languages * 8 Performance, security, and availability ...
Words: 771 - Pages: 4
...manager in a corporation or organization. The CEO has specific responsibilities depending on the needs of his or her organization. The job description of a CEO varies by organization. Creating, communicating, and implementing the organization’s vision, mission, and overall direction. Leading the development and implementation of the overall organization strategy. http://humanresources.about.com/od/job-titles/f/Chief-Executive-Officer-Ceo-Do.htm CIO: The CIO position emerged in the early 1980s in response to the pervasive use of IT in firms and the emergence of the information economy. The CIO position gradually became more influential as IT increasingly played a central role in business processes and firm strategy. Today’s CIOs are often members of the firm’s C-level executive team and assume many influential roles and responsibilities besides maintaining the IT infrastructure, such as establishing the firm’s information policy and standards, promoting IT as...
Words: 2076 - Pages: 9
...WEB SECURITY POLICY IFSM 304 Overview : With the increasing amount of personal data that is being compiled on the Internet and specifically individual’s medical information we must look at the ethical dilemma of who has access to our data. Not only general demographic data such as full name, home address, phone number, and date of birth but also extremely sensitive medical information such as diagnosis and medication prescribed. Even though the convenience of digital records accessible to care providers via the web can expedite service, security and privacy have to be considered and maintained. An organizational policy is required to provide guidance, direction and responsibilities to ensure compliance with all Health Insurance Portability and Accountability Act (HIPAA) requirements. HIPAA is the acronym that was passed by Congress in 1996. (Health, n.d.) Purpose: To promulgate organizational policy, procedures, and program management for web security. This policy defines the technical controls and security configurations users and information technology (IT) administrators are required to implement in order to ensure the confidentiality, integrity, and availability of the data environment in accordance with HIPAA does the following: Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs; Reduces health care fraud and abuse; Mandates industry-wide standards...
Words: 1100 - Pages: 5
...Computers that store personal information, which can be stolen by hackers. It is important to install anti-virus software and ensure their personal computers are secured with passwords. In the military, they have top security firewalls, with these security measures hackers are not able to transfer personal information. Gene Spafford states, “The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards.†Spafford,G. (2012). Keeping your system updated increases the protection of important information, although it is hard to maintain a track record of updates. There are many ways to ensure the disposal of personal data is performed properly, one way to dispose data is to completely erase the information in the system and hard drive. Data storage depends on the current space of your hard drive, but it is important for security measures to be installed and updated frequently. In a computer, there is a control panel to control the users of your computer system, setting up a password for users to specifically view certain websites and also a folder in which only the authorized account holder may access. Identity theft is the most common thing that happens when information is stored without ensuring the security protection on computers are maintained and updated. As we all know your system will have many problems, there will be people out in the world looking to steal data from other systems. It is very important to...
Words: 591 - Pages: 3
