Premium Essay

Security Plan Basics

In:

Submitted By ddrake
Words 433
Pages 2
To perform a security plan, a full risk assessment has to be performed. This involves developing security policies and implementing controls to prevent computer risks from becoming reality. Risk assessment is a very important part of computer security planning. It provides a baseline for implementing security plans to protect assets against various threats that could occur in all of the seven domains of IT infrastructure.
The User Domain is the weakest domain, therefore measure need to be taken to reduce the chance that user’s activity can bring down a system unknowingly or knowingly. A mandatory Computer Security training will need to be implemented in order to educate the users on the proper use of work computers. Train the users to use their machine properly and can effectively cut down on mistakes that can leave systems vulnerable to attacks. Also, there will be restriction to user’s ability to bring in and corrupt data using CDs, DVDs, and USB drives.
Remote Access Domain, with the condition that the users are off sites, it is hard to know if their password has not been compromised. In cases where data is accessed without proper authorization, data should be completely encrypted to prevent sensitive materials from being presented to the open market. To prevent unauthorized people from logging onto the system, password delay and or denial after several tries should be implemented. Also, real time lock out should be implemented.
Workstation Domain, the problem associated with this domain is, someone getting access to the system without authorization. To avoid this, access policies and guidelines, just as locking the computer when one leaves need to be implemented.
LAN Domain, the problem here is, when unauthorized person gets access to the LAN. To prevent this, one need to make sure that no one is logged on without the proper IDs.
LAN to WAN Domain, this

Similar Documents

Premium Essay

Statement of Work

...Statement of Work Computer Security Awareness and Training April 14, 2000 (NOTE: Commentary information is provided in Italics) 1. PURPOSE/OBJECTIVE: The purpose of this Statement of Work (SOW) is to elicit proposals to develop a computer security awareness and training course specific to executives and senior management of the XX Agency (XXA). This course may be conducted by organization staff or by contractor staff under a separate contract. The course encompasses lesson plans, training aids, and handout materials. The contractor shall develop a computer security awareness and training course tailored to XXA's needs. This contract requires the development of computer security awareness training materials tailored to the XXA's needs, which may be used by a contractor or by XXA, in subsequent training sessions. At a minimum, the contractor shall include one or more of the five basic subject areas into a computer security awareness and training plan for the executives and senior management within XXA. The five basic subject areas are: computer security basics; security planning and management; computer security policies and procedures; contingency plan/disaster recovery planning; and systems life cycle management. http://www.eeoc.gov/eeoc/doingbusiness/statement_of_work.cfm 2. ENVIRONMENT: Federal organizations have a mandatory requirement to provide computer security awareness and training for employees responsible for management and use of...

Words: 1866 - Pages: 8

Premium Essay

University of Phoenix - Cmgt 430 - Week 2 Individual

...Week 2 Individual Assignment University of Phoenix – CMGT 430 In order to better serve Riordan Manufacturing’s information security infrastructure, a solid plan must be put in place to ensure that the approach to its implementation is logical, easy to follow, and effective. Many aspects must be considered when formulating an information security policy, including the needs of the company vs. best practice, thus striking a delicate balance between both variables. Therefore Smith Systems Consulting is dedicated to ensuring that a quality service is delivered that will meet these objectives. However, before a more comprehensive plan can be put into place, it is important that Smith Systems Consulting understands exactly how the security plan will be managed, and how to enforce it on the most basic level. It is therefore the opinion of our company to begin by defining a simple, yet utterly crucial part of Riordan’s base information security policy: separation of duties via the practice and implementation of role assignments. Separation of duties, in information technology, is the practice of dividing both IT staff and end users into managed groups, or roles. While users and IT staff, from an administrative level, may fall into several groups (ex., Accounting Department, Maintenance, Security, etc), these groups are not enough to enforce proper security policy. A more comprehensive approach is to define what the base access is for all of these groups, thus the use of roles. Roles...

Words: 1690 - Pages: 7

Premium Essay

Syllubus

... |SYLLABUS | | |Axia College/College of Criminal Justice and Security | | |CJS/250 Version 2 | | |Introduction to Security | Copyright © 2009, 2007 by University of Phoenix. All rights reserved. Course Description This course is an introduction to contemporary security practices and programs. Students will study the origins of private security, its impact on our criminal justice system, and the roles of security personnel. Students will also examine the growth and privatization of the security industry, and study the elements of physical security including surveillance and alarm systems. The course will cover legal and liability issues, which determine the extent of private security authority as well as its limitations. This course will also focus on the current and future integration of private security services in law enforcement agencies. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must...

Words: 1941 - Pages: 8

Premium Essay

Layered Security in Plant Control Environments

...Layered Security in Plant Control Environments Ken Miller Senior Consultant Ensuren Corporation KEYWORDS Plant Controls, Layered Security, Access Control, Computing Environment, Examination, Detection, Prevention, Encryption, Compartmentalization ABSTRACT Process control vendors are migrating their plant control technologies to more open network and operating environments such as Unix, Linux, Windows, Ethernet, and the Internet Protocol. Migrating plant controls to open network and operating environments exposes all layers of the computing environment to unauthorized access. Layered security can be used to enhance the level of security for any computing environment. Layered security incorporates multiple security technologies in each computing layer to provide resistance to unauthorized intrusion, while reducing the risk of failure from a single technology. Layered security requires acceptance of a model, development of an access control plan, compartmentalization of the network, and implementation of core security products that address examination, detection, prevention, and encryption. Layered security is considered a “best practice” in any computing environment, and should be widely used in critical control environments. INTRODUCTION Plant control environments have traditionally been built on proprietary technology. This proprietary technology provided a reasonable level of security from unauthorized access due to its “closed” nature, and lack of connection...

Words: 2711 - Pages: 11

Premium Essay

Blah Blah Blah

...I. Introduction II. Two types of dilutive securities are convertible bonds and convertible preferred stock. A. Convertible bonds can be converted to other corporate securities during some specific time after issuance. B. Convertible preferred stock, includes an option for the holder to convert preferred shares into a certain number of common shares. Unlike convertible bonds, convertible preferred stock is considered equity (unless there is a mandatory redemption feature). Note the example and journal entry on page 799. III. Another type of dilutive security is a stock warrant. A. A stock warrant is a certificate that entitles the holder to acquire shares of stock at a certain price within a stated period. B. Stock warrants may be attached to bonds as incentives to buyers; attachment of warrants enables the issuer to pay a lower interest rate (because the buyer expects to receive value in the future by exercising the warrant, so he/she is willing to accept less interest income). C. Stock warrants may be either detachable or nondetachable from the bond or other financial instrument. D. If the warrant is detachable, at issuance, the value of the warrant is recorded as a credit to “Paid-in Capital—Stock Warrants.” E. If the warrant is not detachable, no separate account is credited at issuance. The credit is to “Bonds Payable” only. F. The relative value of the warrants and the bonds may be established either through the proportional method...

Words: 1258 - Pages: 6

Premium Essay

Dilutive Securities and Earnings Per Share Multiple Choice

...CHAPTER 16 DILUTIVE SECURITIES AND EARNINGS PER SHARE IFRS questions are available at the end of this chapter. TRUe-FALSe—Dilutive Securities—Conceptual Answer No. Description T 1. Accounting for convertible bond issue. F 2. Reporting gain/loss on convertible debt retirement. T 3. Reporting additional payment to encourage conversion. F 4. Exercise of convertible preferred stock. F 5. Convertible preferred stock exercise. T 6. Allocating proceeds between debt and detachable warrants. F 7. Allocating proceeds from nondetachable warrants. T 8. Intrinsic value of a stock option. F 9. Compensation expense in fair value method. T 10. Service period in stock option plans. F 11. Accounting for nonexercise of stock options. F 12. Accounting for stock option forfeiture. T 13. Cumulative preferred stock and EPS. F 14. Restating shares for stock dividends and stock splits. T 15. Stock dividend and weighted-average shares outstanding. F 16. Preferred dividends and income before extraordinary items. T. 17. Reporting EPS in complex capital structure. F. 18. Dilutive stock options. T 19. Contingent issue shares. F 20. Reporting EPS for income from continuing operations. Multiple Choice—Dilutive Securities, Conceptual Answer No. Description d 21. Nature of convertible bonds. d 22. Recording conversion of bonds. b 23. Definition of bond sweetener. c S24. Reasons for issuing convertible debt. a S25. Reporting gain/loss on...

Words: 12762 - Pages: 52

Free Essay

Security Plan

...The Security Plan The name of my target environment is Western Cash Advance. Western Cash Advance is an establishment that issues individuals payday loans. A payday loan is when someone is issued a loan until their next payday and a personal check is used as collateral. There is cash on hand in this business on a daily basis because they only issue cash to their customers as well as except only cash for payments. This store is normally run by two people but on many occasions there is only one employee in the store at a time. The basic floor plan to this business is an office space in a small strip mall that consists of three stores. The size of the store is approximately 900 sq. feet. It is one room that has a sectional desk where customers are assisted and another desk in the back of the room. The lobby consists of one big round table and six chairs that are situated around the lobby. There is a door on the back wall that leads to a hallway. In the hallway there is a bathroom and two storage closets. This business has a very basic open floor plan. When it comes to the current security features it is very limited. When going by the three models in physical security, which is the dynamic D’s, lines of defense, and internal/external threat identification, this business definitely needs some improvement (Clifford, 2004). The only security features that this establishment contains are a security alarm system, one motion detector, and one panic button. The outer perimeter has no...

Words: 937 - Pages: 4

Premium Essay

Cmgt 430 Week 4 Learning Team Presentation

...Learning Team Presentation To Buy This material Click below link http://www.uoptutors.com/CMGT-430/CMGT-430-Week-4-Learning-Team-Presentation An enterprise security plan is more than just a list of vulnerabilities and risks. It must present them in a meaningful way along with suggestions for specific steps to mitigate each of the most important vulnerabilities or risk pairs it finds. Your task this week is to produce the basics of that full presentation. Part 1 Compile a full draft of the final Enterprise Security Plan document. This will not be complete, but will have at least a short paragraph about each major section of the paper, including the suggested controls. Use the introduction and conclusion as an executive summary of the entire paper’s content. Research at least eight sources that validate the choices made in the paper. This must go beyond basic definitions. The sources can be changed in the final week, if needed. Format your paper consistent with APA guidelines. Part 2 Create a Microsoft® PowerPoint® presentation on the findings in the Enterprise Security Plan to present to senior management at your chosen organization. Keep the slides uncluttered and concise. Include well-formatted speaker notes for the presentation. Finalize your presentation for the Enterprise Security Plan. The presentation should target senior leadership at the organization and should effectively cover the material in the paper. ·         No specific number of...

Words: 330 - Pages: 2

Premium Essay

Mcbride Financial Website Security Plan

...McBride Financial Website Security Plan Reggi CMGT/441 April 7, 2014 University of Phoenix   McBride Financial Website Security Plan Introduction McBride financial services is upgrading their website to be more interactive with clients. The goal is to create self-serve options for clients though the website and through kiosks located in the offices. McBride wants to reduce the number of employees needed to handle client accounts using this new business plan. The new plan will increase the need for data protection to ensure that customer’s personal data is kept same during all points of the application and loan process. Implementing online loan applications means customer information will be input into web forms and then transferred to the company database. This creates the potential for hackers to steal or corrupt the data and to use it to gain access to other company servers. In order to prevent this from occurring and limiting the damage done in the case of a successful attack McBride must implement a Prevention, Detection, and Recovery plan. Prevention A prevention plan for McBride will be need to include protection for the company servers and protection for client information. The first step in this plan is to establish a demilitarized zone (DMZ) to separate the web server from the company databases and other company servers. The most secure way to implement this is to use two firewalls. The first one will be set to allow necessary traffic to the web server...

Words: 1058 - Pages: 5

Premium Essay

Sec 410

...Physical Security SEC/410 August 12, 2013 Physical Security It is important for all organizations to have physical security. Physical security protects the organization in every way. Every individual needs to be aware of the importance of physical security. Not only is important for the individual to be aware of the importance physical security has in an organization but to be able to understand how physical security works within the organization. In this paper the writer will be describing the core concepts of physical security. Additionally the writer would be writing about the security assessments. Last the writing would be writing about the basic physical controls. The physical security is when security involves themselves in detection and the prevention of any unauthorized intrusion. The main idea of physical security is to protect every individual and organization at all times. Physical security needs to protect the organization from any threats. Some of the threats an organization could have is man-made threat, natural made threats and also terrorist threats. Physical security needs to be well train in any situation; in case of the fires the security needs to know each and every step he or she needs to done in others to protect the organization and the individual within the organization. Also in case of a intruder physical security knows how to handle it the right way and fast before he or she can’t commit any harm to the organization or the individual. It...

Words: 1194 - Pages: 5

Premium Essay

Securing Information

...to the security requirements of your information system? From the very earliest stages of planning for the development of the system to its final disposal is the advice of the National Institute of Standards and Technology (NIST).  By considering security early in the information system development life cycle (SDLC), you may be able to avoid higher costs later on and develop a more secure system from the start.  The System Development Life Cycle (SDLC) The system development life cycle starts with the initiation of the system planning process, and continues through system acquisition and development, implementation, operations and maintenance, and ends with disposition of the system. Specific decisions about security must be made in each of these phases to assure that the system is secure.   The organization develops its initial definition of the problem that could be solved through automation.   Also during this early phase, the organization starts to define the security requirements for the planned system. Management approval of decisions reached is important at this stage.  During this initiation phase, the organization establishes the security categorization and conducts a preliminary risk assessment for the planned information system.  Categorization of the information system using federal standards and guidelines aids system security planners in defining information system security according to levels of impact, and in selecting a baseline of initial security controls...

Words: 1328 - Pages: 6

Premium Essay

Ccola

...Analysis of Financial Statements of Coca Cola [Name of the Writer] [Name of the Institution] Table of Contents Introduction 2 Introduction of Company 2 Discussion 3 Analysis of Balance Sheet 3 Defined Contribution Plan 4 Basic and Dilutive EPS 4 Share-Based Compensation 5 Analysis of Cash Flow Statement 6 Conclusion 7 Works Cited 8 Analysis of Financial Statements of Coca Cola Introduction The subject, Analysis of Financial Statements is very important in many ways. It helps us to develop certain techniques about the analysis of financial statements of companies. Investors can use these techniques to identify certain trends and can manage their investments. This analysis is based on the financial statements of Coca Cola. It is a beverages company with operations in many parts of the world. This analysis will help the readers to get insight to this company. This analysis will cover all fundamental financial statements of Coca Cola. It will start with the analysis of the balance sheet items and will conclude with cash flow statement. The analysis will cover all the necessary aspects needed to draw ingenious results. Introduction of Company Coca Cola first started in 1886, in Atlanta. Johan Pemberton, a pharmacist introduced this drink and was later named as Coca-Cola. The sale of Coca Cola stated through Jacob’s pharmacy with 5 cent a glass. They sold only nine glasses a day. From then...

Words: 1865 - Pages: 8

Premium Essay

Build a Web Applications and Security Development Life Cycle Plan

...Build a Web Applications and Security Development Life Cycle Plan What are the elements of a successful SDL? The elements of a successful SDL include a central group within the company (or software development organization) that drives the development and evolution of security best practices and process improvements, serves as a source of expertise for the organization as a whole, and performs a review (the Final Security Review or FSR) before software is released. What are the activities that occur within each phase? Training Phase- Core Security Training Requirements Phase- Establish security requirements, create Quality Gates/Bug Bars, perform Privacy Risk assesments. Design Phase-Establish Design Requirements, perform Attack Surface Analysis/Reduction, use Threat Modeling Implementation Phase- Use approved tools, Deprecate unsafe functions perform static analysis Verification Phase- Perform Dynamic Analysis, Perform Fuzz Testing, Conduct Attack Surface Review Release Phase- Create an incident Response Plan, Conduct Final Security Review, Certify release and archive Response Phase- Execute Incident Response Plan Phase Activities Roles Tools Requirements - Establish Security Requirements -Create Quality Gates/Bug Bars -Perform Security and Privacy Risk Assessments -Project Managers -Security Analysts -Microsoft SDL Process Template for Visual Studio Team System - MSF-Agile + SDL Process Template Design -Establish Design Requirements -Perform Attack Surface...

Words: 2006 - Pages: 9

Premium Essay

Financial Analysis

...Financial Statement Analysis Apple Inc. Muhammad Khan DeVry University Class: Acct305: Intermediate Accounting III Professor: Jodi Krausman 02-10-2013 Table of Contents Scope 3 Profile 3 Taxes 4 Deferred Tax: 4 Temporary and Permanent Tax difference: 7 Provision for Income Tax Expense: 8 Carryforward and Carryback losses: 10 Defined Benefit Plan 10 Earnings per Share (EPS) 11 Share based compensation 13 Cash Flow Statement 14 Executive Summary 16 Works Cited 17 Scope The project aims at analyzing the financial statements of Apple inc for the two periods ending September 2011 and 2012. The project will focus on specific elements of the Income statement, Balance sheet and Cash flow statements. They include Taxes, Employee benefits plans, Earning per share, Share based compensation and Cash inflows and outflows, providing detail description on each of them from the two most recent financial statements. Profile “It’s not a fruit anymore” the phrase so commonly used on the internet, whether twitter or Facebook. It is world’s most valuable company according to Dave Carpenter. It is none other than the one of the most money making company in the world Apple Inc. Apple Inc., together with subsidiaries, designs, manufactures, and markets mobile communication and media devices, personal computers, and portable digital music players; and sells related software, services, peripherals, networking solutions, and third-party digital content and applications...

Words: 3920 - Pages: 16

Premium Essay

Define a Process for Gathering Information Pertaining to a Hipaa Compliance Audit

... • Privacy requirements • Security requirements • National identifier requirements 2. Name 3 factors used to determine whether you need to comply with HIPAA. a. Whether the health plan is self-insured or fully insured b. Whether the plan sponsor receives PHI or SHI c. How the plan sponsor utilizes SHI. 3. What are the three categories of entities affected by HIPAA Medical Privacy Regulations? • Health Care Providers: Any provider of medical or other health services, or supplies, who transmits any health information in electronic form in connection with a transaction for which standard requirements have been adopted. • Health Plans: Any individual or group plan that provides or pays the cost of health care. • Health Care Clearinghouses: A public or private entity that transforms health care transactions from one format to another. 4. What would Business Associates of covered entities consist of as it pertains to HIPAA’s regulation? HIPAA defines a business associate as an individual or corporate "person" that: • performs on behalf of the covered entity any function or activity involving the use or disclosure of protected health information (PHI); and • is not a member of the covered entity's workforce. 5. Who is covered by the Privacy Rule in HIPAA? Give some examples. • Health care providers who transmit any health information electronically in connection with certain transactions. • Health plans. • Health care clearinghouses ...

Words: 1062 - Pages: 5