Free Essay

Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan

In:

Submitted By DoubleDown
Words 380
Pages 2
Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan
In this security plan we will need to consider all 7 IT infrastructure domains when it comes to developing access controls for the network. Access controls for our facilities will have an appropriate entry system access control that will specify which area should be locked at all times. There will be secondary locks on equipment and storage cabinets within the facility to further secure specific pieces of equipment, such as a database server. Preventing social engineering policy will specify goals for stopping social engineering that will include employee training. Access controls for systems will limit access to those employees who have a legitimate need for that resource. Strong password policy will be in effect that will require you to change it often and you will need to have uppercase, lowercase, numeric and special characters. Application access controls will provide standard testing procedures for any third party application installed in the environment for security. Access controls for data will include data encryption on all sensitive data and enforcing the principle of lowest possible access. Access control for remote access will grant access to the VPN through a two stage authentication process that includes a strong password and a token device. All of these controls will be included in our organization-wide access control plan.
Now that we know what are access controls are, we will need procedures to implement all of our policies. All procedures will include detailed authentication, account management, password management, and remote access. We will also have access determination policies and systems to restrict unauthorized access. Procedures outlining specific steps for each process will be developed and utilized. Here are a few policies we will implement: Acceptable use, password, account management, and remote polices. Each policy will have procedures in place in order to implement them. Here is an example of an AUP: First, user fills out an access request form. Then, IT receives the form and passes it to the correct authority for approval. Then, the form is reviewed and authorization is granted or denied. Next, IT implements the access rights modification. Finally, after signoff, IT files the request in the user’s file to verify access and to provide information to an audit if required.

Similar Documents

Premium Essay

Informative

...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...

Words: 18421 - Pages: 74

Premium Essay

Wk 3 Lab

...Week 3 Lab Part 1: Web and Database Attacks & Malware and Malicious Software Learning Objectives and Outcomes Upon completing this lab, students will be able to: * Identify web application and web server backend database vulnerabilities as viable attack vectors * Develop an attack plan to compromise and exploit a web site using cross-site scripting (XSS) against sample vulnerable web applications * Conduct a manual Cross-site Scripting (XSS) attack against sample vulnerable web applications * Perform SQL injection attacks against sample vulnerable web applications with e-commerce data entry fields * Mitigate known web application and web server vulnerabilities with security countermeasures to eliminate risk from compromise and exploitation Overview This Lab will demonstrate a Cross-site Scripting (XSS) exploit and an SQL Injection attack on the test bed web application and web server using the Damn Vulnerable Web App (DVWA) loaded on an Apache Web Server on “TargetUbuntu01” Linux VM server. They will first identify the IP target host, identify known vulnerabilities and exploits, and then attack the web application and web server using XSS and an SQL Injection to exploit the web application using a web browser and some simple command strings. Assignment Requirements Watch the Demo Lab in Learning Space Unit 5 and then answer questions 1-10 below. Lab Assessment Questions & Answers 1. Why is it critical...

Words: 1054 - Pages: 5

Premium Essay

Unit 1 Assignment 1: Effects of Routing on Current Communication Methods Used by Organizations

...Graded Assignments The following sections contain student copies of the assignments. These must be distributed to students prior to the due dates for the assignments. Online students will have access to these documents in PDF format, which will be available for downloading at any time during the course. Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 11/04/2011 | All | New Curriculum | | December 2011 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- Graded Discussion/Assignment Requirements Discussion or Assignment Requirements documents provided below must be printed and distributed to students for guidance on completing the discussions and assignments and submitting them for grading. Instructors must remind students to retain all handouts and assignment documents issued in every unit, as well as student-prepared documentation and graded deliverables. Some or all these documents will be used repeatedly across different units. Unit 1 Assignment 1: Effects of Routing on Current Communication Methods Used by Organizations Learning Objectives and Outcomes * Explore the effects of routing on current communication methods used by organizations. Assignment Requirements The Johnson Company provides networking components and services. It sounds simple, but management knows it takes a lot of planning...

Words: 3601 - Pages: 15

Premium Essay

It- 3rd Year

...E-COMMERCE (TIT-501) UNIT I Introduction What is E-Commerce, Forces behind E-Commerce Industry Framework, Brief history of ECommerce, Inter Organizational E-Commerce Intra Organizational E-Commerce, and Consumer to Business Electronic Commerce, Architectural framework Network Infrastructure for E-Commerce Network Infrastructure for E-Commerce, Market forces behind I Way, Component of I way Access Equipment, Global Information Distribution Network, Broad band Telecommunication. UNIT-II Mobile Commerce Introduction to Mobile Commerce, Mobile Computing Application, Wireless Application Protocols, WAP Technology, Mobile Information Devices, Web Security Introduction to Web security, Firewalls & Transaction Security, Client Server Network, Emerging Client Server Security Threats, firewalls & Network Security. UNIT-III Encryption World Wide Web & Security, Encryption, Transaction security, Secret Key Encryption, Public Key Encryption, Virtual Private Network (VPM), Implementation Management Issues. UNIT - IV Electronic Payments Overview of Electronics payments, Digital Token based Electronics payment System, Smart Cards, Credit Card I Debit Card based EPS, Emerging financial Instruments, Home Banking, Online Banking. UNIT-V Net Commerce EDA, EDI Application in Business, Legal requirement in E -Commerce, Introduction to supply Chain Management, CRM, issues in Customer Relationship Management. References: 1. Greenstein and Feinman, “E-Commerce”, TMH 2. Ravi Kalakota, Andrew Whinston...

Words: 2913 - Pages: 12

Premium Essay

Strategic Change Management

...ACTIVITY | | Unit Name: | STRATEGIC CHANGE MANAGEMENT | Unit Number: | 03 | Credits: | 10 | Assessor: | Prof. Krishna Mohan .M | Internal Verifier: | | Aim: Strategic change impacts on the human resources structure of the organization and this often means a restructuring of the workforce or changes in working practices. Almost inevitably, change will generate resistance from some, particularly those who feel that the change will have no positive benefits for them. Other people may resist change simply because they prefer status quo. Organizations need to ensure that they have strategies in place to manage resistance to change and this should be part of the overall model that they adopt for managing the change. Once in place, progress towards change will need to be monitored. Strategic change management is most effective when an organization actively seeks the participation of all relevant stakeholders. A change management strategy will be effective only if it has the support of all stakeholders. If they are to have a sense of ownership, stakeholders need to have the opportunity to contribute to the development of the change strategy. Learners will develop an understanding of the models of strategic change and the role that stakeholders play in this process. They will then examine the need for change in a selected organization and plan the implementation of a model for change. Summary of learning outcomes To achieve this unit a learner must: 1 Understand...

Words: 2836 - Pages: 12

Premium Essay

Nt 1210

...TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments Introduction to Networking Syllabus Where Does This Course Belong? This course is required for the associate program in Network System Administration and the associate program in Electrical Engineering Technology. The following diagrams demonstrate how this course fits in each program. Associate Program in Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110 Computer Structure and Logic NT1210 Introduction to Networking NT1310 Physical Networking CO2520 Communications SP2750 Group Theories EN1420 Composition II EN1320 Composition I GS1140 Problem Solving Theory GS1145 Strategies for the Technical Professional MA1210 College Mathematics I MA1310 College Mathematics II Networking Technology Courses Programming...

Words: 4400 - Pages: 18

Premium Essay

Narsee Monjee Assignment Answer Sheets - 9901366442

...WE PROVIDE NMIMS – NARSEE MONJEE - PGDSCM, PGDMM, PGDFM, DGM, DSCM, DMM, DITM, DHRM, DFM, DBM, DBFM, ASSIGNMENT ANSWERS, ASSIGNMENT SOLUTIONS aravind.banakar@gmail.com http://www.mbacasestudyanswers.com ARAVIND - 09901366442 – 09902787224 SALES MANAGEMENT 1. Suppose you are Sales Manager (priority banking) in a Bank which deals with key account holders explain how you will? a. Recruit sales force b. Prepare the Job Description and Specification c. Design training program for them. (Marks 15) 2. Suppose you are Sales Manager in life insurance Company, managing team of fifteen sales executives. How you will use sales force automation to improve efficiency and effectiveness of sales operation? (Marks 15) Corporate Finance 1. Suppose, a prospective client who wants to invest certain amount of money comes to you but does not know anything about ‘Time Value of Money’. So, please explain to the person the concept of ‘Time Value of Money’ in detail. 2. A limited company is considering investing a project requiring a capital outlay of Rs. 2, 00,000. Forecast for annual income after depreciation but before tax is as follows : Year | Rs. | 1 | 1,00,000 | 2 | 1,00,000 | 3 | 80,000 | 4 | 80,000 | 5 | 40,000 | Depreciation may be taken as 20% on original cost taxation at 50% of net income. You are required to evaluate the project according to each of the following methods: a) Pay back method b) Rate of return on original investment method ...

Words: 2065 - Pages: 9

Premium Essay

Nt1210 Introduction to Networking Onsite Course

...TCP/IP models, LAN/WAN protocols, network devices and their functions, topologies and capabilities are discussed. Industry standards and the development of networking technologies are surveyed in conjunction with a basic awareness of software and hardware components used in typical networking and internetworking environments Introduction to Networking Syllabus Where Does This Course Belong? This course is required for the associate program in Network System Administration and the associate program in Electrical Engineering Technology. The following diagrams demonstrate how this course fits in each program. Associate Program in Network Systems Administration NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services NT2640 IP Networking PT2520 Database Concepts NT1330 Client-Server Networking II NT1230 Client-Server Networking I NT1430 Linux Networking PT1420 Introduction to Programming NT1110 Computer Structure and Logic NT1210 Introduction to Networking NT1310 Physical Networking CO2520 Communications SP2750 Group Theories EN1420 Composition II EN1320 Composition I GS1140 Problem Solving Theory GS1145 Strategies for the Technical Professional MA1210 College Mathematics I MA1310 College Mathematics II Networking Technology Courses Programming...

Words: 4400 - Pages: 18

Premium Essay

Km Startagies

...REPORT UNITED TECHNOLOGIES CORPORATION Lt Col Clyde M. Woltman, USMC June 2002 TABLE OF CONTENTS Table of Contents I Introduction ii Chapter 1…United Technologies Corporation The Sectors…Corporation Overview 1 Corporate Strategy, Culture, Environment 2 “Most Admired”…A UTC Legacy 2 Chapter 2…Pratt & Whitney Organization 3 Strategic Planning Process 3 Road Maps 4 Transformation 5 “The Great Engine War” 6 Leaness 7 ACE 8 Competition…Lessons Learned? 10 Chapter 3…Maintaining the Edge Leadership Challenge…Transforming Culture 14 Growth…The Key to the Future 14 “Re-inventing the Business” 15 Enterprise Resource Planning Initiative 16 Strategic Approach to Managing Human Resources 19 Employee Services 20 Chapter 4…For DoD Lean Thinking in DoD 22 Achieving Competitive Excellence in DoD 22 Outsourcing…”Keeping Our Core Competencies in House 23 Employee Education 23 Life After the Military Service…Improving the Odds 25 Adages of Human Resources 25 Bibliography 26 INTRODUCTION Assignment Overview I was assigned as a Secretary of Defense Corporate Fellow to Pratt & Whitney Corporation, one of the six principal Sectors of United Technologies Corporation (UTC). My initial assignment with Pratt was to the F135 Joint Strike Fighter (JSF) Engine Program at the Military Engines Division in East Hartford, Connecticut. Within the JSF...

Words: 12920 - Pages: 52

Premium Essay

Administrative Code

...effectiveness of the Government will be enhanced by a new Administrative Code which incorporates in a unified document the major structural, functional and procedural principles and rules of governance; and WHEREAS, a new Administrative Code will be of optimum benefit to the people and Government officers and employees as it embodies changes in administrative structures and procedures designed to serve the people; NOW, THEREFORE, I, CORAZON C. AQUINO, President of the Philippines, by the powers vested in me by the Constitution, do hereby promulgate the Administrative Code of 1987, as follows: INTRODUCTORY PROVISIONS SECTION 1. Title. — This “Administrative Code of 1987.” Act shall be known as the SECTION 2. General Terms Defined. — Unless the specific words of the text, or the context as a whole, or a particular statute, shall require a different meaning: (1) Government of the Republic of the Philippines refers to the corporate governmental entity through which the functions of government are exercised throughout the Philippines, including, save as the contrary appears from the context, the various arms through which political authority is made effective in the Philippines, whether pertaining to the autonomous regions, the provincial, city, municipal or barangay subdivisions or other forms of local government. (2) National Government refers to the entire machinery of...

Words: 111254 - Pages: 446

Premium Essay

Assignment

...(5532) Level: MBA Semester: Autumn, 2010 CHECKLIST This packet comprises the following material: 1) 2) 3) 4) 5) Note: Text book Assignments # 1 & 2 Course outlines Assignment 6 forms (2 sets) Assignment submission schedule In this packet, if you find anything missing out of the above-mentioned material, please contact at the address given below: The Mailing Officer Mailing Section, Block # 28 Allama Iqbal Open University, Sector H/8, Islamabad. Tel: (051) 9057611, 9057612 Mohammad Majid Mahmood Bagram Course Coordinator ALLAMA IQBAL OPEN UNIVERSITY, ISLAMABAD (Department of Business Administration) WARNING 1. 2. PLAGIARISM OR HIRING OF GHOST WRITER(S) FOR SOLVING THE ASSIGNMENT(S) WILL DEBAR THE STUDENT FROM AWARD OF DEGREE/CERTIFICATE, IF FOUND AT ANY STAGE. SUBMITTING ASSIGNMENTS BORROWED OR STOLEN FROM OTHER(S) AS ONE’S OWN WILL BE PENALIZED AS DEFINED IN “AIOU PLAGIARISM POLICY”. Course: Human Resource Management (5532) Level: MBA Semester: Autumn, 2010 Total Marks: 100 Pass Marks: 40 ASSIGNMENT No. 1 (Units: 1–4) Q. 1 Why HR is called the most important asset and competitive advantage of any organization in the world? (20) Your Solutions 2 Helping Material HR and Competitive Advantage In order to have an effective competitive strategy, the company must have one or more competitive advantage, factors that allow an organization to differentiate its product or service. Wal-Mart builds its low cost leader strategy on the dual competitive...

Words: 5443 - Pages: 22

Premium Essay

Mba Syllabus

...SRM UNIVERSITY (Under section 3 of UGC Act, 1956) FACULTY OF MANAGEMENT SCHOOL OF MANAGEMENT MBA FULL TIME CURRICULUM AND SYLLABUS - 2013-14 1 Code MB 13101 MB 13102 MB 13103 MB 13104 MB 13105 MB 13106 SRM University MBA - Revised Curriculum - 2013-14 Semester –I Thinking and Communication Skills (Practical) Accounting for Decision Making Philosophy for Management Economics for Managers Managerial Statistics Managerial Skills (Practical) Semester-II Financial Management Management Information System Marketing Human Resource Management Production And Operation Management Legal Aspects of Business Semester- III Summer Internship (8 weeks)(Practical) Entrepreneurship Strategic Management Business Analytics (Practical) Elective-1 Elective-2 Elective-3 Elective-4 Semester- IV Elective-5 Elective-6 Industrial Elective (Practical) Total Credit L 0 2 3 2 2 0 T 0 4 0 2 4 0 P 4 0 0 0 0 6 C 2 4 3 3 4 3 19 4 3 4 2 4 3 20 2 3 3 2 3 3 3 3 22 3 3 5 11 72 MB 13207 MB 13208 MB 13209 MB 13210 MB 13211 MB 13212 MB 13313 MB 13314 MB 13315 MB 13316 2 2 3 2 3 2 0 2 2 0 2 2 2 2 2 2 0 4 2 2 0 2 2 0 2 2 0 2 2 2 2 2 2 0 0 0 0 0 0 0 4 0 0 4 0 0 0 0 0 0 10 MB 13417 Functional Electives Marketing Finance Systems Human Resource Operations Vertical Electives Pharma Hospitality Enterprise Resource Planning Agriculture Hospital and Health Care Retailing Auto Industry Project Management Media and Communication Banking Financial Service Insurance   2 MB...

Words: 53231 - Pages: 213

Premium Essay

Financia Planning

...Thesis Statement The purpose of this assignment is to analyze the financial & business administration of Froedert Hospital to develop a draft action plan to improve the business of the organization. (Suzanne, 1993) Introduction Produce regular performance & financial plans is an essential component of planning & analytical work of the companies. Operational planning can reduce irrational use of funds of the company by the timely planning of business operations, inventory, financial flows & monitoring their actual implementation. Operational planning is still a weak point of business management of the U.S. health care organizations. About the Organization Froedtert Hospital is a 500-bed academic medical center containing workforce being provided by the staff of The Medical College of Wisconsin. The hospital has been honored with the prestigious Magnet title given by the U.S. Nurses. It works as an eastern Wisconsin recommendation center for higher remedial practice care consisting of thirty seven areas of expertise & subspecialties. (Suzanne, 1993) Objectives of Strategic & Financial Planning The conservative function of strategic & financial planning has to be included into a shared procedure for the implementation of constructive initiated strategy. The usually followed objectives of the strategic process of planning are given below: 1. Expand & execute a strategic plan to facilitate the company’s vision, mission...

Words: 1621 - Pages: 7

Premium Essay

Richdash

...|ELECTRONIC BUSINESS | | | |STUDY GUIDE FOR | |INYM 225 MEC | |*INYM225MEC* | |FACULTY OF COMMERCE AND ADMINISTRATION | |MAFIKENG CAMPUS | Study guide compiled by: Ms S.T. Nthutang Instructional Design by Mrs Annelize Cronje,Senior Academic Development Advisor, ADC Page layout by Roxanne Bremner, Academic Development Centre Printing arrangements and distribution by Department Logistics (Distribution Centre). Printed by Nashua Digidoc Centre (018) 299 2827 Copyright ( 2014 edition. Date of revision 2016. North-West University, Mafikeng Campus. No part of this book may be reproduced in any form or by any means without written permission from the publisher TABLE OF CONTENTS Module information vii Study guide title: Electronic Business vii Module qualification:...

Words: 8803 - Pages: 36

Premium Essay

Kayworth and Whitten 2010 Misqe

...Effective Information Security Requires a Balance of Social and Technology Factors EffEctivE information SEcurity rEquirES MIS Uarterly a BalancE of Social and tEchnology xecutive factorS1,2 Q E Tim Kayworth Baylor University (U.S.) Dwayne Whitten Texas A&M University (U.S.) Executive Summary 2 Industry experts have called for organizations to be more strategic in their approach to information security, yet it has not been clear what such an approach looks like in practice or how firms actually achieve this. To address this issue, we interviewed 21 information security executives from 11 organizations. Our results suggest that a strategically focused information security strategy encompasses not only IT products and solutions but also organizational integration and social alignment mechanisms. Together, these form a framework for a socio-technical approach to information security that achieves three objectives: balancing the need to secure information assets against the need to enable the business, maintaining compliance, and ensuring cultural fit. The article describes these objectives and the security alignment mechanisms needed to achieve them and concludes with guidelines that can be applied to ensure effective information security management in different organizational settings. INFORMATION SECURITY HAS BECOME A STRATEGIC ISSUE Information security continues to be a major concern among corporate executives. The threat of terrorism,...

Words: 7959 - Pages: 32