...Delores Patton Intro to Security 1-27-14 Unit 5 Assignment 2 Define and Acceptable Use Policy(AUP) An acceptable use policy (AUP) is the policy that companies used to ensure that a user must agree to follow in order to be provided with access to a network or to the Internet. LAN-to- WAN is when the network system links to a wide area network and internet. Security Administrators should monitor what users are accessing on the network, setup firewalls, apply antiviruses to identify unknown files and emails, disable pinging, probing, and port scanning on all exterior devices, and denial of outbound traffic using source IP addresses. Web Surfing is accessing the internet using different web browsers. As a Security Administrator, you should apply domain-name content filtering at the internet entry/access point. By doing this, employees might not be able to surf certain web sites on the internet. The advantage of not having access to the internet is that it could prevent the network from getting viruses and the employees will only be allowed to use the company accounts to send out emails to customers. The disadvantage of this is what if an employee is trying to assist a customer by answering a question that they need to access the internet to answer. As Richman Investment employees, guidelines to usage of email are covered under email usage policy. The following traffic is not allowed: No peer-to-peer file sharing or externally reachable file transfer protocol...
Words: 379 - Pages: 2
...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...Unit 5 Assignment 2: Define an Acceptable Use Policy(AUP) LAN-WAN is where the IT Infrastructure links to a wide area network and internet. * Monitoring software and controls for possible intrusion * Apply a email server antivirus (also applies for attachments). * Disable port scanning and pinging for exterior devices. * Denial of outbound traffic using source IP addresses. * File transfer monitoring Web Surfing and the Usage of the internet * Apply a domain-name content filter at internet access points * Employees will possibly lose productivity while searching the web for non-work related material(Facebook, YouTube, etc). The possible cons of putting a limitation on web surfing is that employees may lack the tools necessary to find information. Certain filters would be applied to where everyone will not be able to use certain sites that may prove useful to them. For example if they receive a call from a customer regarding something they have no access to looking up. They will not be able to provide an answer to satisfy the consumer. One the other hand, it could prevent a loss of productivities from employees using social media sites such as Facebook, and Myspace. It could also help to prevent possible virus and malware infections. Usage of email are covered in the email usage policy Richman Inv. Employees: * No peer-to-peer file sharing or externally reachable file transfer protocol servers * No downloading executables from known software...
Words: 337 - Pages: 2
...information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies for Web Applications & Social Networking IS316 Fundamentals of Network Security Firewalls & VPNs IS317 Hacker Techniques Tools & Incident Handling EC311 Introduction to Project Management IT250 Linux operating System CNS Program Prerequisites: ment 300 Level IT320 WAN Technology &...
Words: 4114 - Pages: 17
...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...
Words: 18421 - Pages: 74
...Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems IS308 Security Strategies for Web Applications & Social Networking IS316 Fundamentals of Network Security Firewalls & VPNs IS317 Hacker Techniques Tools & Incident Handling EC311 Introduction to Project Management IT250 Linux operating System ment CNS Program Prerequisites: ©ITT Educational Services, Inc. Date: 10/25/2010 Introduction to Information...
Words: 4296 - Pages: 18
...Appraisals Disciplinary Action Notification of Absences Use of Telephones and E-mail Change of Address and Telephone Number Accidents and Safety Personal Property Dress Standards for Employees Employee Organizations Credit Unions Charitable Contributions Political Activity Publications III IMPORTANT POLICIES Equal Employment Opportunity Statement Nondiscrimination Statement Ethics Policy Office of the Inspector General - Hot Line Whistleblower Protection Policy Health and Safety Policy Attendance Policy Drug, Alcohol and Tobacco-Free Workplace Policy Workplace Violence Prevention Policy Sexual Harassment Policy Confidentiality and Non-Retaliation Child Abuse Reporting Policy Fingerprint Policy …………………………………………..14 …………………………………………..14 …………………………………………..15 …………………………………………..16 …………………………………………..16 …………………………………………..16 …………………………………………..16 …………………………………………..17 …………………………………………..18 …………………………………………..18 …………………………………………..20 …………………………………………..20 …………………………………………..20 2 ……………………………………………5 ……………………………………………6 ……………………………………………6 ……………………………………………7 ……………………………………………8 ……………………………………………8 ……………………………………………9 ……………………………………………9 …………………………………………..10 …………………………………………..10 …………………………………………..10 …………………………………………..11 …………………………………………..11 …………………………………………..11 …………………………………………..11 …………………………………………..12 …………………………………………..13 …………………………………………..13 …………………………………………..13 Acceptable Use Policy for the Internet Information Protection Policy IV …………………………………………..21 …………………………………………..21 THE PERSONNEL...
Words: 15281 - Pages: 62
...Introduction of the purpose and importance of risk management Risk management planning is a critical and often overlooked process on every project. Allowing for the proper amount of risk planning in your project schedule can mean the difference between project success and project failure when those potential risks become real issues. The plan is only the output of the process. It details how the process will be implemented, monitored, and controlled through the life of this project. It details how the group will manage risks but doesn’t attempt to define the responses to individual risks. Risks come about for many reasons, some are internal to the project, and some are external such as but not limited to the project environment, the management process, planning process, inadequate resources, and other unforseen instances that can contribute to risk. Risks associated with the project generally concern the objectives, which turn to impact time, cost, or quality, or combination of those three things. Risk management provides assurance that an organization can create and implement an effective plan to prevent losses or reduce the impact if the a loss occurs. A good plan includes strategies and techniques for recognizing and confronting the threats, solutions for both preventing and solving the situation and indicates financial opportunities. An effective risk management practice does not terminate risks. However, an effective and operational risk management practice demonstrates...
Words: 3711 - Pages: 15
...Securing Information Systems LEARNING OBJECTIVES C H A P T E R 7 STUDENT LEARNING OBJECTIVES After completing this chapter, you will be able to answer the following questions: 1. Why are information systems vulnerable to destruction, error, and abuse? What is the business value of security and control? What are the components of an organizational framework for security and control? What are the most important tools and technologies for safeguarding information resources? 2. 3. 4. ISBN 1-256-42913-9 232 Essentials of MIS, Ninth Edition, by Kenneth C. Laudon and Jane P. Laudon. Published by Prentice Hall. Copyright © 2011 by Pearson Education, Inc. C HAPTER O UTLINE Chapter-Opening Case: Boston Celtics Score Big Points Against Spyware 7.1 System Vulnerability and Abuse 7.2 Business Value of Security and Control 7.3 Establishing a Framework for Security and Control 7.4 Technologies and Tools for Protecting Information Resources 7.5 Hands-on MIS Projects Business Problem-Solving Case: Are We Ready for Cyberwarfare? BOSTON CELTICS SCORE BIG POINTS AGAINST SPYWARE While the Boston Celtics were fighting for a spot in the playoffs several years ago, another fierce battle was being waged by its information systems. Jay Wessel, the team’s vice president of technology, was trying to score points against computer spyware. Wessel and his IT staff manage about 100 laptops issued to coaches and scouts, and sales, marketing, and finance employees, and these...
Words: 21009 - Pages: 85
...PROPOSALS FOR INFORMATION SECURITY ASSESSMENT SERVICES (ISAS) RFP NUMBER: 427.04-107-08 |CONTENTS | |SECTION | | |1 |INTRODUCTION……………………………………………………………………………….3 | |2 |RFP SCHEDULE OF EVENTS………………………………………………………………..................................6 | |3 |PROPOSAL REQUIREMENTS………………………………………………………………7 | |4 |GENERAL REQUIREMENTS & CONTRACTING INFORMATION………………….…..9 | |5 |PROPOSAL EVALUATION & CONTRACT AWARD…………………………………....13 | | | |RFP ATTACHMENTS: | | |6.1 |Pro Forma Contract ...
Words: 40549 - Pages: 163
...intruder. Limiting the flow of information from the resources of a system to only the authorized persons or systems in the network. See ACE. access control Access Control Entry access control list See ACL. access device access layer Access Method Hardware component used in your signaling controller system: access server or mux. The point at which local end users are allowed into the network. 1.) Generally, the way in which network devices access the network medium. 2.) Software within an SNA processor that controls the flow of information through a network. Defines access rights and privileges for the network users. The access policy should provide guidelines for connecting external networks, connecting devices to a network, and adding new software to systems. The remote computer system which connects a personal computer to the Internet. Access Virtual Private Network. A Virtual Private Network (VPN) that provides remote access to a corporate intranet or extranet over a shared infrastructure with the same policies as a private network. Access VPNs encompass analog, dial, ISDN, Digital Subscriber Line (DSL), mobile IP, and cable technologies to securely connect mobile users, telecommuters, or branch offices. The action of recording what a...
Words: 23221 - Pages: 93
...[registered] trademarks of their respective owners. The mention of a product or company does not in itself constitute an endorsement. The articles, documents, publications, presentations, and white papers referenced and used to compile this manual are copyright protected by the original authors. Please give credit where it is due and obtain permission to use these. All material contained has been used with permission from the original author(s) or representing agent/organization. ii T eofContent abl 1.0 INTRODUCTION........................................................................................................................................................... 2 1.1 BASIC INTERNET TECHNICAL DETAILS ........................................................................................................................ 2 1.1.1 TCP/IP : Transmission Control Protocol/Internet Protocol ............................................................................ 2 1.1.2 UDP:User Datagram Protocol............................................................................................................................ 2 1.1.3 Internet Addressing ............................................................................................................................................. 3 1.1.4 Types of Connections...
Words: 134858 - Pages: 540
...retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Printed in the United States of America First Printing August 2010 Library of Congress Cataloging-in-Publication data is on file. ISBN-13: 978-1-58720-283-4 ISBN-10: 1-58720-283-2 Warning and Disclaimer This book is designed to provide information about top-down network design. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The author, Cisco Press, and Cisco Systems, Inc. shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Cisco Systems, Inc. Trademark Acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. Cisco Press or Cisco Systems, Inc., cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark. iii Corporate and...
Words: 79785 - Pages: 320
...between local and national sales channels. poorly managed sales channels. outdated information systems. decreasing ticket sales. Difficulty: Medium Reference: p. 3 Answer: d 2. The six important business objectives of information technology are new products, services, and business models; customer and supplier intimacy; survival; competitive advantage, operational excellence, and: a. b. c. d. improved flexibility. improved decision making. improved business practices. improved efficiency. Difficulty: Easy Reference: p. 6 Answer: b 3. Dell Computer's use of information systems to improve efficiency and implement "mass customization" techniques to maintain consistent profitability and an industry lead illustrates which business objective? a. b. c. d. Improved flexibility Improved business practices Competitive advantage Survival Difficulty: Hard Reference: p. 8 Answer: c 4. The use of information systems because of necessity is: a. b. c. d. survival improved business practices competitive advantage improved flexibility Difficulty: Medium Reference: p. 9 Answer: a 5. (Analysis) Which of the following choices may lead to competitive advantage (1) new products, services, and business models; (2) charging less for superior products; (3) responding to customers in real-time? a. b. c. d. 1 only 1 and 2 2 and 3 1, 2, and 3 Difficulty: Hard Reference: p. 8 Answer: d Analysis in terms of compare 6. Verizon's implementation of a Web-based digital dashboard to provide managers with realtime...
Words: 34754 - Pages: 140
...21ST CENTURY ACADEMIC FORUM CONFERENCE AT HARVARD MARCH 8 - 10, 2015 MARTIN CONFERENCE CENTER HARVARD UNIVERSITY BOSTON, MA USA Teaching, Learning, and Research in the “Just Google It” Age CONFERENCE PROCEEDING VOL. 5, NO.1 ISSN: 2330-1236 Table of Contents Authors Paper Title Page Maryam Abdu Investigating Capital Structure Decisions and Its Effect on the Nigerian Capital Market 1 Norsuhaily Abu Bakar Rahimah Embong Ibrahim Mamat Ruzilawati Abu Bakar Idris Abd. Hamid Holistically Integraded Curriculum: Implications for Personality Development 16 Sandra Ajaps Geography Education in the Google age: A Case Study of Nsukka Local Government Area of Nigeria 30 Helen Afang Andow Impact of Banking Reforms on Service Delivery in the Nigerian Banking Sector 45 Billy Batlegang Green IT Curriculum: A Mechanism For Sustainable Development 59 Rozeta Biçaku-Çekrezi Student Perception of Classroom Management and Productive Techniques in Teaching 74 Thomas J.P.Brady Developing Digital Literacy in Teachers and Students 91 Lorenzo Cherubini Ontario (Canada) Education Provincial Policy: Aboriginal Student Learning 101 Jennifer Dahmen Natascha Compes Just Google It?! But at What Price? Teaching Pro-Environmental Behaviour for Smart and Energy-Efficient Use of Information and Communication Technologies 119 Marion Engin Senem Donanci Using iPads in a dialogic classroom: Mutually exclusive or naturally compatible? 132 Nahed Ghazzoul Teaching and Learning in the Age...
Words: 236613 - Pages: 947