Assignment 2: Security Planning
Environment:
In 1969, the internet was first created on a university campus. In the beginning, it was created as a means of communication. As the internet evolved, it became more than just a means of communication. As a repercussion, it also became a target for the criminals. While most of the government agencies and corporations adapted to the security threat, the university campuses have not been able to incorporate information system security as part of their network completely. The University of Michigan-Dearborn has about 9,308 students. While it is not a big campus, it has a respectable number of students from an information security perspective. Everyday, there is a large number of students access the university network. The university network is used as a mean of communication, resource sharing, file sharing, storing students and faculty information.
The university of Michigan-Dearborn has a secure Information environment. I am not aware of any security breach that occurred at our campus. This indicates that Information Technology (IT) department has taken enough security measures and being proactive about any threats. Protecting the university network and information is an important task that has to be taken very seriously, as the university database contain sensitive information such as students’ records, staff records, alumni information, infrastructure, and physical security information. These electronic data should only
Outline current legislation, guidelines, policies and procedures within own uk home nation affecting the safeguarding of children and young people?
Describe the roles of different agencies involved in the safeguarding the welfare of children and young people.
This analysis discusses some issues and requirements to correct these issues that are outlined in the Turn Key University (TKU) data breach case study. In addition to these issues and requirements, some applicable laws will be discussed and some controls will be suggested for implementation.
C1 Procedures play a huge role in the safeguarding of children within the setting. The EYP is expected to know all procedures that are set out within their own setting. One procedure is ‘critical incidents’. For example, in my own placement we have access to a wide outdoor space as it is located within the country side. This means procedures that require us to exit and stay far away from the building such as a fire drill, are easy to accomplish due to the wide outdoor space.
Safeguarding - is to protect all the children against abuse, maltreatment, neglect, unfair treatment and violence.
Most babies cry when they receive their first set of vaccines. Mothers know that they must go through this to ensure a healthy future. Like a vaccine the development and execution of a good security policy will help prevent danger and intrusion later. Being one step ahead of the virus is half the battle; it’s the development and implementation that will essentially win the war.
In Case study number one (Dhillon, 2007), Stellar University(SU), which is public education institution, had a system breach in its Information Systems(IS). The IS of SU contained many types of IT such as Mainframe, AS400, Linux, VAX, Unix, AIX, Windows(3.1 and up to 2003), Apple, RISC boxes Storage Area Networks(SAN), Network Attached Storage(NAS) and much more. Sadly, SU has had a security breach on some of its systems. Even though everything was fixed but there are issues that need to be discussed about this breach. The first issue is adequacy of organization's long-term counter attack actions. The second issue is helpfulness of immediate counter attack actions. Hopefully, the discussion will be concise and to the point.
Identify what you see as the main purpose of security management and discuss what is meant by the statement that ‘security measures must be commensurate with the threat’.
Technology has grown tremendously over the past few decades. Everyday businesses, governments, and everyday people rely on technology for things from banking to communicating with loved ones and business associates. Disrupting this technology can cause major losses monetarily and in the sense of information. According to Information Security Curriculum Creation: A Case Study, “A survey of undergraduate degree programs in Computer Science, Information Technology, Management Information Science, and others show a lack of emphasis on security issues in their curriculum.” There is a strong need to secure and protect information for many, many reasons and as such it is important that an undergraduate curriculum provides a comprehensive approach to teaching information security concepts to its students.
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.
Customer Needs- Security systems are required by people to0 keep their homes safe, it gives them a sense of safety for their personal belongings, when they are away from their home.
Safety of information is the most valuable asset in any organization particular those who provide financial service to others. Threats can come from a variety of sources such as human threats, natural disasters and technical threats. By identifying the potential threats to the network, security measure can be taken to combat these threats, eliminate them or reduce the likelihood and impact if they should occur.
The purpose for an IT security policy is to provide “strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure” ("Cyberspace policy RevIew", 2016).
The intent of this security proposal is to ensure the ongoing protection and data security for a government agency's data center. Security and access privileges will be defined at the role and department levels, with added authentication for system administrators and members of the IT staff. Role-based access to this government facility will be tracked continually and reported using real-time log reporting and analysis (Amsel, 1988). This role-based approach to managing security will provide for inclusion of authentication, detection and deterrence in the areas of social engineering, firewalls, Virtual Private Networks (VPNs), authentication, security protocols and vulnerability assessments.