Portfolio Project
Michael Harker
ITS350-1 Information Systems and Security
Colorado State University Global Campus
Dr. Elliott Lynn
09/01/2013
Summary and Explanation of Proposals
In order for ZXY Inc. to make sure that their entire organization is secure, some proposals have been put into place to protect the company. The company needs to make sure that the network, their employee’s, company devices, and communications are secure from the outside world. The proposals that have been put into place cover such areas as: access control methods, authentication, user’s accounts and passwords, cryptography, remote access, network attack mitigation, malware and device vulnerabilities, and web and e-mail attack mitigation. These proposals
…show more content…
Access control is used in determining whether or not to grant or deny access to these resources or services to an employee, group of employees or to an entire department. There are four commonly used types of access control methods; however for a smaller company without many employees at this point in time Discretionary Access Control (DAC) would be good starting point for ZXY Inc. Discretionary access control allows the owner of the service or resource to determine who is granted and who is denied access to certain resources. The owner of each resource and service will be given full authority on granting and denying permissions over what they have ownership of. ZXY Inc. does need to make sure that it does not make just one employee the owner of every resource and service. This is done in order to make sure that one potential bad employee doesn't harm the entire company’s information security network with malicious acts. In regards to user accounts and passwords, a few steps should be taken in order to safeguard company information and protect company data. Each individual employee should be given a unique username that will be used as part of the employee's network log on. Each unique username will then be used by the IT department and DAC owner's in order to grant and/or deny permission's. By having unique user names for each employee, the owners
When deciding how to grant access to users, the main concept is limiting access. Users should be granted only based on level of permissions they need in order to perform their job duties. By placing users into groups according to their job titles in an organization, this will provide these users access to company information and resources in the network. These group assignments will allow an organization to give users only what they need to complete their job tasks and ensure that unauthorized access is limited.
Ever since day one, people have been developing and creating all sorts of new methods and machines to help better everyday life in one way or another. Who can forget the invention of the ever-wondrous telephone? And we can’t forget how innovative and life-changing computers have been. However, while all machines have their positive uses, there can also be many negatives depending on how one uses said machines, wiretapping in on phone conversations, using spyware to quietly survey every keystroke and click one makes, and many other methods of unwanted snooping have arisen. As a result, laws have been made to make sure these negative uses are not taken advantage of by anyone. But because of how often technology changes, how can it be
policy (AUP) to define what each user can and cannot do with any company data that he or she has access to. Also,
To establish a framework to maintain the security, integrity and availability of ABC 's information assets
An employee’s supervisor must request for role-based access to e-PHI using the employee’s job descriptions. IT Department provides restricted role-based access to a client’s network environment/e-PHI and reviews audit logs and information systems activities as needed to monitor the appropriate workforce member is logging into the client environment at any given time.
The information age is the age we live in today, hence we must make sure that the use of the information readily available to many people is not abused. There are many different types of security threats to the average person, business or even government. The risks faced by individuals and entities are rising, thus measures to avoid these privacy and security breaches would be discussed accordingly assisting and allowing firms to remain, fraud free and protected.
Managing Network Access control, you can rely on experts working together to obtain proactive management, in the propagation of mobile devices, revenue and productivity can rise but can be endangered to risks. Network access control purpose is to control who and has authorized permission to access applications and resources used in hospitals. With the number of medical staff, patients, guests that are increasing in the healthcare facilities, we want to maintain and enforce the appropriate level of access control.
I have taken the following from the BMA's Confidentiality and Disclosure of Health Information Tool Kit which appears to have no publication date.
Everyday items can prove to be the most simplistic way of security. Whether it be small or large mass does not play a role. Security has a different role to everyone. It is a way of organization or a way to release emotion. Our security blanket consists of: Calendars, Pens and Pencils.
Speaking of life’s experiences, there was one night on Security 8 that became something that would haunt me the rest of my life. Security 8 was an entry control point to the Elephant Cage area. The Elephant Cage measured about 850 feet wide by 100 feet high and contained a circular arrangement of antennas. The antennas could locate signals thousands of miles away with an accuracy of three degrees or better. The 6922 Electronic Security Squadron operated the elephant cage, which was used to gather intelligence during the Cold War. Just in case you wondered, there were no elephants housed there while I was at Clark.
created by applying security safeguards deal with the to security helplessness and dangers recognized by the association. A safeguard is just a component or part of the security framework. Safeguards can be seen in two fundamental classifications of physical Safeguards psychological safeguards Although one can separate amongst psychological and physical control, most physical controls additionally give a component of psychological
As a result of 9/11, our country has been faced with a new issue: electronic privacy. The terrorists that attacked us used our own technology against us to protect their activities from our view. Because of this, we are now forced to make a decision between two desirable things: privacy and national security. On the one hand, our right to privacy will ensure that our personal rights are not violated, whereas, on the other hand, national security would allow us some comfort against the evil in the world. What are we supposed to do? This issue, however it is decided, will have tremendous impact on each and every one of our lives. The ruling that the government makes concerning this issue will greatly alter the
In today’s world technology has evolved to the point where a large amount of information is stored in cyberspace. It is because of this type of storage people around the world have an easier time at accessing information than ever before. The time before the late 20th century gathering information was long and tedious to get a book that the library did not own would take at least a couple of weeks depending on the time period or it may not have been possible to obtain that book. But now people can access a vast amount of information in a matter of minutes. Example, in modern times if someone wanted to know about a different culture they could simple look up the information on a computer or any device that had access to
Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.
A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset.