Proper Security Practices for Universities Essay

As we all know people are where we see the biggest problems in security breaches and problems on any computer or network system. People need to understand what they are allowed and not allowed to do, this is where policies, procedures, and training come in to play.

Whitman,M.E., & Mattord, H. J. (2010). Management of information security(3rded.). Boston, MA: Course Technology/Cengage Learning

The first thought that comes to mind when a data breach occurs at a higher education institution is that a student hacked into the university or college network in order to make changes to their information, such as grades. Fortunately, that has not been the case in recent cyber attacks. Hackers see higher education systems as a gold mine because students’ personal identifiable information (PII) is stored in the platforms utilized by the universities. Cyber threats have fluctuated each year at many universities. Harman (2016) stated that there are increased incidents of spear phishing, where hackers send personalized, legitimate e-mails that include harmful links or attachments. A great deal of student’s data is stored within the

This analysis discusses some issues and requirements to correct these issues that are outlined in the Turn Key University (TKU) data breach case study. In addition to these issues and requirements, some applicable laws will be discussed and some controls will be suggested for implementation.

P4 explanation of the policies and procedures used by the college for managing it security issues

During this course there have been a number of key learning points that would help every organization protect itself from a cyber-event. These include password management, patch management, security policies, encryption, and user training. In each of the cyber security breaches one or more of these standard security protocols were not used.

As such, our company’s people resources pose the greatest risk for security breach. Our way to help mitigate risk in this area is to keep communication lines open in this area and to continually mandate security knowledge training, with mandatory updates on a regular basis. When the employees are informed of company policy when facing a security matter, they are better equipped to act in the best or right way. In this way knowledge is power – or at least empowerment to act in the best interest of the company’s information security.

This paper will present a report that will assist with determining the controls required to implement to ensure that data are secure for the Northcentral University. This paper will summarize the security breaches of the Target Store Corporation over the previous year and make recommendations in the form of information technology security best practices to strengthen the University’s infrastructure.

1. Model an attack by a remote user accessing the university network via the Internet. Explore attack vectors and attackers’ goals.

14. How can the practice of information security be described as both an art and a science? How does security

As another security examiner at Aim Higher College I was given the undertaking to decide the main three dangers that the College faces. Consistently innovation is actualized in numerous associations. This innovation may settle past vulnerabilities or even make new one. Programmers may misuse this known powerlessness to access basic information or cause hurt in the system. This new technology may fix previous vulnerabilities or even create new one. Hackers may exploit this known vulnerability to gain access to critical data or cause harm in the network.

Forty-three percent of in-house members of organization were accountable for data loss. Twenty-two percent was intentional data loss. Twenty-one percent was accidental according to Intel Security (http://www.mcafee.com). The forty-three percent is the people factor in information security systems. People are the problem and the solution. In the discussion I will state how people are the weakest link in information security system through social engineering. First, I will define social engineering. People have been victims of social engineer throughout time. The first case of social engineering could be argued was the “Trojan Horse” in ancient times in the Trojan War circa 800 B.C.E. according to Homer’s Iliad (www.ancient.eu) or Kublai Khan’s invasion of China in 1275 A.D to today’s wire fraud emails. This paper will focus on social engineering and remedies for social engineering.

Technology has grown tremendously over the past few decades. Everyday businesses, governments, and everyday people rely on technology for things from banking to communicating with loved ones and business associates. Disrupting this technology can cause major losses monetarily and in the sense of information. According to Information Security Curriculum Creation: A Case Study, “A survey of undergraduate degree programs in Computer Science, Information Technology, Management Information Science, and others show a lack of emphasis on security issues in their curriculum.” There is a strong need to secure and protect information for many, many reasons and as such it is important that an undergraduate curriculum provides a comprehensive approach to teaching information security concepts to its students.

Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. The purpose of the Information Security Policy Framework is to insure your organization will be able to provide the minimum security level necessary to maintain confidentiality, integrity, and availability of the information it collects and uses.

A threat agent is the facilitator of an attack however; a threat is a constant danger to an asset.