Kaplan University
IT286
Unit 9
Jennifer Polisano
To: Mr. Ross, CISCO Web Site 101 West Branch, IN 55545
From: XXX Security Consulting, Inc.
Mr. Ross,
As we discussed previously, this document includes our recommendations for just a few of the security policies that would be useful for your organization. These recommendations are written in a form that will be approved by you and your management and are intended to demonstrate what is needed, not how the policies will be implemented. Procedural documents which will provide step-by-step directions on the implementation of the policies will follow the approval. Due to the time restraint and the increasing focus on vulnerabilities in your security structure, this document only covers four of the areas that will eventually have written security policies. Please be aware that the information contained in this documents is confidential and should not be circulated to anyone who does not have a security position with your organization. Based on our assessment, these four areas will require security policy approval:
I. Authentication
Authentication – the use of a system to allow user’s access to a computer or network based on three factors: something you know, something you have and something you are.
Purpose: A process used to identify someone or something and determine, if they/ it are who they have declared themselves to be. This allows users the access to the files they are meant to have and no
Identification is the means through which a user is associated with and gains access to an account. The most common form of identification in use with computer systems is through the use of a username. Other systems use Common Access Cards (CAC), smart cards, or tokens combined with a pin code that allow for access to a system. More complex, high security systems might use some form of biometric to associate a user with an account and permission set. Biometrics include: fingerprint, iris scan, facial scan etc.. something that is unique to the particular person that cannot be easily altered. Identification allows for the tracking
The authentication process is a necessity for safeguarding systems against various forms of security threats, such as password-cracking tools, brute-force or wordbook attacks, abuse of system access rights, impersonation of attested users, and last but not least reply attacks just to name a
The process of confirming a user's identity, usually by requiring the user to supply some sort of token, such as a password, certificate, or ___________ .
30. What is the process of confirming a user’s identity by using a known value, such as a password, pin number on a smart card, or user’s fingerprint or handprint in the case of biometric authentication? Authentication
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
Another step involves security checks upon implementation and describes agency-level threat to the business scenario or the mission. It similarly entails sanctioning the information system for processing and lastly constant monitoring of the security controls. FISMA and NIST's standards are aimed at offering the ways for agencies to achieve their identified missions with safety commensurate with the threat (United States Department of Agriculture, 2015). Together with guidelines from the Office of Management and Budget (OMB), FISMA and NIST create a framework for advancing and growing an information security scheme (SecureIT, 2008). Such framework includes control descriptions and evaluation, program development, and system certification and accreditation. The final objective involves conducting daily functioning of the agency and achieving the agency's articulated objectives with sufficient security commensurate with risk.
Due in Week Seven: Outline the Access Control Policy. Describe how access control methodologies work to secure information systems
As Figure 2 displays, companies are already taking measures to implement security controls for the security risks mentioned above. As daunting as the security risks mentioned before may seem they can be managed and controlled effectively. Although, implementing these security controls will take time and is costly for companies to do.
This policy establishes the guidelines that the organization follows. This would include an acceptable use policy, an authentication policy, and an incident response policy (“The IT Security Policy Guide”, n.d., pg. 6). This policy will reflect the entire organizations security posture, not just the IT department ideas. A strong policy will help employees understand what is expected of them, and explain to customers how their information is protected.
Employees must be trained to security policy and procedures with periodic assessments on the effectiveness of these policies and procedures. Physical and authorized access is required to be limited. Policies should include proper use of and access to workstations and electronic media as well as the transfer, removal, disposal,
* Discuss three (3) security concerns of corporations in the U.S. Next, analyze the overall manner in which you would use security analysis to identify levels of concern and propose one (1) strategy to mitigate the concerns in question. Provide a rationale to support your response.
User authentication is the process of verifying claimed identity. Conventionally, user authentication is classified into three different classes:
The guidelines of NIST 800-30 lay out a step-by-step process on how to ensure security measures for an organization. This very publication addresses information
Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets. A framework is the outline from which a more detailed blueprint evolves. The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies. The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years. The blueprint is used to plan the tasks to be accomplished and the order in which
ways to access the data of the other person. It is very important to verify the true identity of the person