Contents
CONTENTS 4
EXECUTIVE SUMMARY 6
RESPONSIBLE PERSONNEL 7
CHIEF SECURITY OFFICER 7
ELECTRONIC SECURITY MANAGER 7
PHYSICAL SECURITY MANAGER 7
RISK MANAGEMENT OFFICER 7
ASSESSMENT OF RISK 8
PHYSICAL 8
ELECTRONIC 9
DATA ACCESS SECURITY 10
GENERAL SECURITY 10
USER AUTHORISATION 10
USER AUTHENTICATION 11
SECURE DATABASE 11
PHYSICAL FILES 11
ELECTRONIC INTRUDER DETERRENCE – VIRUSES AND MALWARE 12
SOCIAL ENGINEERING 12
FILE SHARING 12
WIRELESS NETWORKS 13
STAFF VETTING AND SEPARATION PROCEDURES 13
GENERAL STATEMENT 13
STAFF SCREENING 13
SEPARATION PROCEDURES 13
PERSONNEL SECURITY 14
GENERAL STATEMENT 14
PASSIVE MONITORING 14
POSITIVE MONITORING 14
PHYSICAL SECURITY 15
GENERAL STATEMENT 15
AUTHORITY FOR
…show more content…
2) Electronic surveillance of premises by third party to gain confidential information, may include:
a) Wiretaps on telephones of key personnel
b) Electronic audio-recording equipment in key locations such as in boardrooms, or management offices
3) Access agents employed by outside entities to gain access to organisation and information repositories
a) Persons in the employ of an outside entity to infiltrate the organisation and gain access to confidential information.
4) Outside entity may recruit or subvert staff to gain information
a) Pressuring or enticing employees to provide information, or to facilitate electronic or physical access to that information for the benefit of the outside entity.
5) Material damage to physical documents and equipment resulting from fire or other unforseen occurrences e.g. earthquakes and other natural disasters.
6) Portable devices that are used by staff for convenience may be lost or stolen
a) Lax password security means that should these portable devices be lost or stolen the information stored on them is available to anyone who cares to view it.
Electronic
(Volonino & Robinson, 2005)
Electronic security is meant to guard databases and networks from unauthorised access and malicious or accidental damage. An instituted electronic security system prevents damage to information by intangible means such viruses, bugs, malware,
An electronic system is usually password protected which ensures only specific staff can access the information.
It’s the most important security feature and basic mean of authentication its important to set secure ungues sable password security is most critical means to protect a system a good password is always desireable not to be compromised the system
internal and external users to whom access to the organization’s network, data or other sensitive
* Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization
The purpose of the physical security is saved the information system. The automated information system is risky to use computers for everything. The treat of information system is attacking the communication or information components in order to control the infrastructure.
An effective information security program should include, periodic assessments of risk, including the magnitude of harm that could result from the unauthorized access, use, disclosure, disruption, modification, or destruction of information and information systems that support the operations and assets of the organization. Policies and procedures should be based on risk assessments, cost effective reduced information security risk, and it should ensure that the information security is addressed throughout the entire life cycle of each and every organizational information system. Subordinate plans for providing sufficient information security for groups of the information system, facilities, networks, or information systems.
For example a clerk will only be able to access a limited amount of information, such as inventory at each store. The limitations will be different for an accountant or the mangers. All information will be protected with several different layers of security. The first layers will be simple hardware protection for access to the network; from there the security will increase with password protection and restrictions to users. (Merkow & Breithaupt 2006)
The main goal of information security is to prevent the all network system from loss of confidentiality, integrity, and availability. All data and information transferred and stored on the DoD system will require encryption for protection of confidentiality.
Unauthorized access to LAN, LAN server operating systems software and applications vulnerabilities, compromise of confidentiality of data transmission via VLAN connection. Improperly secured wiring closets, data centers and computer rooms, Unauthorized access to systems, applications and data
Sunica Music and Movies, a local multimedia chain with four locations would like to switch to a centralized network to handle accounting and inventory as well as starting an Internet-based commerce site. The security policy overview shows the new setup will utilize four types of security policies. These polices have set goals that must be meet in order to achieve and maintain a successful transition.
We must have adequate arrangements and systems to ensure compliance with all of our obligations, and a written plan
This area of the Security Policy articulation presented is a report that all in all make up the Security Policy that administers the activities of the Campbell Computer Consulting and Technology Company. The security strategy covers the accompanying:
There were a number of factors that contributed to the breach, which had they been addressed or had corresponding mitigation responses in place, would have reduced the likelihood that the breach would have taken place, or at a minimum reduce the impact of the attack. These items range from policy related issues, technology implementations, and security management and maintenance. Although I believe a number of these areas were in the process of being addressed, based on the information gathered regarding the details of the incident, it appears that it was still in many areas insufficient and would not have prevented an incident even if there had been more time available to perform the implementations.
Users: This can include social engineering threats, misconfiguration of equipment, and inside threats where employees steal or leak information intentionally.
Answer: Information Security is the practice of defending (guiding) information by considering the CIA Triad Principles which are Confidentiality (Authorize access), Integrity (Accuracy and Completeness) and Availability.