The Center for Internet Security (CIS) Critical Security Controls (CSC) will provide a starting point for security controls and procedures not in place. The first CSC covers consistently managing (inventorying, tracking, correcting) all hardware devices on the organizations network making sure that only authorized devices have access. Unauthorized devices must be found or detected and prevented from gaining access to the network. A malicious person could take advantage of a workstation which had not been on the network for an extended period of time due to the workstation missing crucial security updates. Devices do not need to be directly connected to the external network in order them to be compromised. Once internal access to the …show more content…
Once the device would be introduced to the network it would immediately be vulnerable to remotely executed critical vulnerabilities. Our device baseline images should be updated and validated on a regular basis to update their security configuration according to current best practices.
The forth CSC covers continuously scanning devices for vulnerabilities and actively remediating those vulnerabilities. This process needs to be automated as much as possible to reduce the strain on the device administrators. If our organization does do not scan for vulnerabilities and proactively address discovered flaws, we face a significant likelihood of having our computer systems compromised. Our Cyber Defense Division faces particular challenges in scaling remediation across an entire enterprise, and prioritizing actions with conflicting priorities, and sometimes-uncertain side effects. We as security must work hand in hand with the system administrators to help them understand the importance of applying security to their devices. One of the common issues on any network is the misuse of administrative privileges. System administrators will consistently log on devices using elevated privilege account to conduct routine tasks which do not require the rights and permissions granted using that specific account. The misuse of administrative privileges is a primary method for attackers to spread inside a target enterprise.
Formal user access control procedures must be documented, implemented and kept up to date for each application and information system to ensure authorised user access and to prevent unauthorised access. They must cover all stages of the lifecycle of user access, from the initial registration of new users to the final de-registration of users who no longer require access. These must be agreed by IDI. User access rights must be reviewed at regular intervals to ensure that the appropriate rights are still allocated. System administration accounts must only be provided to users that are required to perform system administration tasks.
Critical Security Control 1 was implemented to actively manage all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. This is critical because attackers, who can be located anywhere in the world, are continuously scanning and monitoring the address space of target organizations. They do this for the main purpose of waiting for new or unprotected systems to be attached to the network. A main focus is looking for devices (especially laptops) that come and go off of the enterprise’s network. These devices are vulnerable because they can commonly get out of sync with patches or
Specify the red flag(s) that Target overlooked or ignored before the retail attack and give your opinion as to why Target overlooked or ignored the red flag(s).
The framework of security policy is defined to construct a structure by the help of which policy gaps can be identified in an easy manner. A system specific policy would assist to ensure that all employees and management comply with the policies. This is also used to maintain the confidentiality for user authentication would assist in the confidentiality aspect of security, maintain integrity (There are several limiting rules or constraints which are distinct in the relational data model and whose work is to maintain the data’s accuracy and maintain its integrity.), availability and authenticity of the system. Access controls are a collection of mechanisms that work together to create security architecture to protect the assets of an information system. One of the goals of access control is personal accountability, which is the mechanism that proves someone performed a computer activity at a specific point in time. So, the framework acts as the guideline
Global Information Assurance Certification (GIAC) is an information security certification entity that specialises in technical and practical certification as well as new research in the form of its GIAC Gold program. SANS Institute founded the certification entity in 1999 and the term GIAC is trademarked by The Escal Institute of Advanced Technologies.
The workstation domain in the IT infrastructure is the area where the end user is in the most control. It is also where most users are able to connect to the IT infrastructure. The workstation domain refers to any endpoint device used by others. This can be a desktop computer, a laptop device, a special-purpose terminal or any smart device in the end user’s physical possession (Johnson 93). In more recent years, smartphones and mobile devices such as tablets have become a part of the workstation domain. Along with the workstation domain being the place where an end user has the most control, it is also easily susceptible to security breaches. There are a multitude of risks that exist and can cause vulnerabilities at the workstation domain. As the world continues to evolve so does the technology and the risks involved for an IT infrastructure. If security measures are correctly put in place than the workstation domain should run smoothly in an operation.
4.When thousands of employees telecommute and work in virtual offices, there are benefits to the environment. Discuss the environmental impact of the Cisco telecommuting and virtual offices solution.
According to the University of Connecticut, they developed this information security manual to protect everything from the availability, data integrity, and the use of the University’s resources. Even though this policy applies to all students, faculty, and staff its primary purpose is towards the Data Stewards, who are people that are in charge of maintaining access to data and IT resources. Violation of this Security Policy may result in disciplinary action according to local, state, and federal laws, as well as university laws and by-laws. (Information Security Office, 2012)
Within this security profile three controls and two family controls were selected to be enforced in order to explore the security awareness and the training being done that can be used as counter measures against any cyber security threats that may pose a problem to the network. The three controls that are being examined within management, technical, and operational families will be based on the needs of the VA and how best to implement them.
While this is a daunting task, by breaking these controls down into larger groups the basis for policies and procedures are outlined and framed. The key areas that must be met initially are the establishment of a system security plan that describes we are implementing as well as the security control requirements for the
identify rogue agents, corrupt officials and leakers, and draws on a Defense Department model under development for more than a decade, according to officials and documents reviewed by the AP. (2014)
The ability to address this risk provides benefits in multiple ways. As the remote computing environment grows, under the current technical implementations, the infrastructure support needs will continue to increase and the risk of a data breach will continue to grow as more devices will be exposed to those threats. Addressing this issue and reducing the risk provides multiple benefits. This will allow the remote user computing base to increase without the need to increase support staff. The risk associated with a data breach in the remote computing environment will be substantially reduced, even with an increase in the number of remote users. The challenge in this project is in reducing the risk associated with the remote
Based on the Information Asset Inventory and Analysis completed for Cincom Systems the next phase of improving their enterprise security management strategy is to concentrate on assessments of risk management and control effectiveness. This specific study evaluates the effectiveness of the security technologies and methodologies in place at Cincom, also determining uncertainty and calculating the risk of the most dominant threats. Additional security requirements are need to fully protect Cincom's information assets. These are evaluated from an administrative, managerial and technical control standpoint. The network security methodology and technology used by Cincom is also assessed in addition to the access control technologies used. This analysis concludes with a discussion of what was learned and how this assignment has changed my perceptions of security technology and methodologies.
The second area of cyber security that needs to be investigated is how to protect the integrity of the information (Wilson, 2013) on the device when staff are entering
In the Workstation Domain security controls are one of the biggest challenges. Physical security threats are concerns associated more with attackers who gain physical access to the premises. The attackers can cause physical destruction of equipment or sabotage the equipment. The attacker can sabotage the system if the attacker has sufficient knowledge of the system, such as a former employee, and gains access to the system and then renders the system unusable, or deletes and changes information.