CIS333 Week 10 Technical Project Paper
CIS333 Week 10 Technical Project Paper PRG211
Popular in Computer Programming
This 11 page Study Guide was uploaded by Topseller Notetaker on Monday November 9, 2015. The Study Guide belongs to PRG211 at Ashford University taught by in Fall 2015. Since its upload, it has received 62 views. For similar materials see in Computer Programming at Ashford University.
Reviews for CIS333 Week 10 Technical Project Paper
Report this Material
What is Karma?
Karma is the currency of StudySoup.
You can buy or earn more Karma at anytime and redeem it for class notes, study guides, flashcards, and more!
Date Created: 11/09/15
Information System Security Student 1. The Potential Physical Threat The potential physical threat often reasons the PC and hardware to crash. And it may be affected by internal, human, external errors. The most important threats comprise damage of hardware and infrastructure, theft, unstable power supply, accidental errors, as well as lightening. The unsteady power supply reasons a vast loss of information and computers due to it interferes with processing unit. And the lightning is a natural incidence that man has no control over. On the other hand, Cappelli et al. (2012) declares that such threats could be controlled through application of suitable procedures. I.e., suitable procedures ensure that the security organizations decrease the damage. 2. The Potential Logical Threats Sometimes, most of the people access the pharmacy premises so posing a threat to the processes. The logical access control offers a guidelines as well as technical means of controlling what data the workers need to use, the programs to execute, and the changes to make. And the logical threats interpretations for greater than 50 percent of all the computer threats in any business. For example, the Annual Computer Crime and Security Survey assessed that businesses lost greater than $52.4 million because of computer crimes. So the logical threats comprise Trojan, denial of service attack, spyware, worms and phishing. The phishing The phishing is a kind of logical threat whereby the contributor tries to Giveaway Company’s sensitive data though imagining to be an official person. Kouns and Minoli (2011) represented that phishing threat has coasted most of the businesses great financial missing. This is due to people invented by sending incorrect information which encloses the authorized logo and company’s picture to steal money from them. For example, the Kiwi bank lost millions of shilling during internet banking. The Spyware The spyware is a kind of malware program planned by computer thieves to gather and spread personal details. This program is secreted from the worker so that it could collect the important data concerning internet communication, key logging, password, as well as any other significant data. Additionally, the spyware changes the computer setting and decrease the computer speed. The Denial of Service Attack The denial of service attack is a kind of malware that shut down the network via clouding the server. So this makes it hard to access places proposed by the computer operator. In addition, the denial of service attack reasons the data crash. In accordance with the Durcekova, Shahmehri and Schwartz (2012), the denial of service attack mostly disturbs the legitimate users like workforces, accounts, and clients. This is due to the programmers known well that such type of people play a vital role in the business. The worm The worms are kind of computer malware programs which require the ability to duplicate them from one computer to another computer. E.g., in a pharmacy setup, the worms may extent from books of accounts to employees, and stocks. By itself, the worms infect all the documents in the network (Kouns & Minoli, 2011). Pointing out such situation need much money and time. 3. Administrative controls are mainly policy as well as procedure driven. You will discover most of the administrative controls that support with an initiative’s information security in the human resources department. A few of these controls are as described below: Security strategies and standards Change controls and configuration controls Securityawareness training Security reviews and experiments Good hiring performs Background forms of contractors and workers E.g., if a business has strict hiring practices that need drug testing as well as background checks for all workers, the society will likely hire less individuals of uncertain character. With rarer people of doubtful character working for the business, it is expected that there will be less problems with internal security problems. So these controls do not singlehanded secure an initiative, but they are a significant part of an information security program. Preventive controls occur to prevent cooperation. This declaration is accurate whether the control is administrative, physical or technical. The critical purpose for these controls is to stop security breaches before they occur. On the other hand, a good security design also formulates for failure, identifying that prevention will not continually work. As a result, detective controls are similarly part of a complete security program as they enable you to identify a security breach as well as to decide how the network was broken. With this information, you should be capable to better secure the information the next time. With actual detective controls, the instance response can use the detective controls to understand what went incorrect, permitting you to directly make changes to policies to remove a repeat of that similar breach. Lacking detective controls, it is really hard to conclude what you want to change. Corrective controls are designed to fright away a definite percentage of opponents to decrease the number of events. Cameras in bank lobbies are a best example of a deterrent control. So the cameras most possible deter at any rate some potential bank thieves. The cameras also perform like a detective control. 4. Administrative Control A security policy is a kind of highlevel strategy that states management’s determined relating to how security should be experienced within a business, what actions are satisfactory, and what level of risk the organization is willing to receive. This policy is resulting from the rules, regulations, as well as company objectives that form and restrict the business. The security policy offers direction for every employee and department about how security should be applied and monitored, and the consequences for nonfulfillment. Procedures, strategies, and standards offer the information that support and apply the company’s security strategy. Personnel Controls Personnel controls specify how workers are predictable to interact with security appliances, and point out noncompliance problems relating to these prospects. Alteration of Status: These controls specify what security actions should be occupied when an employee is borrowed, suspended, terminated and moved into another department, or supported. Departure of duties: The departure of duties should be compulsory so that no one separate can perform a critical job alone that could show to be detrimental to the business. Instance: A bank teller who has to get guiding approval to cash payments over $2000 is a case of departure of duties. And for a security breach to happen, it would need involvement, which means that greater than one person would require committing fraud, and their labors would require being concentrated. The use of departure of duties drastically decreases the probability of security openings and fraud. Rotation of duties defines that people rotate works so that they distinguish how to accomplish the obligations of greater than one site. Additional benefit of rotation of duties is that if a specific attempts to obligate fraud within his place, detection is more possible to occur if there is additional employee who distinguishes what tasks should be achieved in that position as well as how they should be done. On the other hand, a good security design also formulates for failure, identifying that prevention will not continually work. As a result, detective controls are similarly part of a complete security program as they enable you to identify a security breach as well as to decide how the network was broken. With this information, you should be capable to better secure the information the next time. With actual detective controls, the instance response can use the detective controls to understand what went incorrect, permitting you to directly make changes to policies to remove a repeat of that similar breach. Lacking detective controls, it is really hard to conclude what you want to change. Corrective controls are designed to fright away a definite percentage of opponents to decrease the number of events. Cameras in bank lobbies are a best example of a deterrent control. So the cameras most possible deter at any rate some potential bank thieves. The cameras also perform like a detective control. 5. Strategies to address the risks for physical threats The Vandalism of Hardware or Infrastructure A business should offer monotonous and maintenance plan for computer hardware to ignore vandalism of significant hardware. In accordance with the Kouns and Minoli (2011), the strategy allows the organization to gather significant computer hardware in one place. Additionally, preservation assists in the identification of significant information that could be misplaced through vandalism. The Unstable Power Supply The company should install another generator as well as power server to protect memory and data loss. This plan ensures that the business diminishes the risk of losing unsaved information. Additionally, it helps the business save cost therefore acts as risk prevention. Theft The organization’s security system should make sure that just the workers use the back door to access pharmaceutical drug parts and dedicated area. This strategy certifies that just authorized people right to use restricted area like in the case something gets lost, they become responsible. Kouns and Minoli (2011) wellknown that restricting accessibility into evidence controls theft cases. Namely, people are oblivious of the arrangement of the control room. Lightening an organization should hire incident response strategies and tools to defend the company’s data and information. This helps the workers to predict any possible costs and take essential measures to capture the lightening. This risk avoidance plan certifies minimization of lightening risk. 6. Strategies to Address the Risks for Logical Threats The Trojan The business requires adopting endpoint security software and antivirus to remove the viruses that influence the files. Cappelli et al. (2012) declares that the strategy is cooperative because downloaded files and application require being free from viruses as well as trusted sources. This is the finest method of mitigating risk that indication to loss of folders and files The Spyware The risk avoidance plan for spyware is to usage a firewall. And the firewall offers a secure gateway which permits all the traffic to pass over one place. So this helps to decrease security problems and supposed susceptibility. Kouns and Minoli (2011) further declare that the firewall often confirms that it validates every site the user demand. This allows the organization blocks the spyware that becomes into the computer system. The Denial of Service Attack The organization requires to adopt the internet protocol verify unicast reverse path to accurate the input interface. And Rajput et al. (2014) originate that the strategy breaks all the SMURF attacks therefore protecting the customers and the network. The Phishing The company should offer guidelines that need the users to avoid giving out username and password to illegal people. The strategy cares for the organization from exterior attack and stops phishing through unauthentic approaches. Durcekova et al. (2012) maintains that strategies should be placed in the central place to permit availability. References: Protecting Your System: physical security. (2012, Dec 13). Retrieved from https://nces.ed.gov: https://nces.ed.gov/pubs98/safetech/chapter5.asp Erwin, S. I. (2012, Nov). Top Five Threats to National Security in the Coming Decade . Retrieved from http://www.nationaldefensemagazine.org: http://www.nationaldefensemagazine.org/archive/2012/November/Pages/TopFi veThreatstoNationalSecurityintheComingDecade.aspx Fuentes, J. (2014, Aug 26). Identification Threats. Retrieved from https://www.linkedin.com: https://www.linkedin.com/pulse/20140826144123- 104551805-identification-threats Meier, J. (2011, june). Threat Modeling. Retrieved from https://msdn.microsoft.com: https://msdn.microsoft.com/en-us/library/ff648644.aspx Paquet., C. (2013, Feb 5). Network Security Concepts and Policies. Retrieved from http://www.ciscopress.com: http://www.ciscopress.com/articles/article.asp? p=1998559
Are you sure you want to buy this material for
You're already Subscribed!
Looks like you've already subscribed to StudySoup, you won't need to purchase another subscription to get this material. To access this material simply click 'View Full Document'