Create A Step-By-Step IT Security Policy For Handling User Accounts/Rights For A Student Who Is Leaving Prematurely

Computer Science homework help

Computer Security Fundamentals

by Chuck Easttom

 

Chapter 10 Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Chapter 10 Objectives

  • Recognize the importance of security policies
  • Understand the various policies and the rationale for them
  • Know what elements go into good policies
  • Create policies for network administration
  • Evaluate and improve existing policies

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Explain what cyber terrorism is and how it has been used in some actual cases.

Understand the basics of information warfare.

Have a working knowledge of some plausible cyber terrorism scenarios.

Have an appreciation for the dangers posed by cyber terrorism.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Introduction

  • Technology by itself cannot solve all network security problems.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Cyber terrorism, according to the definition of the FBI:

Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.

Typically, loss of life in a cyber attack would be less than in a bombing attack.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Introduction (cont.)

  • Virus software won’t prevent a user from manually opening an attachment and releasing a virus.
  • A technologically secured network is still vulnerable if former employees (perhaps some unhappy with the company) still have working passwords. Or if passwords are simply put on Post-it notes on computer monitors.
  • A server is not secure if it is in a room that nearly everyone in the company has access to.
  • Your network is not secure if end users are vulnerable to social engineering.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

What Is a Policy?

  • A security policy is a document that defines how an organization deals with some aspect of security. There can be policies regarding end-user behavior, IT response to incidents, or policies for specific issues and incidents.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Defining User Policies

  • Passwords
  • Internet use
  • E-mail attachments
  • Installing/uninstalling software
  • Instant messaging
  • Desktop configuration

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

System Admin Policies

  • New Employees
  • Departing Employees
  • Change Control
  • Access Control

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Other Issues

  • Bring Your Own Device
  • A major concern in the modern network
  • New Employees
  • Departing Employees

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Bring your own device (BYOD) has become a significant issue for most organizations. Most, if not all, of your employees will have their own smart phones, tablets, smart watches, and Fitbits that they will carry with them into the workplace. When they connect to your wireless network, this introduces a host of new security concerns. You have no idea what networks that device previously connected to, what software was installed on them, or what data might be exfiltrated by these personal devices.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Change Management

  • RFC
  • CAB
  • Follow-up

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Software Development Policies

  • Security standards
  • Testing

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Incident Response Policies

  • Handling viruses
  • Dealing with breaches

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Data Classification

  • Public
  • Secure

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

BCP and DRP

  • DRP
  • BCP
  • BIA

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Fault Tolerance

  • Backups
  • Full: All changes
  • Differential: All changes since last full backup
  • Incremental: All changes since last backup of any type
  • RAID

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Relevant Laws & Regulations

  • HIPAA
  • Sarbanes-Oxley
  • PCI

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

Summary

  • In this chapter, you learned the technology is not enough to ensure a secure network. You must have clear and specific policies detailing procedures on your network. Those policies must cover employee computer resource use, new employees, outgoing employees, access rights, how to respond to an emergency, and even how secure code in applications and websites is.
  • User policies must cover all aspects of how the user is expected to use company technology. In some cases, such as instant messaging and web use, policies may be difficult to enforce, but that does not change that they must still be in place. If your user policies fail to cover a particular area of technology use, then you will have difficulty taking any action against any employee who performs that particular misuse.

© 2016 Pearson, Inc. Chapter 10 Computer Security Policies

*

 

*

 

*

Explain what cyber terrorism is and how it has been used in some actual cases.

Understand the basics of information warfare.

Have a working knowledge of some plausible cyber terrorism scenarios.

Have an appreciation for the dangers posed by cyber terrorism.

*

Cyber terrorism, according to the definition of the FBI:

Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.

Typically, loss of life in a cyber attack would be less than in a bombing attack.

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

*

Bring your own device (BYOD) has become a significant issue for most organizations. Most, if not all, of your employees will have their own smart phones, tablets, smart watches, and Fitbits that they will carry with them into the workplace. When they connect to your wireless network, this introduces a host of new security concerns. You have no idea what networks that device previously connected to, what software was installed on them, or what data might be exfiltrated by these personal devices.

*

 

*

 

*

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

*

 

*

 

*

 

*

 

*

 
Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!