Create A Step-By-Step IT Security Policy For Handling User Accounts/Rights For A Student Who Is Leaving Prematurely

Computer Science homework help

Computer Security Fundamentals

by Chuck Easttom

Chapter 10 Security Policies

Chapter 10 Objectives

Recognize the importance of security policies
Understand the various policies and the rationale for them
Know what elements go into good policies
Create policies for network administration
Evaluate and improve existing policies

Explain what cyber terrorism is and how it has been used in some actual cases.

Understand the basics of information warfare.

Have a working knowledge of some plausible cyber terrorism scenarios.

Have an appreciation for the dangers posed by cyber terrorism.

Introduction

Technology by itself cannot solve all network security problems.

Cyber terrorism, according to the definition of the FBI:

Premeditated, politically motivated attack against information, computer systems, computer programs, and data that results in violence against noncombatant targets by subnational groups or clandestine agents.

Typically, loss of life in a cyber attack would be less than in a bombing attack.

Introduction (cont.)

Virus software won’t prevent a user from manually opening an attachment and releasing a virus.
A technologically secured network is still vulnerable if former employees (perhaps some unhappy with the company) still have working passwords. Or if passwords are simply put on Post-it notes on computer monitors.
A server is not secure if it is in a room that nearly everyone in the company has access to.
Your network is not secure if end users are vulnerable to social engineering.

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

What Is a Policy?

A security policy is a document that defines how an organization deals with some aspect of security. There can be policies regarding end-user behavior, IT response to incidents, or policies for specific issues and incidents.

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

Defining User Policies

Passwords
Internet use
E-mail attachments
Installing/uninstalling software
Instant messaging
Desktop configuration

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

System Admin Policies

New Employees
Departing Employees
Change Control
Access Control

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

Other Issues

Bring Your Own Device
A major concern in the modern network
New Employees
Departing Employees

Bring your own device (BYOD) has become a significant issue for most organizations. Most, if not all, of your employees will have their own smart phones, tablets, smart watches, and Fitbits that they will carry with them into the workplace. When they connect to your wireless network, this introduces a host of new security concerns. You have no idea what networks that device previously connected to, what software was installed on them, or what data might be exfiltrated by these personal devices.

Change Management

RFC
CAB
Follow-up

Software Development Policies

Security standards
Testing

Incident Response Policies

Handling viruses
Dealing with breaches

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

Data Classification

Public
Secure

BCP and DRP

Fault Tolerance

Backups
Full: All changes
Differential: All changes since last full backup
Incremental: All changes since last backup of any type
RAID

Relevant Laws & Regulations

HIPAA
Sarbanes-Oxley
PCI

Summary

In this chapter, you learned the technology is not enough to ensure a secure network. You must have clear and specific policies detailing procedures on your network. Those policies must cover employee computer resource use, new employees, outgoing employees, access rights, how to respond to an emergency, and even how secure code in applications and websites is.
User policies must cover all aspects of how the user is expected to use company technology. In some cases, such as instant messaging and web use, policies may be difficult to enforce, but that does not change that they must still be in place. If your user policies fail to cover a particular area of technology use, then you will have difficulty taking any action against any employee who performs that particular misuse.

Explain what cyber terrorism is and how it has been used in some actual cases.

Understand the basics of information warfare.

Have a working knowledge of some plausible cyber terrorism scenarios.

Have an appreciation for the dangers posed by cyber terrorism.

Cyber terrorism, according to the definition of the FBI:

Typically, loss of life in a cyber attack would be less than in a bombing attack.

All these could lead to significant deaths: train wrecks, hospital deaths, loss of air traffic control resulting in plane crashes, and so forth.

Create A Step-By-Step IT Security Policy For Handling User Accounts/Rights For A Student Who Is Leaving Prematurely

Computer Science homework help

Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!

DISCLAIMER

PAYMENT METHODS

CONTACT US

E MAIL:

Archive

Computer Science homework help

Do you need a similar assignment done for you from scratch? Order now! Use Discount Code "Newclient" for a 15% Discount!

Share this:

You might also like

DISCLAIMER

PAYMENT METHODS

CONTACT US

E MAIL:

Archive

Do you need a similar assignment done for you from scratch? Order now!
Use Discount Code "Newclient" for a 15% Discount!