What does “secure information” really mean? Information that is secure satisfies three main tenets, or properties, of information. If you can ensure these three tenets, you satisfy the requirements of secure information. The three tenets are as follows:
• Availability—Information is accessible by authorized users whenever they request the information.
• Integrity—Only authorized users can change information.
• Confidentiality—Only authorized users can view information.
Internal use only—Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization.
The User Domain is the weakest link in an IT infrastructure. Anyone responsible for computer security must understand what motivates someone to compromise an organization’s system, applications, or data. A list of the risks and threats commonly found in the User Domain and plans you can use to prevent them.
Risk, Threat, or Vulnerability
Mitigation
Lack of user awareness
Conduct security awareness training, display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees.
User apathy toward policies
Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss during performance reviews.
Security policy violations
Place employee on probation, review AUP and employee manual, discuss during performance reviews.
User inserts CDs and USB drives with personal photos, music, and videos.
Disable internal CD drives and USB ports. Enable automatic antivirus scans for inserted media drives, files, and e-mail attachments. An antivirus scanning system examines all new files on your computer’s hard drive for viruses. Set up antivirus scanning for e-mails with attachments.
User downloads photos, music, and videos.
Enable content filtering and antivirus scanning for e-mail attachments. Content-filtering network devices are configured to permit or deny specific domain names in accordance with AUP definition.
User destruction of systems, applications, or data
Restrict access for users to only those systems, applications, and data needed to perform their job. Minimize write/delete permissions to the data owner only.
Disgruntled employee attacks the organization or commits sabotage.
Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance.
Employee romance gone bad
Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance.
Employee blackmail or extortion
Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Enable intrusion detection system/intrusion prevention system (IDS/IPS) monitoring for sensitive employee positions and access. IDS/IPS security appliances examine the IP data streams for inbound and outbound traffic. Alarms and alerts programmed within an IDS/IPS help identify abnormal traffic and can block IP traffic as per policy definition.
Workstation Domain
The Workstation Domain is where most users connect to the IT infrastructure. A workstation can be a desktop computer, laptop computer, or any other device that connects to your network. Other devices might include a personal data assistant (PDA), a smartphone, or a special-purpose terminal. You can find more details about mobile devices in the “Remote Access Domain” section.
The Workstation Domain requires tight security and access controls. This is where users first access systems, applications, and data. The Workstation Domain requires a logon ID and password for access. A list of the risks, threats, and vulnerabilities commonly found in the Workstation Domain, along with ways to protect against them.
Risk, Threat, or
Related Documents: Essay about Unit 1 Assignment 2
Unit 1: Assignment 2 (P3, M2) The Election process (P3) To stand for election you must be 21 years of age at least and a British, Commonwealth or republic of Ireland citizen also need to be nominated by at least 10 of the registered electors in the constituency and if you want to stand you must receive authorisation from the party if you don’t then you will be classed as an independent and have to pay £500 which you only get back if you receive over 5 percent of the votes cast There are many selection…
Proposal for a Secure Network Architecture This assignment will explore the secure network architecture for a coffee and tea retailer that is frequented by various users in need of an internet connection. The focus of this proposal will be a recommendation of a design for this type of organization while addressing cost and security concerns. Ultimately, I would recommend a Wide Area Network (WAN) for this type of organization. The data shared below is what I took into consideration before arriving…
ISS3340 Windows Security Unit 2 Assignment 1 Recommendations for Access Controls Recommendations for Access Controls Access Control is the defined as “the selective restriction of access to a place or other resource”, in the RFC 4949. “The act of accessing may mean consuming, entering, or using. Permission to access a resource is called authorization.” Simply put the ability to read, write, modify, or deleting information or files is what Access Control is. It is more than this, in the permissions…
Hutchison, John 6/28/15 NT2580 Unit 2: Assignment 1-Window of vulnerability The four parts would be the Discovery-Time, Exploit-Time, Disclosure-Time, and Patch-Time. All four of these must be looked at and evaluated. Discovery Time –is the earliest date that vulnerability is discovered and recognized to pose a security risk. The discovery date is not publicly known until the public disclosure of the respective vulnerability. Exploit Time -is the earliest date an exploit for vulnerability is available…
OCR LEVEL 3 CAMBRIDGE TECHNICAL CERTIFICATE/DIPLOMA IN BUSINESS Unit 2 - BUSINESS RESOURCES P1 - describe the recruitment documentation used in a selected organisation P2 - describe the main employability and personal and communication skills required when applying for a specific job role M1 - analyse the recruitment documentation of a selected organisation Scenario You are to produce a guide for applicants on the recruitment documentation used within a selected organisation (Duffryn High School)…
In this assignment, I will talk about developing Effective Communication in Health and Social Care. In order to achieve, I will explain the role of Effective communication and Interpersonal Reaction in a Health and Social Care setting context. I will also discuss theories of communication such as Formal and Informal communication. In order to have good communication skills it is important to understand the effectiveness of communication and interaction formed between people. Explain the role of…
Course Information Sheet & Units Overview Date: July 13 - August 14, 2015 Teacher: Ms. Puopolo Department: English Principal: Joe Russo Curriculum Policy Document The Ontario Curriculum, Grades 11 & 12: English, 2007 (revised) Course Title English Course Code ENG 4U1 Grade & Type 12 University Pre-requisite English, Grade 11, University Preparation Full Year / Semester Summer Session (July-August) Credit Value 1 Course Description (As specified in Ministry of Education Policy Document) This…
Graded Assignments STUDENT COPY The following sections contain student copies of the assignments. These must be distributed to students prior to the due dates for the assignments. Online students will have access to these documents in PDF format, which will be available for downloading at any time during the course. Graded Assignment Requirements Assignment Requirements documents provided below must be printed and distributed to students for guidance on completing the assignments and submitting…
of Science Unit Guide S1 Day Session 1, North Ryde, Day 2013 Table of Content Table of Content General Information Convenor and teaching staff Credit Points Prerequisites Corequisites Co-badged status Unit Description 2 3 3 3 3 3 3 3 Learning Outcomes Assessment Tasks Weekly Exercises Assignment One Assignment Two Assignment Three Final Examination 4 5 5 5 5 5 6 Unit Schedule Delivery and Resources CLASSES REQUIRED AND RECOMMENDED TEXTS AND/OR MATERIALS UNIT WEBPAGE AND TECHNOLOGY…
PT1420 Introduction to Programming GRADED ASSIGNMENTS Graded Assignment Requirements This document includes all of the assignment requirements for the graded assignments in this course. Your instructor will provide the details about when each assignment is due. Unit 1 Assignment 1: Homework Learning Objectives and Outcomes Describe the role of software for computers. Identify the hardware associated with a computer…