Unit 3 Assignment 1: Security Policy Frameworks

In: Computers and Technology

Submitted By USAgent
Words 322
Pages 2
Tra Johnson
Ruben Barragan
Bernie Rodriguez
Unit 3 Assignment 1: Security Policy Frameworks
A business is only as strong as its weakest link. This is true for any company from Apple to Microsoft to any Mom & Pop store. Unfortunately, when your weakest link is your security policy frameworks you put yourselves in a position of unnecessary risk. We are tasked in this assignment to list things that can affect your business if your company’s framework doesn’t align with the business.
The first subject that was discussed was operations. Operations focus on various manual processes while ensuring there is minimal risk of errors. For example, if your company is still using paper-based ledgers for your daily paperwork and accounting. You would want to switch your systems to some sort of business software. Overall this will save you both time and money. You also must be careful not to all cost overrun. If your business is not streamlined you can definitely run the risk of this.

Risk mitigation is the process of reducing risks as close to the point of absolute zero as possible. Using non-standardized methodologies, and non-compliance with regulatory requirements can damage your company beyond the point of no return. This is because, in the case of non-standardized methodologies, you will be using different processes in different departments and expecting those departments to be able to interact smoothly. Non-compliance with regulatory requirements can subject your business to fees which can easily cripple your business or destroy it outright.

When discussing performance, it is all about speed. Using faster equipment, faster business practices and essentially being as speedy as possible without sacrificing accuracy. When you go to slow you run the risk of missing deadlines and hurting the bottom line. Conversely going too fast can also be dangerous because you…...

Similar Documents

Unit 3 Assignment 1

...Jennifer Schneider – NT 1230 – Client-Server Networking – Unit 3; Assignment 1 IPv6 Addressing 1.) Research the following organizations and explain their involvement with the Internet Public IP Addresses a. American Registry for Internet Numbers: Allocates, transfers and records maintenance of IP addresses as well as reverse DSN. b. Internet Assigned Numbers Authority: Allocates IP addresses from the pools of unallocated addresses to the RIRs according to their needs as described by global policy and to document protocol c. Asia-Pacific Network Information Center: Distributes and maintains IPv6 addresses 2.) Approximately how many IPv4 addresses are possible? There are approximately 4.3 billion IPv4 addresses available. 3.) Approximately how many IPv6 addresses are possible? There are 340,282,366,920,938,463,463,374,607,431,768,211,456 Ipv6 addresses available 4.) Why do you think the world is running out of IPv4 addresses? The internet really started in the 70s as a DARPA research project. At the time, there were 60 or so institutions expected to connect. As the interested research community grew, the addressing scheme was expanded from 8 bits (256 addresses in the predecessor to Internet Protocol (IP) known as Network Control Protocol (NCP)) to 32 bits (the IPv4 addresses we have today). At the time, it was still expected that the internet would serve largely defense, research, and educational institutions. It was essentially a laboratory experiment on a really......

Words: 411 - Pages: 2

Unit 3 Assignment 1

...IS3340-WINDOWS SECURITY | Encryption and BitLocker Activity | Unit 3 Assignment 1 | | | 5/1/2014 | | 1. One of the shop floor computers that is connected to your network is commonly used by the floor manager. You want the floor manager’s files to be encrypted on that computer. Although the floor manager’s documents folder is on a central server, there are some local temporary files that could contain sensitive information and should be encrypted at all times. Which Windows encryption feature would best provide encryption for all of the floor manager’s local files while leaving other users’ files unencrypted? Folder Encryption: EFS 2. The human resource (HR) manager stores a spreadsheet with sensitive personal information on her local workstation. The spreadsheet is the only file with sensitive data and the name of the spreadsheet does not change. Which Windows encryption feature would ensure this one file is always stored on the disk in encrypted format? File Encryption: EFS 3. The chief executive officer (CEO) wants to copy confidential sales projection information from her workstation to her laptop via a universal serial bus (USB) device. What is the best option to ensure the confidential information is secure during the copying process? BitLocker To Go 4. You want to encrypt your main file server’s disk that stores confidential information for several users. Which Windows encryption feature encrypts an entire disk and is not......

Words: 294 - Pages: 2

Unit 3 Assignment 1

...Unit 3 Assignment 1: Compare Windows 8 and Windows RT Course Objectives and Learning Outcomes Identify the characteristics of popular mobile operating systems. Compare mobile operating systems to their related desktop operating systems. Identify the characteristics of Windows Phone. Identify differences and similarities between Windows 8 and Windows Phone 8. Assignment Requirements Research Windows 8 and Windows RT on the Microsoft website and write a paper that discusses the implications of an integrated platform. Required Resources Web browser Windows RT website http://windows.microsoft.com/en-us/windows/rt Submission Requirements Submit a one-page paper that compares Windows 8 and Windows RT. The paper should identify five similarities and five differences between the platforms. You should also discuss how an integrated platform affects users and developers. Which operating system is required for mobile application development? Why? Evaluation Criteria Category | # | Criteria | CONTENT, 90% | 1.1 | The paper should identify 5 similarities between Windows 8 and Windows RT. Up to 20 points for this element | | 1.2 | The paper should identify 5 differences between Windows 8 and Windows RT. Up to 20 points for this element | | 1.3 | The paper should discuss how an integrated platform impacts users. Up to 20 points for this element | | 1.4 | The paper should discuss how an integrated platform impacts developers. Up to 20 points for this......

Words: 283 - Pages: 2

Unit 4 Enhance an Existing It Security Policy Framework

...Unit 4 Assignment 1: Enhance and Existing IT Security Policy Framework Program Framework Policy 1.0 Purpose The purpose of this policy is to define standards for connecting to Richman Investment's network from any host. These standards are designed to minimize the potential exposure to Richman Investment from damages which may result from unauthorized use of Richman Investment resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Richman Investment internal systems, etc. 2.0 Scope This policy applies to all Richman Investment employees, contractors, vendors and agents with any computer that is connected to Richman Investment’s Network. This policy applies to remote access connections used to do work on behalf of Richman Investment, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc. 3.0 Policy 3.1 General 1. It is the responsibility of Richman Investment employees, contractors, vendors and agents with remote access privileges to <Company Name>'s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Richman Investment. 2. General access to the Internet for recreational use by immediate household members through......

Words: 737 - Pages: 3

Unit 4 Assignment 1: Enhance an Existing It Security Policy Framework

...Quintin Damare’ 1/23/15 Unit 4 Assignment 1: Enhance an Existing IT Security Policy Framework 1. Purpose The purpose of this policy is to define standards for connecting to Richman Investment's network from any host. These standards are designed to minimize the potential exposure to Richman Investment from damages which may result from unauthorized use of Richman’s Investment resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Richman Investment internal systems, etc. 2. Scope This policy applies to all Richman Investment employees, contractors, vendors and agents with a Richman Investment-owned or personally-owned computer or workstation used to connect to the Richman Investment network. This policy applies to remote access connections used to do work on behalf of Richman Investment, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to DSL, VPN, SSH. 4. Policy It is the responsibility of Richman Investment employees, contractors, vendors and agents with remote access privileges to Richman Investment's corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Richman’s Investment. General access to the Internet for recreational use by immediate household members through the Richman......

Words: 669 - Pages: 3

Unit 3 Assignment 1

...Unit 3 Assignment 1: Networking Models Review 1. Which of the following is true about a TCP/IP network? 2. Which of the following terms is not a common synonym for TCP/IP model? (Choose two answers.) A.D. 3. Think generically about the idea of a networking standard, ignoring any particular standard or standards group. Which of the following is typically true of a standard? (Choose two answers.) B.C. 4. Contrast an international standard as compared to a de facto standard. (Choose two answers.) A.D. 5. Which of the following are true about the commonly used version of the TCP/IP model as shown in this chapter? (Choose two answers.) A.C. 6. The TCP/IP model refers to standards other than those the IETF defines in RFCs. Which of these standards groups is typically the source of external LAN standards? (Choose two answers.) B.D. 7. Which of the following is not a typical reason for a group of ten companies to start a vendor group, for the purpose of pushing a new networking technology? C. 8. The TCP/IP and OSI models have some obvious differences, like the number of layers. Think about the more commonly used version of the TCP/IP model discussed in this chapter, and then think about how to talk about TCP/IP using OSI terms. Which of the following is a correctly phrased statement for how to use OSI terminology? B. 9. Historically, which of the following models were the earliest models used in corporate networks? A. 10. Which of the......

Words: 592 - Pages: 3

Unit 1 - Information Security Policy

...Running Head: UNIT 1 ASSIGNMENT Unit 1 - Information Security Policy Regina Sykes Kaplan University Abstract ------------------------------------------------- This paper will provide information on the purpose of a security policy and components of a security policy. Additionally, this paper contains information on a specific organization and the unique important items the organization choose to establish security policies around. Lastly, this paper provides information around the major areas of concern, missing or incomplete information in the policy and areas that are ill-advised in an identified organization’s security policy. Unit 1 - Information Security Policy Introduction Many organizations rely on the use of networks and computers to manage the business. Along with the use of networks and computers to manage the business there is also the need to establish a plan to secure the technology both the network and computers . A security policy is the plan developed with instructions from senior leadership instructing decision makers in the organization on how to protect the organization’s assets (Mattord & Whitman, 2012). There are various components of a security policy which include, statement of policy, equipment usage and access control, prohibited uses regarding equipment, who manages the systems, policies around violations of the policy, modifications and review section and lastly, limits of liability (Mattord & Whitman, 2012). Part......

Words: 2121 - Pages: 9

Unit 3 Assignment 1

...October 1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to......

Words: 364 - Pages: 2

Unit 3 Assignment 1

...October 1, 2014 NT2580 Unit 3 Assignment 1 There are three key parts I will have to take into account while designing a Remote Access Control Policy for Richman Investments. These three parts (Identification, Authentication and Authorization) will not be all for the Remote Access Control Policy, I will need to include the appropriate access controls for systems, applications and data access. I will also need to include my justification for using the selected access controls for systems, applications and data access. The first part I need to implement for this Remote Access Control Policy is Identification, which is defined in this sense as: physical keys or cards, smart cards, and other physical devices that might be used to gain access to something. What needs to be done for the Remote Access Control Policy is a group member policy needs to be setup which uniquely identifies each user. Users should be identified by rank with higher ranking users requiring more authentications. Each individual user should be assigned to a group based on rank with special permissions. Using this system for Identification will make our company more secure in day to day operations. The second part I need to implement for this remote access control policy is Authentication, which is defined as: what you know or passwords, numeric keys, PIN numbers, secret questions and answers. For remote access, there must be proof that the person is who they say they are every time they attempt to......

Words: 364 - Pages: 2

Unit 1 Discussion 1: Importance of Security Policies

...Unit 1 Discussion 1: Importance of Security Policies The important part of deployment is planning. It’s not possible to plan for security, however, until a full risk assessment has been performed. Security planning involves developing security policies and implementing controls to prevent computer risks from becoming reality. The policies outlined in this paper are merely guidelines. Each organization is different and will need to plan create policies based upon its individual security goals and needs: The discussion of tools and technologies in this paper is focused on features rather than technology. This emphasis allows security officials and IT managers to choose which tools and techniques are best suited to their organizations' security needs. Developing Security Polices and Controls A company's security plan consists of security policies. Security policies give specific guidelines for areas of responsibility, and consist of plans that provide steps to take and rules to follow to implement the policies. Policies should define what you consider valuable, and should specify what steps should be taken to safeguard those assets. Policies can be drafted in many ways. One example is a general policy of only a few pages that covers most possibilities. Another example is a draft policy for different sets of assets, including e-mail policies, password policies, Internet access policies, and remote access policies. Two common problems with organizational policies are: ......

Words: 432 - Pages: 2

Unit 3 Assignment 1

...Craig Roxbury Unit 3 Assignment 1 Erica Lanier Video Summary 1 In video 1.07 the lesson is on ports and connectors. There are three different types of ports, those are serial port, parallel port and game port. The serial port is usually male and have 9 or 25 pins. The parallel port is usually female and has 25 pins. The game ports are female and have 15 pins. All of those ports have been replaced by USB ports. The video also discusses how the modem connects to a phone line and converts digital to analog. It explains there are two types of SCSI narrow and wide SCSI, the narrow SCSI has 50 pins and the wide has 68 pins. Video 1.09 teaches that there are two types of monitors, you have CRT and LCD. CRT stands for cathode ray tube and LCD stands for liquid crystal display. The CRT is similar to an old television and the LCD uses thin film transistors and the back lighting is through polarized panels. Your specifications of a monitor include screen size, contrast ratio, refresh rate, response time, interfacing, dot pitchand pixel pitch. Video 1.11 focuses on types of printers and the types of problems that come with each. There is the Dot Matrix, Ink Jet and the laser printers. Overall the videos covered your computer basics and the parts that make it productive. I could comprehend the objective of the videos but they all covered a plethora of information in a matter of minutes, so I feel there was a lot that I missed. Fortunately what I did not catch in the video......

Words: 322 - Pages: 2

Is4550 Unit 3 Assignment 1

...          The  Critical  Security  Controls   for   Effective  Cyber  Defense   Version  5.0                     1       Introduction   .....................................................................................................................................................................  3   CSC  1:    Inventory  of  Authorized  and  Unauthorized  Devices  ............................................................................  8   CSC  2:    Inventory  of  Authorized  and  Unauthorized  Software  .......................................................................  14   CSC  3:    Secure  Configurations  for  Hardware  and  Software  on  Mobile  Devices,  Laptops,   Workstations,  and  Servers  .......................................................................................................................................  19   CSC  4:    Continuous  Vulnerability  Assessment  and  Remediation  .................................................................  27   CSC  5:    Malware  Defenses  ..........................................................................................................................................  33   CSC ......

Words: 31673 - Pages: 127

Unit 1 Discussion 1 Importance of Security Policies

...Unit 1 Discussion 1: Importance of Security Policies There can definitely be a problem if an organization has no Internet use policy. Having all of the internet sites available can lead to many problems. The first of the problems is possibly downloading malware. If a user downloads a third-party software from the internet, for example, it could contain malicious code that could damage the system and/or infect the network. Another problem I see is having access to personal email accounts through the internet, as people could easily use these and transfer sensitive data to them from a personal email account, thus taking the data off-site which could potentially be used against the organization. An issue with external devices, is similar to Internet usage policy, in that the user can use this external device, like a Universal Serial Bus (USB) to take company data and copy it onto the drive which can be taken off-site , as well as potentially downloading third-party data to the drive that may contain malware. An Employee Identity policy is necessary for companies so that there is some sort of authentication necessary to log into the computers and not just anyone can access them. An example of an Employee Identification would be a Common Access Card (CAC) that has a pin associated with it, or more common, a username and password that must meet a certain complexity (ex. 16 characters minimum; 1 special character minimum). Computer use policy kind of goes alongside the......

Words: 331 - Pages: 2

Cis 462 Wk 4 Assignment 1 It Security Policy Framework

...WK 4 ASSIGNMENT 1 IT SECURITY POLICY FRAMEWORK To purchase this visit here: http://www.activitymode.com/product/cis-462-wk-4-assignment-1-it-security-policy-framework/ Contact us at: SUPPORT@ACTIVITYMODE.COM CIS 462 WK 4 ASSIGNMENT 1 IT SECURITY POLICY FRAMEWORK CIS 462 WK 4 Assignment 1 - IT Security Policy Framework Establishing an effective Information Technology Security Policy Framework is critical in the development of a comprehensive security program. Additionally, there are many security frameworks that organizations commonly reference when developing their security programs. Review the security frameworks provided by NIST (SP 800-53), ISO / IEC 27000 series, and COBIT. Assume that you have been hired as a consultant by a medium-sized insurance organization and have been asked to draft an IT Security Policy Framework. You may create and / or assume all necessary assumptions needed for the completion of this assignment. Write a three to five (3-5) page paper in which you: 1. Select a security framework, describe the framework selected, and design an IT Security Policy Framework for the organization. 2. Describe the importance of and method of establishing compliance of IT security controls with U.S. laws and regulations, and how organizations can align their policies and controls with the applicable regulations. 3. Analyze the business challenges within each of the seven (7) domains in developing an effective IT Security Policy Framework. ......

Words: 793 - Pages: 4

Unit 3. Assignment 1

...Unit 3. Assignment 1. IPv6 Addressing 1. Research the following organizations and explain their involvement with the Internet public IP addresses a. American Registry for Internet Numbers (ARIN) ARIN, a nonprofit member-based organization, supports the operation of the Internet through the management of Internet number resources throughout its service region; coordinates the development of policies by the community for the management of Internet Protocol number resources; and advances the Internet through informational outreach. IP address space allocation, transfer, and record maintenance http://www.arin.net/about_us/overview.html b. Internet Assigned Numbers Authority (IANA) IANA is responsible for global coordination of the Internet Protocol addressing systems, as well as the Autonomous System Numbers used for routing Internet traffic. http://www.iana.org/numbers c. Asia-Pacific Network Information Center (APNIC) The Asia Pacific Network Information Centre (APNIC) is an organization that manages the assignment of Internet number recourses within the Asian continent. APNIC sets the rules, regulations and standards that all designated organizations must abide by and implement. End-user organizations and Internet service providers take direction from Regional Internet Registries (RIRs) like APNIC to provide Internet resources within certain regions. The Internet number resources include antonymous system numbers as well as IP addresses that assist in clearly......

Words: 577 - Pages: 3