Information Systems & Security

In: Computers and Technology

Submitted By kmetcalf
Words 3222
Pages 13
Kyle A. Metcalf
November 20, 2011

Information Systems and Security

Table of Contents Statement of Purpose 3 Access Control Modules 3 Authentication 4 Education & Management Support 5 User Accounts & Passwords 6 Remote Access 6 Network Devices & Attack Mitigation 9 Strategy 9 Physical Security 10 Intrusion Protection 10 Data Loss Prevention 11 Malware and Device Vulnerabilities 11 Definitions 11 Dangers 12 Actions 13 Web and Email Attack Mitigation 13 References 15

Statement of Purpose
The managing partners of Metcalf Law Group, LLP (MLG, LLP), a small but growing Law Firm, have hired an IT Director to address the numerous short and long-term objectives. This document outlines those objectives, risks associated with the network and solutions to mitigate those risks, and policies and procedures to create and maintain a safe and secure system environment for MLG, LLP.
Firm management has requested formal policies be put in place for Remote Access. MLG’s clients, including MP3, the Firm’s largest and most important client, want to ensure that all communication that occurs from remote locations is secure.
Firm management has also requested a formal policy that outlines the Firm’s network security structure. The proposal will address security zones, firewalls, intrusion detection, and any other items that will help secure the network.
Firm management also wants to address the issue of spyware and virus attacks. Proactive initiatives are outlined in this document to address these concerns, as well as detailed recommendations on hardware and software solutions.
Firm management has also requested an outline on the dangers of spam and a plan to mitigate the potential issues. Spam has become a huge intrusion into users’ everyday normal course of business, and has led to increased frustration and lack of…...

Similar Documents

Information Systems Security

...Fundamentals of Information Systems Security 1E REVISED 38351_FMxx_ttlcp.indd 1 8/1/12 1:00 PM 38351_FMxx_ttlcp.indd 2 8/1/12 1:00 PM Contents Ethics and Code of Conduct Preface LAB #1 ix vii Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Introduction Deliverables Hands-On Steps 1 1 3 14 15 2 Learning Objectives 1 Evaluation Criteria and Rubrics LAB #1 ASSESSMENT WORKSHEET LAB #2 Perform a Vulnerability Assessment Scan Using Nessus Introduction Deliverables Hands-On Steps 19 19 21 31 32 20 Learning Objectives 19 Evaluation Criteria and Rubrics LAB #2 ASSESSMENT WORKSHEET LAB #3 Enable Windows Active Directory and User Access Controls Introduction Deliverables Hands-On Steps 35 35 37 49 50 36 Learning Objectives 35 Evaluation Criteria and Rubrics LAB #3 ASSESSMENT WORKSHEET LAB #4 Configure Group Policy Objects and Microsoft® Baseline Security Analyzer (MBSA) Introduction Deliverables Hands-On Steps 53 53 55 63 64 54 Learning Objectives 53 Evaluation Criteria and Rubrics LAB #4 ASSESSMENT WORKSHEET iii 38351_FMxx.indd iii 8/1/12 12:48 PM iv Contents LAB #5 Perform Protocol Capture and Analysis Using Wireshark and NetWitness Investigator 67 Introduction Deliverables Hands-On Steps 67 67 69 80 81 68 Learning Objectives Evaluation Criteria and Rubrics LAB #5 ASSESSMENT WORKSHEET LAB #6 Perform Business Continuity Implementation Planning Introduction Deliverables......

Words: 4584 - Pages: 19

Fundamentals of Information Systems Security

...Fundamentals of Information Systems Security CSS150-1302B-02 Phase 1 Discussion Board 2 Christopher Smith May 22, 2013 Hello all. At this time we are going to discuss three out of the seven domains of a typical IT infrastructure. The three that have I chosen to discuss have the greatest impact on your day to day work lives. The domains with the most impact are the user domain (you), the workstation domain (your computer), and the remote access domain (work from home users). The information within the seven domains is meant as internal use only. We at Richman Investments take the security of our, and our customer’s information very seriously. We will be discussing the three domains that are the most susceptible to attack. The human factor is the biggest variable in these domains. We will be discussing the safeguards put in place here at our firm. The largest of the three domains we will be discussing is the user domain. As stated above this means you. Included in our yearly security awareness training is a recap of our acceptable use policy (also found in your employee handbook). The acceptable use policy mandates what you cannot do on our network. This includes not using personal devices on any wired/wireless networks within our property, and using storage devices not provided to you by the company. Any files you need to access away from the office should be stored on our secure online storage system only. As the user it is your responsibility to be diligent and keep......

Words: 905 - Pages: 4

Information Systems Security

...Colten Ruff 4/24/13 Information Systems Security Unit 4 assignment 1- Enhance an Existing IT Security Policy Framework 1.0 Purpose The purpose of this policy is to define standards for connecting to Richman Investment's network from any host. These standards are designed to minimize the potential exposure to Richman Investment from damages which may result from unauthorized use of Richman Investment resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to critical Richman Investment internal systems, etc. 2.0 Scope This policy applies to all Richman Investment employees, contractors, vendors and agents with a Richman Investment -owned or personally-owned computer or workstation used to connect to the Richman Investment network. This policy applies to remote access connections used to do work on behalf of Richman Investment including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc. 3.0 Policy 1. It is the responsibility of Richman Investment employees, contractors, vendors and agents with remote access privileges to Richman Investment’s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Richman Investment. 2. General access to......

Words: 286 - Pages: 2

Information Systems Security

...* Security Policy Ensuring that the provision of a management direction exists together with support for information security. These are to comply with relevant laws & regulations and the business requirements of Granddik. * Organization of Information Security Making sure that Information security within Granddik is managed. Maintaining security of Granddik’s information processing facilities that are processed, accessed, communicated to and managed by any external entities. * Asset Management Realization and maintenance of all organizational assets. Making sure that information is accorded the required and appropriate level of protection. * Human Resources Security Making sure that all stakeholders, contractors, employees and other users: 1. Have a complete understanding of their responsibilities and that they are suitable for roles that they are considered for. 2. Are made aware of all possible information security concerns and threats that exist or that may arise. 3. Change employment or leave the organization in an orderly manner. * Physical and Environmental Security Ensure that unauthorized access physical or otherwise, damage and interference to the organizations information and premise is at all time prevented. Also prevent any compromise of assets, loss, theft, interruption and damage to organizations activities. * Communications and Operations Management Ensuring that controls for operational procedures are developed,......

Words: 397 - Pages: 2

Information Systems and Security

...Updating security Administrative Training to staff C. Network Security  C1. Permissions  Permissions will be set within shared folders for doctors and theirrespective nurses to access and keep files up-to-date. Doctors, aswell as nurses, shall have their own individual folder within the FTPserver with individual permissions for each user. Client confidentiality is top priority to protect all clients’ private information from any security risks. C1.1 Physical and Logical Access  Doctors and nurses shall have permission to connect to the physicalnetwork. Once connected to the Active Directory only theadministrator will have the ability to change any permission within thenetwork. Servers will be kept in an IT/Telecom room to keep awayfrom the main floor to prevent any accidental tampering. Roomaccess shall be limited to personnel such as: Domain Administrators,IT staff, and any other personnel hired/trained as backupadministrators when Domain Administrators are not available. C1.2 Wireless Network Security  Wireless connectivity will be available to users within the ActiveDirectory list to access from a remote location. WPA/WPA2encryption will be implemented to insure the best security to preventany unauthorized access to the network. If unauthorized access isdiscovered, then the addition of MAC address filtering will helprectify the problem. C2. Firewall  Both hardware and software firewalls will be incorporated into thenetwork to enhance security.......

Words: 682 - Pages: 3

Information Systems Security

...data that resides in and among computer systems must be protected against security threats that exploit vulnerabilities. Organizations must therefore impose appropriate controls to monitor for, deter and prevent security breaches. Three areas have been considered, in a typical sense, as the basic critical security requirements for data protection: confidentiality is used to assure privacy; principles of integrity assure systems are changed in accordance with authorized practices; and, availability is applied to maintain proper system functions to sustain service delivery (Dhillon, 2007, p. 19). These security requirements are represented in Figure 1, Classic Critical Security Requirements. This figure depicts the cross-domain solutions of informal controls, also known as human relationships, and formal and technical controls, which provide for organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance to networked environments because attacks now extend far beyond traditional firewall perimeters. These are authentication, which is used to assure a message actually comes from the source it claims to have originated; and, nonrepudiation, which can be applied to prevent an entity from denying performance of a particular action related to handling data, thereby assuring validity of content and origin. Figure 2, Core Data Security Set, depicts the interrelationship......

Words: 1759 - Pages: 8

Information Systems Security

...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and......

Words: 3283 - Pages: 14

Maintaining Information Systems Security

...Maintaining Information Systems Security Akilah S. Huggins University Of Phoenix CMGT/400 August 11, 2014 Maintaining Information Systems Security Introduction With the growing development of information systems and networks, security is a main concern of organizations today. The fundamental objectives of information systems security are privacy, integrity, and accessibility. The foundation of organization's security lies in planning, creating and actualizing proper information systems' frameworks' security strategy that adjusts security objectives with the organization's requirements. In this paper the objective is to describe the importance of policies and standards for maintaining information systems security. Specifically, the paper include the discussion of the role employees—and others working for the organization to maintain the information systems security. Also the position paper aim to examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy. Thesis Statement The aim and objective of the underlying paper is to analyze and evaluate the phenomena of maintaining information system security. Importance of Policies and Standards for Maintaining Information Systems Security. Information system security policies primarily address threats.......

Words: 1235 - Pages: 5

Information Security System

...Information Security Systems Shikhi Mehrotra Abstract -- The idea of information security has been there since the times of our ancestors/forefathers. In the 21st century we have carried that legacy forward from our forefathers and made unimaginable improvements in the information security systems. In this advanced era we have made sure that all the technologies are stretched beyond limit so that we, humans, have the best and the safest information security systems ever. In this paper each and every new technology will be put forth and analyzed so that these technologies can be advanced and used by our future generation. I. INTRODUCTION From old traditional lockers to advanced hardware and software’s security systems, the information security has reached an advanced level which was unimaginable in the past. The basic aim of such system is to protect information from any illegal/unauthorized use such as unauthorized access, unlawful modification, usage or recording, illegal copying or even data destruction. Even with the numerous advancements that have taken place, there is always the desire of continuously improve the Information Security systems and taken them to the next level. In the recent past, new advancements have been made in areas such as fingerprint recognition security systems and new hardware are being developed to compliment these systems so that a customer is provided with highest possible level of security system. Most of these systems find......

Words: 1395 - Pages: 6

Information Systems Security Policy

... ® MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 ________________________________________________________________________ 1 MICROS Systems, Inc. Enterprise Information Security Policy Version 8.0 Public Table of Contents Overview – Enterprise Information Security Policy/Standards: I. Information Security Policy/Standards – Preface……………....5 I.1 Purpose …………….……………………………………………...5 I.2 Security Policy Architecture ………………….………………….6 I.3 Relation to MICROS Systems, Inc. Policies……………………..6 I.4 Interpretation………………………………………………….…..7 I.5 Violations…………………………………………………….….....7 I.6 Enforcement…………………………………………….................7 I.7 Ownership………………………………………………................7 I.8 Revisions…………………………………………………………..7 II. Information Security Policy - Statement………………………..8 MICROS Enterprise Information Security Policy (MEIP): 1. Information Security Organization Policy (MEIP-001)...……....9 2. Access Management Policy (MEIP-002)…………………………10 3. Systems Security Policy (MEIP-003)...…….…………………......11 4. Network Security Policy (MEIP-004)…………………………….12 ________________________________________________________________________ 2 MICROS Systems, Inc. Enterprise Information Security Policy Version 8.0 Public 5. Application Security Policy (MEIP-005)…..………………………13 6. Data Security/Management Policy (MEIP-006)……………….14-15 7. Security Incident......

Words: 4971 - Pages: 20

Principles of Information-Systems Security

...As an Information Security Engineer for a large multi-international corporation, that has just suffered multiple security breaches that have threatened customers' trust in the fact that their confidential data and financial assets such as Credit-card information; one must implement security measures that will protect the network through a vulnerable wireless connection within the organization, while also providing a security plan that will protect against weak access-control policies within the organization. The first step of protecting against Credit-card information through a vulnerable wireless connection within the organization would be to first protect your wireless broadband from cyber-attacks, which don’t involve any costly measures. One must always remember to lock down the wireless network. By default the password for your panel is often a standard one set-up by the manufacturer (for example ‘admin’). It’s very important that you change this as soon as possible, because it would me that many hackers would already have the password for it. When picking a strong password use a case sensitive combination of alphabets and numbers, six characters and more. Also remember to make it something unique and not the same as something else like your Facebook or Twitter password. Next too consider is the fact that most routers come with a WEP or WPA key built in for good measure, and each router has a different code so there is no need to stress when it comes to this aspect.......

Words: 902 - Pages: 4

Information System Security

...Claudia Goodman IT302 Homework 2 Security-Enhanced Linux The NSA has long been involved with the computer security research community in investigating a wide range of computer security topics including operating system security. It recognizes the critical role of operating system security mechanisms in supporting security at higher levels. End systems must be able to enforce confidentiality and integrity requirements to provide system security. Unfortunately, existing mainstream operating systems lack the critical security feature required for enforcing separation: mandatory access control. Application security mechanisms are vulnerable to tampering and bypass, and malicious or flawed applications can easily cause failures in system security. The results of several of these projects in this area have yielded a strong, flexible mandatory access control architecture called Flask. This has been mainstreamed into Linux and ported to several other systems, including the Solaris™ operating system, the FreeBSD® operating system, and the Darwin kernel. This provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements and it allows threats of tampering and bypassing of application security mechanisms to be addressed while enabling the confinement of damage that can be caused by malicious or flawed applications. This is simply an example of how mandatory access controls that can confine the actions of any process, including......

Words: 1522 - Pages: 7

Information Systems and Security

...Information Systems are the backbone to support the management, operation and decision function of every business or organization. Information Systems (IS) are composed of hardware, software, infrastructure and trained personnel where all the information are digitally processed and be accessible for the use of authorized personnel. Let first resume Information Systems history: • In the 70’s, IS was made of mainframe computers were the data was centralized. They have fewer functions like payroll, inventory and billing process. • Then in the 80’s came the automation process where computers and peripheral devices started to be connected using Local Area Network (LAN). Also started the use of word processors and spreadsheets to automate the flow of information within departments. • In the 90’s the advance of technology brings the ability of corporation to stablish connection between branches and remote offices using Wide Area Network (WAN). Corporations started to look for systems and data integration, leaving behind stand-alone systems. • In the 2000, the introduction of the Internet expand WAN for global enterprises and business involved in supply chain and distribution between countries. Data sharing across systems was the main focus for corporations. The use of electronic mail (email) become a global standard communication between corporations. • In Current time, the advance on technology brings Wireless connectivity where new devices like tablet pc and......

Words: 764 - Pages: 4

Information System Security

...the newest Windows Server operating system from Microsoft. Designed to help organizations reduce operating costs and increase efficiencies and agility, Windows Server expands the Microsoft virtualization strategy for both server and desktop workloads by adding dynamic memory management for virtualized workloads with Dynamic Memory and Microsoft RemoteFX for a rich end user experience with a Virtual Desktop Infrastructure (VDI) and session virtualization (formerly known as Terminal Services). Windows Server also provides enhanced management control over resources across the enterprise. It is designed to provide better energy efficiency and performance by reducing power consumption and lowering overhead costs. It also helps provide improved branch office capabilities, exciting new remote access experiences and streamlined server management. Solution 2: With Windows Server 2008 R2 SP1 Upgrade: Allows the (CEO) usage of BlackBerry devices and all employees with cell phones can email and if need have encryption capabilities. On Windows Server 2008 have application for encryption option and you can apply them to emails and / or ports for security purposes. This allows emails and voice over secured IP addresses. Nor for you to use your BlackBerry you must be running Version 5.0 (BlackBerry Enterprise Server Express for Microsoft Exchange) or higher on Windows Server. Solution 3: Using Windows Server 2008 is compatible with all OSI systems to include Mac OSI. To use Mac......

Words: 1246 - Pages: 5

Introduction to Information System Security

...design impacts the software life-cycle in that it should occur early; the design and implementation of core functionality can influence the user interface – for better or worse. Because it deals with people as well as computers, as a knowledge area HCI draws on a variety of disciplinary traditions including psychology, computer science, product design, anthropology and engineering. HC: Human Computer Interaction (4 Core-Tier1 hours, 4 Core-Tier2 hours) Core-Tier1 hours HCI: Foundations HCI: Designing Interaction HCI: Programming Interactive Systems HCI: User-cantered design & testing HCI: Design for non-Mouse interfaces HCI: Collaboration & communication HCI: Statistical Methods for HCI HCI: Human factors & security HCI: Design-oriented HCI HCI: Mixed, Augmented and Virtual Reality 4 4 Core-Tier2 hours Includes Electives N N HC/Foundations [4 Core-Tier1 hours, 0 Core-Tier2 hours] Motivation: For end-users, the interface is the system. So design in this domain must be interaction-focussed and human-centred. Students need a different repertoire of techniques to address this than is provided elsewhere in the curriculum. Topics: • • • Contexts for HCI (anything with a user interface: webpage, business applications, mobile applications, games, etc.) Processes for user-centered development: early focus on users, empirical testing, iterative design. Different measures for evaluation: utility, efficiency, learnability, user satisfaction. Strawman draft version: February......

Words: 1936 - Pages: 8