Security Assignment Mitigation

In: Computers and Technology

Submitted By security1551
Words 609
Pages 3
In order to mitigate risk security vulnerabilities, I make the next recommendations:
System security plans should be formalized at the system and application levels for networks, facilities, and systems or groups of systems, as appropriate.

Encryption is used to protect the confidentiality of stored data and data that are being transmitted to and from the secured network via the Internet. Additionally, encryption is extremely important in protecting wireless access to the secured network and on portable storage devices. Establishing encryption where necessary is a basic step for protecting sensitive data.

Contingency plans should be formalized to ensure the availability of critical information systems and the continuity of operations in emergencies. These plans should contain detailed roles, responsibilities, recovery team designations, and procedures associated with the restoration of an information system following a disruption.

Configuration management policies, plans, and procedures should be developed, documented, and implemented at the entity wide, system, and application levels to ensure an effective configuration management process. The procedures should cover employee roles and responsibilities, change control and system documentation requirements, establishment of a decision making structure, and configuration management training. Configuration management should be a key part of an entity’s Systems Development Life Cycle methodology

Risk assessments should consider threats and vulnerabilities at the entity wide level, system level, and application levels. When State agencies perform risk assessments, they should consider (1) risks to data confidentiality, integrity, and availability and
(2) the range of risks to their systems and data, including those posed by authorized users
And unauthorized outsiders who may try to break into the…...

Similar Documents

Information Security Threat Mitigation

...Information Security Threats Mitigation By Francis Nsofwa Mubanga Keller Graduate School of Management Devry University Professor Sandra Kirkland SE572 July 14th, 2011  Table of Contents Introduction 1 Steps 1 Denial-of-Service attacks (DoS) 1 Distributed Denial-of-Service attacks (DDoS) 1 Masquerading and IP Spoofing attacks 2 Smurf attacks 2 Land .c attacks 2 Man-in-the-Middle attacks 3 Conclusion 3 References 4 Introduction Our company faces the largest information security threat and we need to take steps to mitigate the risks associated with each one of them. Steps Denial-of-Service attacks (DoS) We will analyze the attack as best as we can and implement the correct defense. We will ask ourselves if there are any common packet signatures that are easy to filter against. We will ask ourselves if all attackers hitting a single target if they can be sacrificed. We will also need to find out as to which network the attack is coming from, and if we can verify it (remember that spoofed packets can come from anywhere, including our own network). Once we’ve found a reasonable match for the attack, pass the filters to our upstream provider(s) and seek their help getting them propagated outwards. We will need to make sure we filter or redirect traffic with a minimum amount of actual downtime (Kaeo, 2004). Distributed Denial-of-Service attacks (DDoS) CluB: a Cluster-Based architecture is the method we will use to prevent DDoS......

Words: 789 - Pages: 4

Assignment 4: Internet Technology, Marketing, and Security

...Assignment 4: Internet Technology, Marketing, and Security Bus 508 – Contemporary Business Abstract Modern business depends on complex electronic information systems that require computer and internet capability to keep that information flowing. There is a problem when someone outside of that business relationship between the business and the consumer interferes, or hacks, that information flow. An entire industry has been created to protect that information flow from being “hacked”. In 2011, Sony went through what is known as the largest security breach in history. The breach affected 77 million PlayStation Network users, 24.5 million users of Sony Online Entertainment and many more customers across the nation. All this was caused, according to Sony, by an “outdated database from 2007” (Lina, 2011). Assignment 4: Internet Technology, Marketing, and Security In 2011, there were more than 300 corporate security breaches. Sony, Citigroup, and Morgan Stanley Smith Barney are among the major firms that have reported to their customers that they have been hacked (Mintzer, 2011). Hacking is continuously happening to companies all over the world. Sony Corporation is a leading manufacturer of audio, video, game, communications, key device and information technology products for the consumer and professional markets. With its music, pictures, computer entertainment and on-line businesses, Sony is uniquely positioned to be the......

Words: 1284 - Pages: 6

Lp4 Assignment Information Security

...understanding the threats facing the organization. You must determine which threat aspects most directly affect the security of the organization and its information assets, and then use this information to create a list of threats, each one ranked according to the importance of the information assets that it threatens. 3. Who is responsible for risk management in an organization? Which community of interest usually takes the lead in information security risk management? Member of information security community is responsible for risk management in an organization, and information security community of interest usually takes the lead in information security management. 4. In risk management strategies, why must periodic review be a part of the process? Periodic review must be part of risk management strategies because risks from security threats create competitive disadvantage to organizations. It is a constant process for safeguards and controls to be devised and implemented, and not to be install- and- forget devices. 5. Why do networking components need more examination from an information security perspective than from a systems development perspective? Network components tend to be the focal point of attacks, and therefore should be examined from a security perspective more thoroughly. In addition, networking components need more examination from a information security perspective because most components must be configured differently or modified from the......

Words: 1347 - Pages: 6

Assignment Security & Ict Audit

...Security and ICT Audit Assignment 2 12-11-2012 A business continuity plan is the totality of plans made to recover the business operations following a disaster. A disaster is an event that causes a significant and perhaps prolonged disruption in the system availability. In this case the disaster is a fire which burned the office to the ground. Nothing could be salvaged from the ashes. There are a few measures included in the Business Continuity Plan of this travel agency, in order to provide an effective response. In this way they are still able to serve their customers and to continue their business operations. One of the key elements of a BCP is to consider what processes are critical and how quickly they should be resumed. In this way, you know what processes should be given priority and which may be delayed. By taking the critical processes as a basis, you can identify the critical resources and record them in the BCP. Those are the resources that are absolutely necessary to run the critical processes at an acceptable level. Measures: * From an IT process perspective: * Back-ups of the entire IT environment should be created frequently and tested periodically. Databases may contain e.g. information regarding reservations/bookings made, booking history, client databases and destinations. IT applications used for operational activities may also be recovered. * It should be possible to replace the back-up on new IT equipment. * From a......

Words: 389 - Pages: 2

Assignment 2 Linux Security

...Linux Security Technology Security of a system is important in our today’s use of the internet. That is why Linux with its many layers that are always evolving in security to protect against all kinds of hackers or othe types of attacks . SELinux, Chroot Jail, IPTables, Mandatory Access Control and Discrestionary Access Control, just to name a few. SELinux is an access control implementation for the Linux kernel. Take for instants that you are the administrator and you define rules in user space and if the Linux kernel has been added with SELinux support, then those rules will be followed by the kernel. SELinux is a NSA Security-Enhanced Linux, in which the mandatory access control is flexible. The structure of SELinux supports against all kinds of mandatory access control policies. Some of which are Role-Based Access Control and Multi-Level Security. It was designed by NSA for the purpose of protecting a server against malicious daemons, by telling the daemons what they can and can’t do. This type of technology was created by Secure Computing Corporation, but was supported by the U.S. National Security Agency. In 1992, the thought for a more intense security system was needed and a project called Distributed Trusted Match was created. Some good solutions evolved from this, some of which were a part of the Fluke operating system. Which then became the Flux and finally led to the creation of the Flask architecture. Eventually it was combined with the Linux kernel,......

Words: 873 - Pages: 4

Unit 4 Assignment: Smtp Security

...04/16/14 NT2670, Email and Web Unit 4 Assignment: SMTP Security 1. List and describe three SMTP server security threats? a. Viruses can erase files, cause computer crashes and destroy information or get information. b. Spam email is a term used to describe messages sent in bulk or incoming emails that are received without consent. c. Directory harvest attacks (DHAs) is an attempt to determine the valid e-mail addresses associated with an e-mail server so that they can be added to a spam database. 2. List three suggestions to harden SMTP server security? a. “Disable open relaying on all SMTP virtual servers: Open relay on your Exchange Server allows other Email servers to use your server as a gateway to others. This allows others to send spam Email which appears to be originated from your address, therefore you will be identified as a spam source.” (Ehamouda, 2009) b. “Prevent anonymous access on internal SMTP virtual servers and dedicated SMTP virtual servers for IMAP and POP clients: Because all Exchange servers within your organization authenticate with each other to send mail, you do not need to enable anonymous access on your internal Simple Mail Transfer Protocol (SMTP) virtual servers. Additionally, all Post Office Protocol (POP) and Internet Message Access Protocol (IMAP) clients authenticate with your SMTP virtual server, so anonymous access is not required on a server that is used exclusively by POP and IMAP clients.” (Ehamouda, 2009) c. “Restricting......

Words: 337 - Pages: 2

Assignment 1 Public and Private Security

...Week 1 Assignment1 Public and Private Security SEC 300 April 15, 2014 Public Security | Private Security | Police officers are commissioned by their local or state governments and are employed by them. | Security guards work either directly for a security company or for a specific business. | Police departments prefer applicants who have college degrees in criminal justice or pre-law. | Security guards normally need only a high school diploma or equivalent to be hired. | Police officers go through thorough background checks and intense training in police academies. | Security guards often are interviewed, hired and employed on their first patrol. | Public police officer is sworn to protect all people and property, and is authorized to enforce the laws of his city and county. | The basic role of a security guard is to protect the property and people of the business that employs him. | Police officers can enter and conduct legal searches of private buildings and houses. | Security guards are confined to patrolling and securing only the businesses or property assigned to them by their employer. | Police officers can serve arrest warrants and make legal arrests. | Security guards do have the power to apprehend and detain non-violent suspects such as shoplifters. | Police officers are commissioned by their local or state governments and are employed by them. | Security guards work either directly for a security company or for a specific business company. | ......

Words: 426 - Pages: 2

Unit 3 Assignment 1: Security Policy Frameworks

...Tra Johnson Ruben Barragan Bernie Rodriguez Unit 3 Assignment 1: Security Policy Frameworks A business is only as strong as its weakest link. This is true for any company from Apple to Microsoft to any Mom & Pop store. Unfortunately, when your weakest link is your security policy frameworks you put yourselves in a position of unnecessary risk. We are tasked in this assignment to list things that can affect your business if your company’s framework doesn’t align with the business. The first subject that was discussed was operations. Operations focus on various manual processes while ensuring there is minimal risk of errors. For example, if your company is still using paper-based ledgers for your daily paperwork and accounting. You would want to switch your systems to some sort of business software. Overall this will save you both time and money. You also must be careful not to all cost overrun. If your business is not streamlined you can definitely run the risk of this. Risk mitigation is the process of reducing risks as close to the point of absolute zero as possible. Using non-standardized methodologies, and non-compliance with regulatory requirements can damage your company beyond the point of no return. This is because, in the case of non-standardized methodologies, you will be using different processes in different departments and expecting those departments to be able to interact smoothly. Non-compliance with regulatory requirements can subject your business...

Words: 322 - Pages: 2

Cmgt 556 Week 6 Individual Assignment Security Threats Cmgt556 Week 6 Individual Assignment Security Threats

...com/q/cmgt556-cmgt-556-entire-course-week-1-6-complete-c/12282 http://workbank247.com/q/cmgt556-cmgt-556-entire-course-week-1-6-complete-c/12282 CMGT 556 Week 1 Individual Assignment Artificial Intelligence Assignment Preparation Activities include completing the chapter review, the Skillsoft courses, the Skillsoft Business Explorations, independent student reading, and research. Read “The Future: Artificial Intelligence,” in Ch. 9, “Enabling the Organization – Decision Making,” of Business Driven Technology. Complete the following Skillsoft courses: Business Analysis: Enterprise Analysis Developing the Capacity to Think Strategically Developing the Strategic Thinking Skill of Seeing the Big Picture Using Strategic Thinking Skills Complete the following in the Skillsoft Business Exploration Series: Effective Critical Analysis of Business Reports Returning to Core Competencies External Consultants Can Help Competitive Awareness and Strategy Effective Critical Analysis of Business Reports Leading Outside the Organization External Consultants Can Help Leadership Advantage: Competitive Awareness and Strategy 2.0 Assignment Write a 2- to 3-page paper summarizing the categories of artificial intelligence. Compare and evaluate their value in business decision making. CMGT 556 Week 2 Individual Assignment The World is Flat Assignment Preparation Activities include completing the chapter review, the Skillsoft courses, independent student reading, and research. Review Ch. 1, “Business......

Words: 1283 - Pages: 6

Preparedness and Mitigation Plan Analysis

...The organization chosen for this assignment the British Columbia Institute of Technology. It is one of the British Columbia’s largest post-secondary institutions with more than 48,000 students enrolled. They provide degrees, diplomas, and certificates in Applied and Natural Sciences, Engineering, and Health Sciences and Trades. The campus was established in 1964. They have five different campuses throughout the British Columbia. This type of organization because of a job working at a campus with the security department. Having mitigation plan can be very important because of the amount of students that are on the campus they need to feel safe in their environment. In the critical incident management plan that the campus defines the authority, defines the terminology used in plan and in critical incidents, it also defines procedures for the delivery of timely response to incidents, and also defines the roles and responsibilities given to everyone. A brief over view of the critical incident plan involves critical incident reporting which should ideally be reported as soon as possible to a supervisor. The critical Incident action plan for the British Columbia Institute of Technology assumes immediate response, this includes police and fire. Then the plan has employee development along with the communication part of the plan, this is where pre incident communication will involve educating the staff and students. The next step of the incident plan involves Incident......

Words: 725 - Pages: 3

Assignment 2: Global Warming: Cause and Mitigation

...Assignment 2: Global Warming: Cause and Mitigation Click Link Below To Buy: http://hwcampus.com/shop/sci110-assignment-2-global-warming-cause-mitigation/ NAME Professor Olivia Uitto SCI110 – Introduction to Physical Science August 26, 2015   Global warming is thephraseused to refer to a steadyincrease in theaveragetemperature of the Earth, a change that is understood to be permanentlychangingour Earth’s climate. Numerousstudieshaveidentifiedthatnaturaland anthropogenic processesinfluencechanges in the global climate. In Earth’s history, before the Industrial Revolution around 1760, the Earth’s climatechanged due to naturalcauses not related to humanactivity. Naturalclimateeventsincludesolar variability due to sunspot andothersolarcycles, long-term changes in solar orbital parameters, andintermittent volcanic eruptions. Mostoften, the global climatechangedbecause of variations in sunlight. Changes in the Sun have alternately increasedanddecreasedtheamount of solarenergyreaching our Earth. Also, volcanic activity has increasedgreenhousegases over millions of years, contributing to incidents of global warming. On theotherhand, anthropogenic climatechangerefers to theproduction of greenhousegasesemitted by humanactivity. Anthropogenic influencesincludeemissions from sulfate aerosols andhumanlandcoverchange, as well as stratospheric ozone depletion, black andorganiccarbon aerosols andjet contrails. The global scientificcommunity, represented by the......

Words: 836 - Pages: 4

Assignment 2: Global Warming: Cause and Mitigation

...Assignment 2: Global Warming: Cause and Mitigation Introduction to Physical Science xxxxxxxxxxxx December 6, 2015 Strayer University Professor xxxx xxxx One of the most all time debated and controversial topics to date in science is global warming. Over the last few decades climate change have lead scientist to develop a theories that human beings are the major contributors to the global warming crisis. Many theories suggest that different types of issues contribute to the warming of the planet but the mitigation strategies to slow this process down vary as well. When speaking of this topic there are two basic types of climate change, natural and anthropogenic. Main contributor in the climate change or global warming can be referred to as greenhouse gases. Greenhouse gases are derived from water vapor, Methane, Chlorofluorocarbons, and Carbon dioxide. Anthropogenic theory state that the development and consumption of fossil fuels for human life has generated and released a large amounts of carbon dioxide into the atmosphere. According to this theory the excess carbon dioxide is the main cause of climate change around the world. This process prevents heat from earth to escape naturally into space and hence cool the earth. The theory known as the natural theory states that the earth is going through one of the many peaks and valleys of changes. This of course being a peak of...

Words: 1151 - Pages: 5

Assignment 2: Global Warming: Cause and Mitigation

...Assignment 2: Global Warming: Cause and Mitigation Click Link Below To Buy: http://hwcampus.com/shop/sci110-assignment-2-global-warming-cause-mitigation/ NAME Professor Olivia Uitto SCI110 – Introduction to Physical Science August 26, 2015   Global warming is thephraseused to refer to a steadyincrease in theaveragetemperature of the Earth, a change that is understood to be permanentlychangingour Earth’s climate. Numerousstudieshaveidentifiedthatnaturaland anthropogenic processesinfluencechanges in the global climate. In Earth’s history, before the Industrial Revolution around 1760, the Earth’s climatechanged due to naturalcauses not related to humanactivity. Naturalclimateeventsincludesolar variability due to sunspot andothersolarcycles, long-term changes in solar orbital parameters, andintermittent volcanic eruptions. Mostoften, the global climatechangedbecause of variations in sunlight. Changes in the Sun have alternately increasedanddecreasedtheamount of solarenergyreaching our Earth. Also, volcanic activity has increasedgreenhousegases over millions of years, contributing to incidents of global warming. On theotherhand, anthropogenic climatechangerefers to theproduction of greenhousegasesemitted by humanactivity. Anthropogenic influencesincludeemissions from sulfate aerosols andhumanlandcoverchange, as well as stratospheric ozone depletion, black andorganiccarbon aerosols andjet contrails. The global scientificcommunity, represented by the......

Words: 836 - Pages: 4

Linux Ii Research Assignment - Linux Security Technologies

...Research Assignment Linux Security Technologies Kristy Graves ITT Tech – Dayton Linux II IT302 Mandatory Access Control Mandatory Access Control (MAC) is a system wide policy that relies on the current system to control access (Syracuse University, 2009). Users cannot alter or make any changes to this policy. Only the administrator has the clearance and authorization to make changes (The Computer Language Company Inc., 2012). Mandatory access control mechanisms are more than Discretionary Access Control (DAC) but have trade offs in performance and convenience to all users (The Open Web Application Security Project, 2002). Users can access lower level documentation, but they cannot access higher level without the process of declassification. Access is authorized or restricted based on the security characteristics of the HTTP client. This can be due to SSL bit length, version information, originating IP address or domain, etc. Systems supporting flexible security models can be SELinux, Trusted Solaris, TrustedBSD, etc. DAC checks the validity of the credentials given by the user. MAC validate aspects which are out of the hands of the user (Coar, 2000). If there is no DAC list on an object, full access is granted to any user (Microsoft, 2012). SELinux SELinux has three states of operation. These states are enforcing, permissive, and disabled. SELinux was developed by the U.S. National Security Agency (NSA) and implements MAC in a Linux kernel (Sobell, 2011).......

Words: 875 - Pages: 4

Weaknesses Assignment Phase Ii- Security Assessment and Recommendations

...Running head: Security Assessment and Recommendations Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and......

Words: 1692 - Pages: 7