List and briefly discuss two (2) “policies and procedures” for system security that companies should have in place.
Maintaining a secure site is crucial. One must put the proper
security policies, procedures and technologies in place to protect
your organization from inadvertent or intentional damage or loss of
data. Perhaps the organization is not attractive to hackers and
other intruders and thus does not require much in the way of
security. This may or may not be true but a recent survey of over
560 companies by the Computer Security Institute (CSI) and the
Federal Bureau of Investigation's International Computer Crime
Squad in San Francisco revealed the
following information:
Of the respondents, 75% reported that they had financial losses
due to security breaches ranging from financial fraud, theft of
proprietary information, sabotage on the computer, viruses and
laptop theft on the low end.
The total estimated losses were a staggering $100119555.
This indicates that the probability of mischief is so high that no
one can afford not to invest in proper Web site security. Firstly,
it must be decided what should be protected, in other words, what
needs to be
secured. For example, a firewall consists of a number of components
and systems between
two networks and it is generally implemented to limit access to
information from users
inside and outside the enterprise. Before a firewall necessarily
means anything practical to
the planners, it is important to define information:
Physical security
Physical security means the steps taken to protect the actual
machines used to store and process sensitive and/or valuable data.
Protecting against accidental or deliberate access (including
changes to the way the computer is set up) should not prevent users
from doing their work nor should it erect unrealistic or
inconvenient barriers to user resources.
Standard security
For standard security, the computer system must be protected, as
any valuable equipment would be. Generally, this involves housing
the computer in a building that is locked and out-of-bounds to
unauthorized users.
Backups
Regular backups protect data from all sorts of hazards such as
hardware failures, honest mistakes, viruses, and malicious
mischief. Because files must be read to be backed up, and written
to be restored, backup privileges should be limited to
administrators and backup operators, in other words, the people who
can be trusted with read and write access to all files.
Auditing
Often one does not know about a breach of security until one
stumbles across it, usually by auditing the network. Effective
auditing can also uncover actions that pose a security risk and
identify the user accounts from which the actions were taken.
Establishing an audit policy requires that one balances the
auditing cost (in disk space and central processing unit cycles)
against its advantages. System setup and capacity may dictate how
many functions one can audit realistically. At the very least one
should make a point of auditing, failed logon attempts, attempts to
access sensitive data and changes to security settings.
High-level security
Depending on the level of security required, an organization can
implement additional security measures to create a high-security
environment. Firstly it should be identified which computers, if
any, contain sensitive data at high risk for theft or intentional
violation and disruption. Security for these machines, or their
subnet, can be augmented with more stringent security features than
those used for the rest of network. One could begin by examining
the network's physical links.
Network level security
When a computer is put on a network, a new access route is added to
the computer that should be secured against some level of
intrusion, for example from casual to intentional intrusion. User
validation and protections on files and other objects are
sufficient for standard-level security, but high-level security
demands that the physical network is secured. The main risk is
unauthorized network taps. If the network is set up completely
within a
secure building (a rarity), the risk of unauthorized taps is
minimized or eliminated. If the network is not completely within
direct physical control, the level of realistic protection must be
decided and instituted, beginning with physical security. If, for
instance, cabling passes through unsecured areas, optical fiber
links should be considered rather than twisted pair, as it is much
harder to tap a fiber and siphon off data.
A second, and more common, risk these days is Internet access.
The security issue here cuts both ways because this type of
connection provides access to and from the Internet community. In
essence, this means that just about everyone in the world with
access to a computer can access the organization's system. To get
in, however, the person has to come through the outside network.
This indicates how important all round security is and with
Internet access the security of the entire network must be
ensured.
Another threat is the damage that can be caused as a result of a
security breach. This
generally leads to the following problems:
Loss of service
Loss of information
Loss of control.
List and briefly discuss two (2) “policies and procedures” for system security that companies should have...
What concepts are important to information security policies and procedures? What effect does HIPAA have on healthcare organizations’ policies and procedures? Are there any other laws that may affect them?
In the HR department , discuss the implications of management - policies, training, procedures, and culture etc. – that may or may not have contributed to the breach in an organization Suggest ONE supporting and ONE detracting feature that could have improved or worsen the situation. Discuss ONE security consequence that could arise from VPN access to the company’s IT infrastructure.
What types of policies, procedures and controls can companies put in place to safeguard, reconcile and trace cash?
Project 1 1 Policies and procedures Develop a range of policies and accompanying procedures for recruitment, selection and induction in a new organisation. Describe the organisation and its core business then explain how and why you would analyse strategic and operational plans and policies before developing recruitment, selection and induction policies and procedures. Make a list of the legislation and the regulations that are relevant to the policies and procedures. Develop and list the supporting documentation or forms you will...
What influences do policies and procedures have on the documentation you prepare? Discuss in 100–120 words.
Summative Assessment 2 - BSBHRM506 - Human Resources: Develop a range of policies and accompanying procedures for recruitment, selection and induction in a new organisation. Describe the organisation and its core business then explain how and why you would analyse strategic and operational plans and policies before developing recruitment, selection and induction policies and procedures. Make a list of the legislation and the regulations that are relevant to the policies and procedures. Develop and list the supporting documentation or forms...
If an organization is going to have a chance at a successful security program they need to develop policies that provide direction for all security efforts and guide the conduct of the users. These policies need to be well written to provide the organization with solid guidance to support their security objectives. Identify and briefly describe the three types of security policies. Your response should include a discussion of where each should be used. Where should policy writers look to...
Briefly discuss the impact or the connection of the following on energy security in the US ( where energy security includes energy, economics, and the environment: an sging gtid system, large shale gas reserves, the increase renewable portfolio standards being adopted by several states, the politicization of energy markets
Discuss briefly about State/Territory drugs and poisons act and list two (2) objectives of the act. 4.1) State/territory drugs and poisons act (30-40 words): 4.2) Objects of the act:
More and more companies have specific workplace diversity policies. Think about two companies for whom you may want to work. Look up their websites and see if you can find information on their diversity policies. Compare the policies. What do they have in common? What are some of the differences that you discovered? Summarize and post your findings