Security Proposal
Dustin Riedemann
Kaplan University
IT286: Introduction to Network Security
Prof: Denver Lee Martin
September 30, 2013
I. Authentication
Authentication – the use of a system to allow user’s access to a computer or network based on three factors: something you know, something you have and something you are.
Purpose: Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be. This will allow you to only allow certain personnel to access certain files within your network. This will help you maintain network security so that unauthorized personnel will not be able to gain access to any important files or data.
Scope: This policy will cover everyone
…show more content…
The goals of this policy are to be able to find and fix any problems that you are having or may have within your network, as well as prevent any attacks that may harm your systems or network.
Scope: The purpose of this policy is to be able to better secure your network and look for possible vulnerabilities that attackers can take advantage of within your network.
Roles/Responsibilities: This will be done by having testing and scanning software run within the network on a regular occasion or with every new update the network receives. The network security team will make sure that this is being done and the proper reports are presented to the management to be able to take any action that is needed for any problems that come up. The management will then decide the best course of action and delegate that to the network security department for implementing.
Sanctions/Violations: If this policy is to be broken, the guilty party will be warned of their wrongdoing and be asked to leave for the day. If any further incidents happen with the same employee or employees, they will be subject to termination at the management’s discretion.
III. Data Security – Certificate
…show more content…
This means that someone that was able to receive the key will have access to everything they want within your network. They will be able to act as the other party to gain trust in order to access said files.
IV. Auditing
Auditing – the process of ensuring policies are enforced including user access and rights review, privilege auditing, usage auditing, escalation auditing, administrative auditing, and log file auditing.
Purpose: The purpose of auditing is to find any mistakes that may have been made and suggest a way to fix those mistakes. This can be a way to help better your security within your network.
Scope: This involves bringing in a person to do an audit of your systems and network. It is better to bring in someone that does not know anything about your network because they will not be bias and will be able to tell you what is going on and if anything needs to be fixed or changed. This may also require your employees to provide information about their department’s projects and
Auditing enhanced the security in an infrastructure by giving Systems Administrators a closer look of events occurring in their infrastructure. It gives them a history of a certain user’s or computer’s activates and allow them to watch out for intruders’ events and preventing unauthorized access to a certain object in the infrastructure. Best practices of auditing are making an auditing plan at first where Systems Administrators can define what items to audit. In most cases, Systems Administrators should at least archive security logs and audit them, audit login activates, and audit applications logs. Additionally, policy change events must be audited to insure that users can never change the Local Security Authority (LSA). This auditing option allows Systems Administrators to insure that users do not go around enforced polices and cause a security issue to the
Created by Philip Zimmermann in 1991, this program has been widely used throughout the global computer community to protect the confidentiality and integrity of the users’ data, giving them the privacy of delivering messages and files only to their intended individual or authorized person (Singh, 2012). Not only being useful for individuals as a privacy-ensuring program, it has also been used in many corporations to protect their company’s data from falling into the wrong hands (Rouse, 2005).
It is a network security measure used in computer networks to ensure that the secure network physically protected from other unprotected networks. This
It is best to prevent security incidents from occurring in the first place – therefore prevention should be a top priority for the IT staff at CEG. The National Institute of Standards and Technology (NIST) recommends five main categories of incident prevention; risk assessments, host security, network security, malware prevention, and user awareness training (Cichonski P., Grance T., Millar T., & Scarfone K., 2012 p.24). Risks of the various types of possible security incidents should be identified and prioritized based on likelihood and potential harm. Risk assessment should be periodic and ongoing. Host security is achieved by hardening each host on the network. Host hardening includes keeping current on the latest software patches, enabling and monitoring audit logs, and assigning permissions based on a system of least privilege. Network security is primarily concerned with securing the perimeter of the network to prevent unauthorized intrusion. This includes the use of firewalls, intrusion detection systems (IDS), securing VPN, and blocking unnecessary ports. All hosts on the network must run and regularly update malware protection software. And all employees should...
Roberts, Richard M. "Network Secrurity." Networking Fundamentals. 2nd ed. Tinley Park, IL: Goodheart-Willcox, 2005. 599-639. Print.
I will conduct a Homeland Security Assessment for my organization because the need for homeland security is tied to the underlying vulnerability of my company’s infrastructure in general, but I would conduct one for any threats against the infrastructure of my company. In our company we would need to establish a planning team to conduct Homeland Security Assessment for my organization by developing a plan Also, Analyzing capabilities and hazards in company to minimizing the threat.The next step is to Implementing the plan. Another, step in conducting Homeland Security Assessment is getting prepared.The company game plan for homeland security set homeland security task into six critical mission areas: (1) comprehension and caution(2) boundary and transport security, (3) Military personal design to prevent any kind of terrorism, (4) protecting the company critical organizational structure (5) guarding against disastrous terrorism in the company like people getting shot up, and (6) the company's organizational structure crisis preparedness and response. The first three critical mission areas focus on stopping a terrorist attack. The next two on reducing protectiveness, and the final one is reduced to a small amount of damage and recovery from
Internal audit is done by a selected team within the organisation. The trained staff not directly responsible for what is being audited are recruited to conduct the internal audit. The various records that are reviewed in an internal audit are procedures and policies, training records, observation of process etc.
530). The risks assessment suggests to identify and manage critical documents and store them on a centralized application and file servers. Moreover, it proposes to use applicable controls. To further explain the applicable controls, role based control (RBAC) should be enabled to regulate access to the files resources based on the roles of individual users within the company. In this structure, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Roles are defined according to job proficiency, authority, and responsibility within the business. In fact, role describes the level of access that users have for their account. For example, by assigning roles to users, administrators can allow multiple users to complete tasks securely. Also, RBAC limits risk by ensuring that users do not have access beyond their training or level of control. Thus, an employee 's role determines the level of permissions granted and ensures that junior level employees are not able to access sensitive information or perform high level tasks. Additionally, an employee education and security awareness program should be implemented to improve employee behavior, hold employees accountable for their actions, complying with rules, and improve employee knowledge base on
...t to track all Internal and External users activity, auditing plays the key role in monitoring these user actions. Data masking and encryption technology provide certain level of assurance that data is not easily accessible to unauthorized users.
Audit is a process to evaluate and review the accounts and financial statement objectively. We can divide it into internal auditors and external auditors. Internal auditors have a inner knowledge of business process. Auditor has access to the much confidential information and all levels of management. But they may lose their judgement and they are not acceptable by the shareholder. “The overall objective of the external auditors is to obtain reasonable assurance about whether the financial statements as a whole are free from material misstatement, whether due to fraud or error, and to report on the financial statements in acco...
A critical part of network planning involves setting up of security mechanisms. Deploying the network with security configuration provides superior visibility, continuous control and advanced threat protection across the extended network. Additionally, security procedures define policies to monitor the network for securing critical data, obtain visibility, mitigate threats, identify and correlate discrepancies.
The network management plan and security plan is important to help the company figure out how they will improve its network and security procedures for the company. Planning involves outlining objectiv...
The International Standard on Auditing (ISA) 330 offers some details regarding the purpose of the audit procedures.
Authentication: The process of proving one's identity. (The primary forms of host-to-host authentication on the Internet today are name-based or address-based, both of which are notoriously weak.)
Rayne, PB, Kulkarni, P, Patil, S & Meshram, BB 2012, ‘Authentication and Authorization:Tool for Ecommerce Security’, Engineering Science and Technology: An International Journal, vol. 2, no. 1, pp. 150-157.