TicTek Inc is a small company with about a hundred employees and one facility. The company sells home security electronics online. The devices are manufactured by a third party company and shipped to TicTek, whereupon they are warehoused until they are purchased through the company’s website. The warehouse staff prepares and ships customer orders in the same facility which houses the office staff and management. TicTek has a few major stockholders, but the majority of the company’s stock is owned by its executives and employees. Due to the online nature of the company’s business dealings, TicTek has placed a high priority on the security of network resources, including vendor data, customer data, high availability, and incident response. Mr. Tic, the CEO, has recently requested a security proposal from the IT department to formally put into place a comprehensive security plan to keep the company’s network secure.
Technical Security Aspects
In creating an effective security policy, it is important to identify what needs to be protected, and the likelihood of attack for each network device. The lifeblood of TicTek is its online sales; therefore it is vital to protect the company’s web servers and payment processing server, bearing in mind confidentiality, integrity, and availability. A vulnerability assessment will need to be conducted before and after technical security measure are in place for the purpose of identifying specific network vulnerabilities. According to Joseph Migga Kizza (2011), “Vulnerability assessment is a periodic process that works on a system to identify, track, and manage the repair of vulnerabilities on the system” (p.139). Thereafter, a vulnerability assessment will be scheduled every six months to ident...
... middle of paper ...
...t of management.
References
Cisco. (2006). How Does RADIUS Work. Retrieved March 29, 2014 from http://www.cisco.com/c/en/us/support/docs/security-vpn/remote-authentication-dial-user-service-radius/12433-32.html#intro
Kizza, J. (2011). Computer network security and cyber ethics. (3rd ed.). Jefferson: McFarland & Company Inc.
Massachusetts Institute of Technology. (n.d.). Viruses, Spyware, and Malware. Retrieved March 29, 2014 from http://ist.mit.edu/security/malware
Securities and Exchange Commission. (2003). SEC Interpretation: Electronic Storage of Broker-Dealer Records. Retrieved March 29, 2014 from http://www.sec.gov/rules/interp/34-47806.htm
SeverCheck.com. (n.d.). Best Practices for Data Center Infrastructure and Server Room Environmental Monitoring. Retrieved March 29, 2014 from http://www.serverscheck.com/sensors/temperature_best_practices.asp
Security helps the organization meet its business objectives or mission by protecting its physical and financial resources, reputation, legal position, employees, and other tangible and intangible assets through the selection and application of appropriate safeguards. Businesses should establish roles and responsibilities of all personnel and staff members. However, a Chief Information Officer should be appointed to direct an organization’s day to day management of information assets. Supporting roles are performed by the service providers and include systems operations, whose personnel design and operate the computer systems. Each team member must be held accountable in ensuring all of the rules and policies are being followed, as well as, understanding their roles, responsibilities and functions. Organizations information processing systems are vulnerable to many threats that can inflict various types of damage that can result in significant losses (Harris, 2014). Losses can come from actions from trusted employees that defraud the system, outside hackers, or from careless data entry. The major threat to information protection is error and omissions that data entry personnel, users, system operators and programmers make. To better protect business information resources, organizations should conduct a risk analysis to see what
There are three areas of cyber conflict that hackers choose to think are the ethical issues, but are the most problematic.
There is no doubt that some portion of the IT budget will be spent on a technology solution for the purpose of defending the IT infrastructure. The questions are what will it be spent on, what assets will be protected and will the solution be relevant to tomorrow’s emerging threats? There are new vulnerabilities and threats targeting IT systems on a daily bases, staying on top of system vulnerabilities can be a massive and daunting task. A combination of systems i.e. Windows, Linux, UNIX, Cisco, Juniper etc… complicates vulnerability management and if not properly managed will lead to critical IT assets and information being compromised and damage to an organizations’ reputation. Successfully identifying system vulnerabilities, also known as Vulnerability Management is paramount to system security; a reliable vulnerability scanner is the key to successful vulnerability management.
White House (2000). Defending america’s cyberspace: National plan for information systems protection: Version 1.0: An invitation to dialogue. The White House, Washington, DC: author. Retrieved from https://www.fas.org/irp/offdocs/pdd/CIP-plan.pdf
Penetration testing - using tools and processes to scan the network environment for vulnerabilities, [03& T, J.K et al. 2002] there are many different types of vulnerability assessments. Penetration Testing focuses on understanding the vulnerabilities of components that you’ve made available on the network as seen from the perspective of a skilful and determined attacker who has access to that network. It will provide a thorough overview of the ...
Computers are main technological features that allow criminals to step into unsuspecting victims lives. With a simple piggy-backing program hackers are able to track every keystroke made by the victim. One such program is called spyware, not to be confused with adware, which is often referred to interchangeably with spyware, but is potentially harmless (Louis 15). Spyware, hidden within downloaded software, implants itself deep within a computer’s hard drive, allowing it to track every move made by the user (Louis 16).
Whitman, M., & Mattord, H. (2011). Reading & cases in information security: law & ethics. (2011 custom ed., p. 264). Boston, MA: Cengage Learning.
Kabay, M. E., & Robertson, B. (2009). Security policy guidelines. In S. Bosworth, M. E. Kabay, & E. Whyne (Eds.), Computer security handbook (5th ed.). New York, NY: John Wiley
“ Prevention is better than cure ”, if computer users are aware of Malware attacks, they may prevent those attacks . So, in this research paper i am going to focus on Malware and Protecting Against Malware.
capacity and performance. However, as networks enable more and more applications and are available to more and more users, they become ever more vulnerable to a wider range of security threats. To combat those threats and ensure that e-business transactions are not compromised, security technology must play a major role in today's networks.
Harvey, Brian."Computer Hacking and Ethics." Ed. Paul Goodman, P.G. Electrical Engineering and Computer Sciences. U of California, Berkeley, n.d. Web. 25 Jan. 2014.
Malicious code, also known as malware, installed on a computer provides an attacker with the control over this machine. Therefore, malware can be defined as “a set of instructions that run on your computer and make your system do something that an attacker wants to do”. It is more common to see malicious code to be implemented in binary executable files. However, it can be implemented in almost any computer language. Attackers have used a huge number of scripting languages, word processing macro languages and a h...
In the following report I will discuss the role of network management and how the network manager contributes to the network security of an organisation. Network security will be discussed in full to inform on how big of an impact network attacks can have on an organisation. Once the impact of network security has been covered I will go through all possible threats that can harm an organisation and the steps network managers should go through to secure a network to the best of their ability. The importance of network tools will be introduced last along with benefits they can provide.
The network management plan and security plan is important to help the company figure out how they will improve its network and security procedures for the company. Planning involves outlining objectiv...
The first thing that we must consider about Information Security is that there is not a final destination at which we can arrive. IT Security is an ongoing set of processes and activities that requires attention and expertise on a daily basis. It is important to understand that systems are not secured by themselves and it is our responsibility to maintain and improve them periodically as required. It is of vital importance to establish the appropriate mechanisms and requirements in order to support the company’s CIA triad. The following report will provide you guidance about auditing and hardening techniques applied though the 7 Domains by utilizing IT Security Best Practices.