...Rio Hondo College: No person may use Library computer resources for any illegal or unauthorized act. Specifically, individuals may not use computing resources to violate any state or federal laws or any regulation of Rio Hondo Community College including, but not limited to, any laws and regulations governing the creation, dissemination, or possession of pornography or other illegal documents or images; the possession or use of programs, files or instructions for violating system security; and the violation of copyright law. Changing, modifying, or eliminating Library computer configurations and loading any application or program software onto the Library computers is prohibited. The availability of Internet resources will be determined by staff at Rio Hondo College Library. As of this writing, non-course-related chat or chat-like activities are NOT allowed. North Dakota EduTech Support: Under no conditions shall any user provide another person with access to or use of their account. Similarly, users shall not examine, change, or use any account but their own. No user may represent themselves as another individual or entity in electronic communication. Users shall not deliberately attempt to degrade system performance or capability. Knowledge of system or special passwords does not convey permission or privilege to use such passwords. No account shall be used to damage a system or file or remove information without authorization. Users should expect only limited privacy...
Words: 425 - Pages: 2
... steal data, or prevent the software from working at all. The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped. Software customers can use the same list to help them to ask for more secure software. Researchers in software security can use the Top 25 to focus on a narrow but important subset of all known security weaknesses. Finally, software managers and CIOs can use the Top 25 list as a measuring stick of progress in their efforts to secure their software. The list is the result of collaboration between the SANS Institute, MITRE, and many top software security experts in the US and Europe. It leverages experiences in the development of the SANS Top 20 attack vectors (http://www.sans.org/top20/) and MITRE's Common Weakness Enumeration (CWE) (http://cwe.mitre.org/). MITRE maintains the CWE web site, with the support of the US Department of Homeland Security's National Cyber Security Division, presenting detailed descriptions of the top 25 programming errors along with authoritative guidance for mitigating and avoiding them. The CWE site contains data on...
Words: 24162 - Pages: 97
...Running head: Security Assessment and Recommendations Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and was...
Words: 1692 - Pages: 7
...SE571 Course Project: Security Assessment and Recommendations Overview This course does involve a lot of technical information and theory but, what really matters is how this knowledge can be used to identify and remediate real-world security issues. What you learn in this course should be directly applicable to your work environment. The course project that you will complete is designed to further this goal. In the first part of the project you will choose an organization from one of two given scenarios (below), identify potential security weaknesses, and in the second part of the project, you will recommend solutions. The first part of the project is due in week 3, and the second part of the project, along with the first part (presumably revised based on instructor feedback) is due in week 7. This project constitutes a significant portion of your overall grade. This is an individual assignment and may not be completed in teams. ------------------------------------------------- Phase I In this phase you will choose either Aircraft Solutions or Quality Web Design as the company you will work with. You will then identify potential security weaknesses. Security weaknesses – You must choose two from the following three areas: * hardware * software * policy (excluding password policies) and identify an item that requires improved security. To clarify: you must identify ...
Words: 914 - Pages: 4
...Case Study Questions 1. List and describe the security and control weaknesses at Sony that are discussed in this case. The case discusses the main security and control weaknesses at Sony which allowed a breach of their network. Sony, at the time of the breach, did not make security and control a top priority. Some of the security weaknesses noted in the case study includes the fact that Sony was using an older version of software (Apache Web Server) which had known security issues. This impaired the security of their firewall, allowing hackers to get in. As for control weaknesses, there were obviously not the appropriate policies or organizational procedures in place, since Sony did not know what information was stolen from their servers, the fact that it took days for Sony to inform their customers of the breach immediately shows a lack of training of their management and staff and also Sony’s delay in shutting down all of their servers at the point when they learned of the attack. If the proper policies and organizational procedures were in place, perhaps it would not have been as dramatic for Sony. 2. What people, organizational, and technology factors contributed to these problems? Contributing to these problems was management’s unwillingness to spend the appropriate amount of money on the needed software to ensure security, the lack of training of their employees, almost non-existent procedures, and outdated software. With proper management and procedures in place...
Words: 493 - Pages: 2
...Homeland Security Research Design Chris Hix HSM421: Research & Analysis in Homeland Security Professor: Kenneth Jenkins March 7, 2016 Homeland Security Research Design The United States has invested heavily in maintaining cyber security and border security in the homeland. Federal, State, and Local level initiatives have been implemented to escalate enforcement undertakings in communities across the country. These efforts are geared towards thwarting illegal border crossings and unlawful presence and occur in tandem with workplace enforcement to prevent illegal employment. However, these measures are not level with the excessive’ focus on terrorist threats displayed by agencies tasked with ensuring homeland security. The system is correctly focused on the terrorist threat posed by radical groups that are miles away while exhibiting complacency to more immediate threats. For instance, hackings, illegal immigration, human, and substance trafficking do more damage in a year than the combined damage of all terrorist activities to ever occur on American soil. Consequently, if the system is to achieve its mandate of ensuring Homeland Security, its main focus should be on immediate threats, of which cyber and border security are of most concern. The continued focus on terrorism as the central threat to homeland security necessitates an examination of the key factors that influence decision-making regarding homeland security. Hypotheses Getting the priorities right...
Words: 2565 - Pages: 11
...1.0 INTRODUCTION Dave Lindsey fund the capital of its business by using $30,000 of his and his wife's personal savings and name it as Defender Security Co. They sell and install ADT security systems to homeowners in U.S. Their house was used as their main office at the beginning. After years of selling and hard work on reaching monthly quotas and mostly sell more than it, Defender became one of the largest security dealers in the Midwest. Then, they become dealers of other products like Dish Network Satellite TV, True Energy Smart Air, Williams Comfort Air and Outsource Sales Center. Defender also encourage self improvement and leadership by sending their employees for training. In conclusion, they believe that business do not grow, people do. 2.0 VISION AND MISSION STATEMENT Defender is striving to be best in the world at attaining customer by providing them the top brand-name products and services that could improve the lives of homeowners. Defender Direct has developed such a strategic vision that directs the company of where it is heading and maps a future business path. On the other hand, its mission statement covers four areas. These four areas describe the company’s present business purpose likewise, what they do. First, the company acquires customers by serving their customers the best service and products. Second, the company uses its unparalleled direct marketing capability to create leads. Third, the company transforms leads into sales like no other. Lastly...
Words: 5076 - Pages: 21
...Dr. Michael Workman Information Security Management RISK ASSESMENT Information systems have long been at some risk from malicious actions or inadvertent user errors and from natural and man-made disasters. In recent years, systems have become more susceptible to these threats because computers have become more interconnected and, thus, more interdependent and accessible to a larger number of individuals. In addition, the number of individuals with computer skills is increasing, and intrusion, or “hacking,” techniques are becoming more widely known via the Internet and other media. Arisk assessment is not about creating huge amounts of paperwork , but rather about identifying sensible measures to control the risks in your workplace. You are probably already taking steps to protect your employees, but your risk assessment will help you decide whether you have covered all you need to. Think about how accidents and ill health could happen and concentrate on real risks – those that are most likely and which will cause the most harm. For some risks, other regulations require particular control measures. Your assessment can help you identify where you need to look at certain risks and these particular control measures in more detail. These control measures do not have to be assessed separately but can be considered as part of, or an extension of, your overall risk assessment. Although all elements of the risk management cycle are important, risk assessments...
Words: 3691 - Pages: 15
...WIRELESS LOCAL AREA NETWORK IMPLEMENTATION SECURITY AND SUPPORT SUBPROJECT Stephen F. Delahunty Project Management in the Technological Environment Scope Definition Plan Wireless Local Area Network Installation Project This document serves to provide a scope definition for the Security and Support subproject of the corporate wireless local area network installation project initiative. It is a functional document to be used by the project team and stakeholders as a central point of reference for this subproject. Security and Support Scope Definition Subproject Justification The business need for this subproject is the constraint to ensure compliance with corporate and industry security standards in order to protect the firm’s information systems and data. If security issues are not addressed there is a potential for a loss of data or access to corporate systems from unauthorized outside parties. Without proper security procedures the firm could increase vulnerability in terms of information technology and proprietary data. Any network-related project such as this wireless network installation must adhere to current corporate security policy and this subproject meets that goal. An additional requirement of this subproject is to facilitate a smooth transition to a pilot program and full implementation. The subproject team will also serve as security subject matter experts for other subproject teams in this overall initiative. ...
Words: 674 - Pages: 3
...Also included are explanations of control types, how they are used and implemented, and the risk they are intended to minimize. Unit 5 Individual Project: Risk Control Strategies Risk Management is a discipline employed by organizations for the express purpose of minimizing threats to the company’s security assets. Risk management also works to support managers and increase their confidence when making decisions. Security risk plans are used to help management develop coherent and comprehensive strategies for managing risk prevention. An important part of a security risk plan is evaluating the level and type of countermeasures needed to guard against security threats capable of causing security breaches (Stoneburner, Goguen, & Feringa, 2002). The security management process can be described in four steps: I. Identify security risks. II. Develop strategic countermeasure plans. III. Implement strategies. IV. Monitor, evaluate, and maintain appropriate security measures. Areas of Risk Management A threat is defined as a situation where a threat-source has the potential to successfully penetrate a system vulnerability. Vulnerabilities are weaknesses within a system that could possibly be exploited either accidentally or intentionally (Stoneburner, Goguen, & Feringa, 2002). There is no risk involved with threat-sources unless vulnerabilities are present. So, when determining whether the likelihood...
Words: 1751 - Pages: 8
...Risk is the likelihood that a loss will occur. Losses occur when a threat exposes a vulnerability Threat—A threat is any activity that represents a possible danger. • Vulnerability—A vulnerability is a weakness. • Loss—A loss results in a compromise to business functions or assets. Assets can have both tangible and intangible values. The tangible value is the actual cost of the asset. The intangible value is value that cannot be measured by cost, Tangible includes • Computer systems—Servers, desktop PCs, and mobile computers are all tangible assets. • Network components—Routers, switches, firewalls, and any other components necessary to keep the network running are assets. • Software applications—Any application that can be installed on a computer system is considered a tangible asset. • Data—This includes the largescale databases that are integral to many businesses. It also includes the data used and manipulated by each employee or custome The intangible value includes: • Future lost revenue—Any additional purchases the customers make with the other company is a loss to your company. • Cost of gaining the customer—A lot of money is invested to attract customers. It is much easier to sell to a repeat customer than it is to acquire a new customer. If you lose a customer, you lose the investment. Customer influence—Customers have friends, families, and business partners. They commonly share their experience with others, especially if the experience is...
Words: 3234 - Pages: 13
...Tracy E Fulford Certified Security Project Manager Table of Contents Summary Resume Career Objective Evaluations Qualifications Project Management Security Specialist Defense Tactical Training and Selection Focus areas Concept of Security Security Projects Security Programs and Training Security Placements Summary Resume TRACY E FULFORD 2414 County Road 90 Pearland TX (832)498-8757 tracy.fulford68@gmail.com Career objective; highly experienced Military Security Senior Non-Commissioned Officer seeking to transition into the private sector security industry. Certified by the Security Industry Association as a Certified Security Project Manager in May 2015. Very knowledgeable in both architectural and operational elements of security policies, training, and systems. PROFESSIONAL ACHIEVEMENTS PROJECT MANAGEMENT Certified Security Project Manager TRAINING First Army Academy Observer Trainer/Coach SECURITY SPECIALIST Defense Security Services Security Specialist Defense Security Services Security Ad-junctions SKILLS WORK HISTORY RETENTION AND CAREER COUNSELING US Army Reserve Career Counselor 79V Security Programs and Design Defense Tactical Training Law Enforcement/Military/Security Personnel Programs Planning and Operations Law Enforcement/Military/Security Personnel Personnel assessment for Law Enforcement/Military/Security projects Objective Focus Training BN SS OPERATIONS NCO, US ARMY RESERVE AGR, HOUSTON TX 08/01/2012...
Words: 740 - Pages: 3
...Name: Melina Escamilla Course: Principles of Information Security Professor: Jonathan Coombes Course Project Phase I – Week 3 Company Overview Aircraft Solutions (AS) is a reputable organization whose mission is to deliver custom made products based on unique customer requirements. Aircraft Solution’s customer base is made up of an array of industries, which include defense, commercial, aerospace and electronics. Aircraft solutions have worked with different countries to meet specific demands for government customers as well as family businesses. With that being said, Aircraft Solutions’ workforce is made up of several different types of skilled professionals. This company prides itself on customer service and is mission driven. Security Vulnerabilities, Threats and Risks This report will explain two vulnerabilities found within Aircraft Solutions hardware and security policy. The report will briefly discuss threats for each the hardware and policy vulnerability and the likelihood in which the threat will happen. Hardware Vulnerability: Currently, the public can access information on AS’s website regarding commercial aircraft, however, there is only one parameter in place regarding a firewall. With Aircraft Solutions working with several different industries, especially commercial aircraft, multiple firewalls should be established to support the networks needed to keep our different industries secure. Hardware Threat: According to our text, a threat...
Words: 513 - Pages: 3
...have, you can identify what you are already doing to protect it. Just because a control is in place does not necessarily mean that the asset is protected. Frequently, organizations implement control mechanisms but then neglect the necessary periodic review, revision, and maintenance. The policies, education and training programs, and technologies that protect information must be carefully maintained and administered to ensure that they remain effective. Know the Enemy Having identified your organization’s assets and weaknesses, you move on to Sun Tzu’s second step: Know the enemy. This means identifying, examining, and understanding the threats facing the organization. You must determine which threat aspects most directly affect the security of the organization and its information assets, and then use this information to create a list of threats, each one ranked according to the importance of the information assets that it threatens. 3. The information security community is responsible for risk management in a community but all of the communities must show an interest from management and the users....
Words: 963 - Pages: 4
...excellent job! All requirements were met. Keep up the good work. Professor C Information Security Fundamentals Week 3 Security Policies 08 July 2012 Although the sample email use policy is very generic it does outline specific requirements and rules that must be met. The general restrictions are clear, covering prohibited use. It states that the company email system shall not be used for the creation or distribution of any disruptive, offensive, or discriminatory messages. It addresses prohibited emails and emails that need the VP of Operations approval and the consequences for violating the policy. This email policy does not recognize personal privacy in email, but it allows for a “reasonable amount” of company resources for personal emails. However, this is confusing because it does not define or list the restrictions of personal use. If the business is relatively small than this generalized usage policy would be effective, but for mid to large sized organizations a more in depth email use policy that is part of a larger policy should be developed. In practice, this sample issue-specific policy would not suffice for the majority, but it is a good basic outline. Organizations that have trade secrets to protect, hospitals, government agencies, and financial institutions would need to dissect this particular policy to identify its strengths and alter its weaknesses. A few of its noticeable weak points are: 1. A formal header – The policy identifies the...
Words: 514 - Pages: 3
