Premium Essay

Case 3: Physical Security

In: Computers and Technology

Submitted By dainisboy5
Words 354
Pages 2
CASE 3: PHYSICAL SECURITY p.64
Required:
1. Why are the auditors of Avatar stressing the need to have a better physical environment for the server? If Avatar has proper software controls in place, would that not be enough to secure the information?
Ans. Auditors of Avatar are stressing the need to have a better physical environment for the server to secure and protect the infrastructure itself (hardware, sorftware and networking devices) as well as the information they hold from possible threats. The company may not only lose the investment they put for the servers and data but it can also impair their ability to function as a business. Evidently, software controls that are currently in place are not enough to secure the information. Additional control features must be considered to guarantee the security of the server and help them mitigate risks. 2. Name the six essential control features that contribute directly to the security of the computer server
Ans.
a. The physical location of the computer center directly affects the risk of destruction to a natural or man-made disaster. b. Computer center should be located in a single-story building of solid construction with controlled access c. Access to the computer center should be limited to the operators and other employees who work there. d. Computers function best in an air-conditioned environment, and providing adequate air conditioning is often a requirement of the vendor’s warranty e. The implementation of an effective fire suppression system is essential as fire could seriously endanger a firm’s computer equipment f. Fault tolerance which is the property that enables a system to continue operating properly in the event of the failure of (or one or more faults within) some of its components.

CASE 4: Disaster Recovery Plans p.64-65
Required
1. Describe the computer...

Similar Documents

Premium Essay

Close Protection Public Services Unit 18

... 04/04/16 Unit Title: Security Procedures in the Public Services Unit N: 18 P1. Identify the threats and the consequences of a failure in securities that exist to the security of people, property and premises in a public service. ..For this example we take a nightclub with a capacity of about 300 people. My role is DS – doorman. We have to secure the safety of premises, people and everyone. Potential threats that we possibly can have are: 1. Drunken people coming in 2. Drug pushers trying to get in and sell their drugs inside 3. Overcrowding 4. People bringing weapons in M1. Explain the use and application of the most suitable security measure to deal appropriately with the threats. In this case the most suitable security measures to deal appropriately with these threats would be: 1. Drunken people – you can refuse the entry for them. 2. Drug pushers - you can search them; if the drug is found you confiscate it, secure in a secured place and then refuse the entry for them 3. Overcrowding – you use the special counter to count the amount of people who went in and when the critical mass is approaching (in our case it is something like 250-260 people) you have to come out to the queue and tell people that they may or may not be admitted because there is not enough space inside of a venue. 4. Weapons – you search them; if the weapon is found you confiscate it and refuse the entry. In some cases you may also say that you......

Words: 1214 - Pages: 5

Premium Essay

Maximum Security in Database Management

...Maximum Security in Database Management Maximum Security in Database Management Rackspace Introduction In the current world there people and organization experience un-eventualities and risk of their confidential information. My organization, Rackspace, is a hosting and cloud system organization. For this company it is vital that information is stored in data bases that are run by organizations, locally hosted on personal computers. Intruders can access this information if it is not properly secured. Therefore the purpose of this study is to inform about the current savvy technologies that can be applied to completely thwart intruders from accessing such delicate information within Rackspace. Part 1: Project Identification and Business Environment For this project to go on in a smooth and effective manner different individuals must carry on certain specified task. For Rackspace, this means that every person must hold on to a responsibility to properly and pursue it to the end. Some of the responsibilities are interdepended and other are depended. In case of an interdependent responsibility there will be a proper communicated channel of events that will ensure that information is traversed from one source to another to smoothen up events. Therefore, the following a list of responsible individuals who will implement the process of securing the database of an organization. Company Chief Executive Officer Responsible for overseeing the success......

Words: 3927 - Pages: 16

Premium Essay

Final Project

...Technical Project Paper: Information Systems Security Information Systems Security Haseeb Ahmed Khan Mark O’Connell CIS 333 Fundamentals of Information Security March 12, 2012 Abstract In today’s IT world every organization has a responsibility to protect the information and sensitive data they have. Protecting data is not only responsibility of security and IT staff but every individual is involved in protecting the information. The risks to information security are not digital only, but it involves technology, people and process that an organization may have. These threats may represent the problems that are associated to complex and expensive solution, but doing nothing about these risks is not the solution. The case we have been assigned today deals with physical and logical vulnerabilities and protection against the risks and threats by implying the best controls to either mitigate, avoid and transfer the risks. Being an Information Security officer at a newly opened location in a busy mall, I have been asked to identify physical and logical risks to the pharmacy operations and also to suggest remedies to avoid any huge loss to the business. The pharmacy operations involve the unique transactions which involves the critical patients’ data, valuable medication and access to cash. The regulation set by the government obligates a pharmacy to meet certain standards to secure logical and physical access to information systems. The pharmacy is comprised of 4......

Words: 2531 - Pages: 11

Premium Essay

Sad Analysis and Design

...system Physical security describes measures that are designed to deny access to unauthorized personnel (including attackers or even accidental intruders) from physically accessing a building, facility, resource, or stored information; and guidance on how to design structures to resist potentially hostile acts.[1] Physical security can be as simple as a locked door or as elaborate as multiple layers of barriers, armed security guards and guardhouse placement.[2] Modern security involves a variety of systems, such as CCTV, Access Control systems, security fences, building management, fire detectors and more. These systems are operated separately, providing security personnel with a partial and isolated perspective that is very much dependant on the capabilities of the security operator. When securing a single small-scale facility, using these separate systems may be sufficient. However, securing mid-to-large scale facilities, such as airports, or multiple facilities, such as a network of train stations – requires a unified perspective. 2.2 Drawbacks of existing system The importance of physical security cannot be understated because it ranges from issues of outright theft of a system or key storage component to intervention with the boot drive during startup. Let's consider several common physical security threat scenarios. Backups and Restoration Security An organization's philosophy of network security can vary greatly. Data integrity is not commonly viewed as a security......

Words: 1946 - Pages: 8

Premium Essay

Cis 550, Term Paper: Diginotar, Part 6b

...Running head: CIS 500, Case Study 1: Stratified Custom Manufacturing, Part 2 
 ABSTRACT This paper develops a security policy document for my mid-sized organization “Canar Networkung Organization”. The paper will include measures to protect against breaches and act as a proactive defense. It defines the segments of policy that are purpose, audience, document information and scope for the success of organization. This paper also develops the policy criteria that protect the organization from proactive defense and organizational risks. It examines the objectives, complains, responsibilities, implementations and control of policy criteria in order to enhance the organization. The paper also details the policy measurement in order to mitigate the organizational threats, and provides an effective security elements for the enhancement of the organization. Introduction: The policy This policy is the procedure and principle that guides the decisions and the rational outcomes of an organization. The subjective and the objective decisions can be assisted by policy in order to make better environment to the organization. Policies include the set of decision that can be associated by the senior management in an organization. Document information: The framework of Canar Networkung Organization could be provided by document information for the development of......

Words: 7361 - Pages: 30

Free Essay

Today

...SUBDOMAIN 426.1 - NETWORK SECURITY   Competencies: 426.1.1: Advanced Network Overview - The graduate compares and contrasts the common types of network topologies, network protocols, and network infrastructure components and their functions and identifies their strengths and weaknesses. 426.1.4: Establishing Physical Security - The graduate identifies and evaluates the appropriate security practices that are necessary to support physical security site operations. 426.1.5: Preventing Network Attacks - The graduate defines and evaluates different types of network security threats and selects appropriate countermeasures or controls to protect against them. 426.1.6: Intrusion Detection Systems (IDS) - The graduate analyzes network auditing tools related to intrusion detection. Introduction:   Myrtle & Associates and Bellview Law Group are two medium-sized law firms specializing in personal injury cases. The law firms have had a cooperative working relationship for the past 20 years. Recently, the firms have decided to consolidate and merge into one larger firm with a new name: MAB Law Firm. The challenge will be to integrate the computer systems from both firms into one large network. The two law firms are located across town from each other. The integration effort should be designed to combine the firms into a single logical site.   Myrtle & Associates has three servers that were recently upgraded to Windows Server 2008. One of them functions as a domain controller,...

Words: 575 - Pages: 3

Premium Essay

Hw3 Case Study for Undergrad Computing

...* Case Study 1: Harriet’s Fruit and Chocolate CompanyThis assignment is due for online students by midnight on Sunday of Week 3 and for on-ground students before Week 4’s class meeting. Submit your assignment to the course shell.Read the Harriet’s Fruit and Chocolate Company case study found in Chapter 2 of the textbook. Then, answer the questions below. Each response should be one (1) paragraph in length submitted in MS Word and the submission is not to exceed two (2) pages.Write a one to two (1-2) page paper that addresses: * What investigation will you do with regard to the physical infrastructure of the orchards, orchard shacks, and the cold storage building? * Make a list of business goals for Harriet’s Fruit and Chocolate Company. What are some constraints that will affect these goals? * Make a list of technical goals for Harriet’s Fruit and Chocolate Company. What tradeoffs might you need to make to meet these goals? * Will a wireless solution support the low delay that will be needed to meet the needs of the applications? Defend your answer. * What security concerns should you bring up as you design the network upgrade?The format of the paper is to be as follows: * Typed, double-spaced, Times New Roman font (size 12), one-inch margins on all sides, APA format. * Type the question followed by your answer to the question. * In addition to the one to two (1-2) pages required, a title page is to be included. The title page is to......

Words: 1387 - Pages: 6

Free Essay

Workplace Violence

...Workplace Violence Case Study Walaa Essam, Group 52F ESLSCA Business School Workplace Violence Case Study Introduction This case study addresses the problem of workplace violence by analyzing two actual incidents which took place at two renowned multinational firms, which are “DaimlerChrysler’s Toledo, Ohio, assembly plant” and “Lockheed Martin”. The purpose of this study is to help finding a useful managerial tool to decrease the potential for future workplace violence that may lead to loss of life and unnecessary monetary loss. Managers are not necessarily equipped to develop appropriate measures to effectively deal with violent issues. Given the proper tool, managers can often work wonders. But we first need to look at how we define the problem of workplace violence. Generally, people think of workplace violence solely in the context of physical assaults or homicides. Many mental health professionals consider such a definition too narrow, and instead define workplace violence more broadly, such as "any verbal or physical assault or any violence that occurs in the workplace even if its source is not related to the work environment or any abusive, threatening, intimidating, or assaulting conduct against a co-worker whether physical or verbal. Such conduct can be seen in the form of shaking fists, throwing objects, destroying company property, written or verbal threats, swearing, insults, condescending language, hitting, shoving, pushing,......

Words: 3282 - Pages: 14

Premium Essay

Cool

...ACCESS CONTROL IN SUPPORT OF INFORMATION SYSTEMS SECURITY TECHNICAL IMPLEMENTATION GUIDE Version 2, Release 2 26 DECEMBER 2008 Developed by DISA for the DoD UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD This page is intentionally blank. ii UNCLASSIFIED Access Control in Support of Information Systems STIG, V2R2 26 December 2008 DISA Field Security Operations Developed by DISA for the DoD TABLE OF CONTENTS Page SUMMARY OF CHANGES...................................................................................................... IX 1. INTRODUCTION................................................................................................................. 1 1.1 1.2 1.3 1.4 1.5 1.6 1.7 2. Background ..................................................................................................................... 1 Authority ......................................................................................................................... 2 Scope............................................................................................................................... 3 Writing Conventions....................................................................................................... 3 Vulnerability Severity Code Definitions ........................................................................ 4 STIG Distribution .......

Words: 38488 - Pages: 154

Premium Essay

Demat

...Dematerialisation is the process by which physical certificates of an investor are converted to an equivalent number of securities in electronic form. Rematerialization is the process of converting securities held in electronic form in a demat account back in physical certificate form. According to the Depositories Act, 1996, an investor has the option to hold securities either in physical or electronic form. Part of holding can be in physical form and part in demat form. However, SEBI has notified that settlement of market trades in listed securities should take place only in the demat mode. All types of equity/ debt instruments viz. equity shares, preference Shares, partly paid shares, bonds, debentures, commercial papers, certificates of deposit, government securities (G-EC) etc. irrespective of whether these instruments are listed / unlisted / privately placed can be dematerialized with depository, if they have been admitted with the depository. The depository system, which links the issuers, depository participants (DPs), Depositories and Clearing Corporation/ Clearing house of stock exchanges, facilitates holding of securities in dematerialised form and effects transfers by means of account transfers. This system which facilitates scripless trading offers various direct and indirect services to the market participants. A depository is an organisation which holds securities (like shares, debentures, bonds, government securities, mutual fund units etc.)......

Words: 1644 - Pages: 7

Premium Essay

The Creative Thinking Process Phl/458

...difficult, as no one truly knows because creativity can come in a variety of ways. In some cases it can come in the form of a mistake or accident, such as the potato chip, corn flake, and microwaves. The application process in creativity is something that researchers are constantly studying and demonstrating in hopes of understanding the process. The creative process is made of four stages, the number seems to differ among some people because some stages list the stages as individuals and some combined. “The first stage searching for challenges or the essence of creativity is meeting challenges in an imaginative, original, and effective way” (Ruggiero, 2009, p. 105). For example on Fort Jackson the organization I work for deals with the storage and maintenance of weapons, and weapons parts. Physical Security is a major concern for the organization. Recently, the boss came to inform me of a Physical Security Inspection in two days. The new facility manager appointed me the new Physical Security Officer. I knew that I would not be able to pass an inspection with only two days on the job. The issue is that there was no program in place. What I did know was, I could only do the best I could, and in another six weeks there would be a re-inspection. My mind starts going a mile a minute and start asking questions like: 1. Is there a program started? 2. Where can I find this information? 3. Is this information readily available? 4. Can this be done in such a......

Words: 903 - Pages: 4

Premium Essay

Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes

...Week 1 Lab Part 1: Assess the Impact on Access Controls for a Regulatory Case Study Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: 1. Configure user accounts and access controls in a Windows Server according to role-based access implementation 2. Configure user account credentials as defined policy, and access right permissions for each user 3. Create and administer Group Policy Objects for the management of Windows Active Directory Domain machines within the IT infrastructure 4. Apply the correct Group Policy Object definitions per requirements defined by policies and access right permissions for users 5. Assign and manage access privileges as requested in the case study to apply the recommended and required security controls for the user accounts Week 1 Lab Part 1 - Assessment Worksheet Assess the Impact on Access Controls for a Regulatory Case Study Overview Watch the Demo Lab in the Week 1 Learning Space Unit 1, and answer the questions below. The lab demonstrates creating an Active Directory domain as well as user and group objects within the new domain. Directories will be created and permissions assigned based on the required access control as defined in the matrix. Group Policy Objects will also be created and linked to Objects within the domain to enforce security settings. Lab Assessment Questions & Answers 1. What does DACL stand for and what...

Words: 1428 - Pages: 6

Premium Essay

Cyberlaw, Regulations and Compliance

...Information Security Policy: A. 1. The policy for information security has two different sections – first is managing passwords and second is new user policy. They are discussed in detail as below: New Users: When a new user enters the organization, depending upon the roles and responsibilities assigned to the person, he will be given corresponding access rights. With the help of these access rights the person would be able to access the required files and data necessary for his tasks. When these access rights are assigned the user should sign a document, which will list his roles and responsibilities. This document will be co-signed by his supervisor as an agreement. If a user requires elevation in privileges, he will need to get permission from the respecting manager. When new people join organization they will be taken through an orientation program which will give information on security policies, work culture, work place, information security practices etc. Besides orientation program the users will also be trained on topics like remote device protection, password management, content management, file downloads, access levels and its importance and acceptable use of internet and email. These trainings will be mandated for all the new users and after completion of training this will be documented and stored. As per HIPAA guidelines unless all these mandatory trainings are completed they are not given access to the company data and records (HIPAA Security Guidance,......

Words: 1304 - Pages: 6

Premium Essay

Wefrqf

...IT Security Policy I.T. SECURITY POLICY Copyright © Ruskwig – Ruskwig provides you with the right to copy and amend this document for your own use – You may not resell, ask for donations for, or otherwise transfer for value the document. Page 1 IT Security Policy TABLE OF CONTENTS 1. POLICY STATEMENT .......................................................................................................... 3 2. VIRUS PROTECTION ........................................................................................................... 5 3. PHYSICAL SECURITY OF COMPUTER EQUIPMENT ....................................................... 7 3.1. DEFINITIONS................................................................................................................. 7 3.2. CATEGORIES OF RISK ................................................................................................ 8 3.3. REQUIRED PHYSICAL SECURITY .............................................................................. 9 3.4. COMPUTER SUITE ..................................................................................................... 14 4. ACCESS CONTROL ........................................................................................................... 15 5. LAN SECURITY .................................................................................................................. 17 6. SERVER SPECIFIC SECURITY ............................................................

Words: 6035 - Pages: 25

Free Essay

Workpllace Violence

...Workplace Violence Case Study 01 Supervised by Dr. Hesham Sadek Prepared by Amr Mohamed Anwar (52 F) Workplace Violence Case Study 01 1 1- Problem Definition 1 2- Justification of the Problem 2 3- List of Alternatives 2 4- Evaluate Alternatives 2 a- Develop a violence Prevention Program. 2 b- Provide a policy on workplace violence and weapons 3 c- Implement Physical Security 3 d- Background Screening 4 5- Recommendations 4 1- Problem Definition Violence at workplace is the Violence against coworkers, supervisors, or managers by a present or former employee. It happens in the form of physical abuse and threat, that causes the murder of three supervisors with clear intentions from the murdered. 2- Justification of the Problem Violence at work may come from:  a- Unfair treatment. b- Unfair termination. c- Lack of justice. d- Persecution of supervisors or Managers. e- Workplace not safe and healthy enough. 3- List of Alternatives a- Develop a violence Prevention Program. b- Provide a policy on workplace violence and weapons. c- Implement Physical Security. d- Background Screening. 4- Evaluate Alternatives a- Develop a violence Prevention Program. Violence Prevention Program should provide the following: Develop and promote an incident reporting structure so employees have a mechanism for reporting incidents and threats of violence. The system should include a way for employees to give confidential information concerning......

Words: 683 - Pages: 3