Premium Essay

Computer Security Management

In: Computers and Technology

Submitted By vishaljindal
Words 4051
Pages 17
CSE 4482 Computer Security Management: Assessment and Forensics

Introduction to Information Security

Instructor: N. Vlajic,

Fall 2010

Learning Objectives
Upon completion of this material, you should be able to:


Define key terms and critical concepts of information security. List the key challenges of information security, and key protection layers. Describe the CNSS security model (McCumber Cube). Be able to differentiate between threats and attacks to information. Identify today’s most common threats and attacks against information.



• •



Introduction
“In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid, …, information security is no longer the sole responsibility of a small dedicated group of professionals, …, it is now the responsibility of every employee, especially managers.”

http://www.businessandleadership.com/fs/img/news/200811/378x/business-traveller.jpg http://www.businessandleadership.com/fs/img/news/200811/378x/businesshttp://www.koolringtones.co.uk/wp-content/uploads/2010/01/mobile-phones.jpg http://www.koolringtones.co.uk/wp- content/uploads/2010/01/mobile-

Information Technology
• Information Technology – enables storage and transportation of information from one business unit to another in many organizations, information is seen as the most valuable asset

• Information System – entire set of data, software, hardware, networks, people, procedures and policies necessary to use information as a resource in an organization each of 7 components has its own strengths, weaknesses, and its own security requirements

Information Technology (cont.)

Information Security
Security = state of being...

Similar Documents

Premium Essay

Computer Updating and Security Management

...Computer Updating and Security Management Once again the IT Administrators have asked to clarify certain points to them on the implementation of the new network being installed. This takes in account that they know the basics of Server 2008 for windows, and have some knowledge working it. Let us then answer their questions on computer updating and security management. The first thing to address is the software and service Microsoft Server 2008 had in place for centralized updates. IT has a program called WSUS that allows all updates to be centralized from one place. It allows update support for a lot of computers up to 100,000, which leaves more than enough room for the school to grow. Since the main office will be the center I would set up a standard Hierarchy of WSUS (Moskowitz, n.d.). An upstream server which is located in the main office will approve and deploy the updates. The downstream server would be located at the school site. They will download the updates from the upstream server and parceled out to the computers/clients allowed. This will be a good fit for updates that are deemed unnecessary or not wanted by the organization and easily managed from a central location. The security measures in place will be of course IPSec. The communications from the main office to the school will be using Layer Two Tunneling Protocol or L2TP (Freelancer, 2008). This will ensure a secure connection at the highest possible setting....

Words: 591 - Pages: 3

Premium Essay

Statement of Work

...Statement of Work Computer Security Awareness and Training April 14, 2000 (NOTE: Commentary information is provided in Italics) 1. PURPOSE/OBJECTIVE: The purpose of this Statement of Work (SOW) is to elicit proposals to develop a computer security awareness and training course specific to executives and senior management of the XX Agency (XXA). This course may be conducted by organization staff or by contractor staff under a separate contract. The course encompasses lesson plans, training aids, and handout materials. The contractor shall develop a computer security awareness and training course tailored to XXA's needs. This contract requires the development of computer security awareness training materials tailored to the XXA's needs, which may be used by a contractor or by XXA, in subsequent training sessions. At a minimum, the contractor shall include one or more of the five basic subject areas into a computer security awareness and training plan for the executives and senior management within XXA. The five basic subject areas are: computer security basics; security planning and management; computer security policies and procedures; contingency plan/disaster recovery planning; and systems life cycle management. http://www.eeoc.gov/eeoc/doingbusiness/statement_of_work.cfm 2....

Words: 1866 - Pages: 8

Premium Essay

Risk Management and Problem Management of a Compromised Unix Operating System

...Running head: RISK MANAGEMENT AND PROBLEM MANAGEMENT RELATION The effectiveness of the relationship between risk management and problem management of a compromised UNIX operating system CSMN 655 Computer Security, Software Assurance, Hardware Assurance, and Security Management Abstract Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. The entire risk management process balances the operational and economic costs of protective measures and contributes to mission capability by protecting the systems and the data that support the organizational mission from both deliberate and unintentional compromise. Computer security problem, or incident, management is an administrative function of managing and protecting computer assets, networks and information systems. These systems continue to become more critical to the personal and economic welfare of our society. Organizations must understand their responsibilities to the public good and to the welfare of their members. This responsibility extends to having a management program for reacting to system breaches, if and when they occur....

Words: 4103 - Pages: 17

Premium Essay

Security

...Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Computer Security Requires a Comprehensive and Integrated Approach. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Computer Security Should Be...

Words: 93588 - Pages: 375

Free Essay

Data and Privacy

...In addition, the term “computer security” is very commonly used, though; the information and data saved on a computer are in danger to few risks unless the computer is connected to other systems using a network. In view of the fact that the use of computer networks, particularly the Internet (largest network of the networks), has turned out to be persistent. The thought of a computer security system has extended to point out problems covered in the way of networked use of computers and their information and...

Words: 2264 - Pages: 10

Premium Essay

The Handbook

...Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own Organizations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Computer Security Requires a Comprehensive and Integrated Approach. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ....

Words: 93564 - Pages: 375

Free Essay

Spur

...Appendix A Mapping Course Content to the CompTIA A+ Essentials 220-701 Exam Objectives Exam Objective | A+ Certification Lesson and Topic Reference | A+ Certification Activity Reference | Domain 1.0 Hardware | 1.1 Categorize storage devices and backup media | * FDD | Personal Computer Components, Storage Devices | | * HDD | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Solid state vs. magnetic | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Optical drives | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * CD / DVD / RW / Blu-Ray | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Removable storage | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Tape drive | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Solid state (e.g. thumb drive, flash, SD cards, USB) | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage......

Words: 6966 - Pages: 28

Premium Essay

Case Study Data Breaches and Regulatory Requirements

...qwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmqwertyuiopasdfghjklzxcvbnmrtyuiopasdfghjklzxcvbnmqwer......

Words: 1570 - Pages: 7

Premium Essay

Risk Control Strategies

...Unit 5 Individual Project Charles Yates Professor Alfretta Earnest MGMT447-02: Technology Management 31 October 2012 Abstract In this presentation, the processes of risk assessment, risk identification, and risk control strategies will be explained. Examples of some of the risk control strategies that are available for companies are cited along with possible ways to utilize these tools to create a company risk policy. Also included are explanations of control types, how they are used and implemented, and the risk they are intended to minimize. Unit 5 Individual Project: Risk Control Strategies Risk Management is a discipline employed by organizations for the express purpose of minimizing threats to the company’s security assets. Risk management also works to support managers and increase their confidence when making decisions. Security risk plans are used to help management develop coherent and comprehensive strategies for managing risk prevention. An important part of a security risk plan is evaluating the level and type of countermeasures needed to guard against security threats capable of causing security breaches (Stoneburner, Goguen, & Feringa, 2002). The security management process can be described in four steps: I. Identify security risks. II. Develop strategic countermeasure plans. III. Implement strategies. IV. Monitor, evaluate, and maintain appropriate security measures....

Words: 1751 - Pages: 8

Premium Essay

Principles of Information Security Chapter 1

...In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data or connections between the computers. This led to circumstances where most information being stored on computers was vulnerable since information security was often left out of the design phase of most systems. 5. What are the three components of the CIA triangle? What are they used for? The three components of the C.I.A. are: • confidentiality (assurance that the...

Words: 4896 - Pages: 20

Premium Essay

A Security Risk Management Approach for E Commerce.Pdf

...The methods used in this model are the viable system model (VSM) and baseline security approach. The VSM is used to model an organisation's basic functions and associated data flows, whilst the baseline security approach is used to implement appropriate security countermeasures. The viable system model (VSM) Information Management & Computer Security 11/5 [2003] 238-242 # MCB UP Limited [ISSN 0968-5227] [DOI...

Words: 2218 - Pages: 9

Premium Essay

Pricinples of Information Security, Chapter 5 Review Questions

...How can a security framework assist in the design and implementation of a security infrastructure? Designing a working plan for securing the organization s information assets begins by creating or validating an existing security blueprint for the implementation of needed security controls to protect the information assets.  A framework is the outline from which a more detailed blueprint evolves.  The blueprint is the basis for the design, selection, and implementation of all subsequent security policies, education and training programs, and technologies.  The blueprint provides scaleable, upgradeable, and comprehensive security for the coming years.  The blueprint is used to plan the tasks to be accomplished and the order in which to proceed. What is information security governance? Governance is “the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise’s resources are used responsibly.”1 Governance describes the entire process of governing, or controlling, the processes used by a group to accomplish some objective. Just like governments, corporations and other organizations have guiding documents—corporate charters or partnership agreements—as well as appointed or elected leaders or officers, and planning and operating procedures....

Words: 4589 - Pages: 19

Premium Essay

Hello Hello

...OWASP: relationship between threat agent and business impact ... management principles, the countermeasures in order to accomplish to a security strategy set up ... Principles of Information Security - Page 40 - Google Books Result https://books.google.com.pk/books?isbn=1305176731 Michael E. Whitman, ‎Herbert J. Mattord - 2014 -...

Words: 598 - Pages: 3

Premium Essay

It Audit

...The objectives of this security audit were to review: ✓ All (formal and non-formal) Procedures and Policies to ensure those procedures and all employees, contractors,...

Words: 2618 - Pages: 11

Premium Essay

Accounting Information System Report

...REPORT ON REDUCING COMPUTER FRAUD Name: ZHAOJUN HU Student NO: 20137098 Class: TACC403 Accounting information system Submission date: September 20, 2013 TABLE OF CONTENTS EXECUTIVE SUMMARY i INTRODUCTION 1 IS SOFTWARE LICENSING ANTISOCIAL?..................................................................2 COMPUTER SECURITY MEASURES 3 WOULD THE REMOVAL OF COMPUTER SECURITY MASURES REDUCE THE INCIDENCE OF COMPUTER FRAUD? 5 CONCLUSION AND RECOMMENDATIO 6 REFERENCES 8 EXECUTIVE SUMMARY The aim of this report is to discuss the various methods of reducing computer fraud and to find out whether the computer security measures is necessary. In the main body of this report discuss about whether the software licensing is antisocial or not, the development of computer security measures, ethic teaching for the computer users and the effect of reduce computer security measures. The reports finds that software licensing protect the effort of the licensor and provide the financial support for them to develop new product and Computer security measures are effective way to reduce the computer fraud also is necessary. Without computer security measures the computer fraud will increased and the effect of using ethical teaching to reduce computer fraud is limited. The report conclude that reducing computer fraud not only depends on students self-moral cultivation but also require for protection from computer security measures....

Words: 2025 - Pages: 9