Premium Essay

Computer Security Management

In: Computers and Technology

Submitted By vishaljindal
Words 4051
Pages 17
CSE 4482 Computer Security Management: Assessment and Forensics

Introduction to Information Security

Instructor: N. Vlajic,

Fall 2010

Learning Objectives
Upon completion of this material, you should be able to:


Define key terms and critical concepts of information security. List the key challenges of information security, and key protection layers. Describe the CNSS security model (McCumber Cube). Be able to differentiate between threats and attacks to information. Identify today’s most common threats and attacks against information.



• •



Introduction
“In the last 20 years, technology has permeated every facet of the business environment. The business place is no longer static – it moves whenever employees travel from office to office, from office to home, from city to city. Since business have become more fluid, …, information security is no longer the sole responsibility of a small dedicated group of professionals, …, it is now the responsibility of every employee, especially managers.”

http://www.businessandleadership.com/fs/img/news/200811/378x/business-traveller.jpg http://www.businessandleadership.com/fs/img/news/200811/378x/businesshttp://www.koolringtones.co.uk/wp-content/uploads/2010/01/mobile-phones.jpg http://www.koolringtones.co.uk/wp- content/uploads/2010/01/mobile-

Information Technology
• Information Technology – enables storage and transportation of information from one business unit to another in many organizations, information is seen as the most valuable asset

• Information System – entire set of data, software, hardware, networks, people, procedures and policies necessary to use information as a resource in an organization each of 7 components has its own strengths, weaknesses, and its own security requirements

Information Technology (cont.)

Information Security
Security = state of being…...

Similar Documents

Premium Essay

Computer Updating and Security Management

...Computer Updating and Security Management Once again the IT Administrators have asked to clarify certain points to them on the implementation of the new network being installed. This takes in account that they know the basics of Server 2008 for windows, and have some knowledge working it. Let us then answer their questions on computer updating and security management. The first thing to address is the software and service Microsoft Server 2008 had in place for centralized updates. IT has a program called WSUS that allows all updates to be centralized from one place. It allows update support for a lot of computers up to 100,000, which leaves more than enough room for the school to grow. Since the main office will be the center I would set up a standard Hierarchy of WSUS (Moskowitz, n.d.). An upstream server which is located in the main office will approve and deploy the updates. The downstream server would be located at the school site. They will download the updates from the upstream server and parceled out to the computers/clients allowed. This will be a good fit for updates that are deemed unnecessary or not wanted by the organization and easily managed from a central location. The security measures in place will be of course IPSec. The communications from the main office to the school will be using Layer Two Tunneling Protocol or L2TP (Freelancer, 2008). This will ensure a secure connection at the highest possible setting. Group policies will be in place in order to...

Words: 591 - Pages: 3

Premium Essay

Statement of Work

...Statement of Work Computer Security Awareness and Training April 14, 2000 (NOTE: Commentary information is provided in Italics) 1. PURPOSE/OBJECTIVE: The purpose of this Statement of Work (SOW) is to elicit proposals to develop a computer security awareness and training course specific to executives and senior management of the XX Agency (XXA). This course may be conducted by organization staff or by contractor staff under a separate contract. The course encompasses lesson plans, training aids, and handout materials. The contractor shall develop a computer security awareness and training course tailored to XXA's needs. This contract requires the development of computer security awareness training materials tailored to the XXA's needs, which may be used by a contractor or by XXA, in subsequent training sessions. At a minimum, the contractor shall include one or more of the five basic subject areas into a computer security awareness and training plan for the executives and senior management within XXA. The five basic subject areas are: computer security basics; security planning and management; computer security policies and procedures; contingency plan/disaster recovery planning; and systems life cycle management. http://www.eeoc.gov/eeoc/doingbusiness/statement_of_work.cfm 2. ENVIRONMENT: Federal organizations have a mandatory requirement to provide computer security awareness and training for employees responsible for management and use of......

Words: 1866 - Pages: 8

Premium Essay

Security

...Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Systems Owners Have Security Responsibilities Outside Their Own......

Words: 93588 - Pages: 375

Premium Essay

The Handbook

...Technology Technology Administration U.S. Department of Commerce An Introduction to Computer Security: The NIST Handbook Special Publication 800-12 User Issues Assurance Contingency Planning I&A Training Personnel Access Controls Audit Planning Risk Management Crypto Physical Security Policy Support & Operations Program Management Threats Table of Contents I. INTRODUCTION AND OVERVIEW Chapter 1 INTRODUCTION 1.1 1.2 1.3 1.4 1.5 Purpose . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Intended Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Important Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Legal Foundation for Federal Computer Security Programs . 3 3 4 5 7 Chapter 2 ELEMENTS OF COMPUTER SECURITY 2.1 2.2 2.3 2.4 2.5 2.6 2.7 2.8 Computer Security Supports the Mission of the Organization. 9 Computer Security is an Integral Element of Sound Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Computer Security Should Be Cost-Effective. . . . . . . . . . . . . . . . 11 Computer Security Responsibilities and Accountability Should Be Made Explicit. . . . . . . . . . . . .......

Words: 93564 - Pages: 375

Free Essay

Data and Privacy

...Privacy and Security Table of Contents Introduction 3 Why Protection 4 Computer Virus 4 How Viruses Infect Computer 5 How People Hack Computer Systems 6 How to Keep Computers Safe from Online Predators 7 Conclusion 10 REFERENCES 11 Introduction The role of computer systems is very vital in our daily lives. Since computers help us to deal with approximately all the major functions of our lives as well as are so inevitable that spending even a day or two away from the computer can leave us feeling powerless. In this prospect, many people control their routine lives by means of their personal computers. However, at the present computer security has become a very critical issue. Additionally, security refers to the technique to discover as well as stop illicit utilization of our secret information or computer. In this scenario, some preventive measures enable us to stop criminal users (as well known as "intruders") from accessing and using some part of our computer system. In addition, recognition of such intrusions helps us in deciding whether or not somebody tried to gain access into our computer system, if they were successful in their attempt, as well as what they could have acquired from the system (ComputerSecurityService, 2011), (Armor2net Software Ltd., 2004) and (Norton, 2001). In addition, the term “computer security” is very commonly used, though; the information and data saved on a computer......

Words: 2264 - Pages: 10

Premium Essay

Risk Management and Problem Management of a Compromised Unix Operating System

...Running head: RISK MANAGEMENT AND PROBLEM MANAGEMENT RELATION The effectiveness of the relationship between risk management and problem management of a compromised UNIX operating system CSMN 655 Computer Security, Software Assurance, Hardware Assurance, and Security Management Abstract Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. The entire risk management process balances the operational and economic costs of protective measures and contributes to mission capability by protecting the systems and the data that support the organizational mission from both deliberate and unintentional compromise. Computer security problem, or incident, management is an administrative function of managing and protecting computer assets, networks and information systems. These systems continue to become more critical to the personal and economic welfare of our society. Organizations must understand their responsibilities to the public good and to the welfare of their members. This responsibility extends to having a management program for reacting to system breaches, if and when they occur. Incident management is a program which defines and implements a process that an organization may adopt to promote its own welfare and the security of the......

Words: 4103 - Pages: 17

Free Essay

Spur

...FDD | Personal Computer Components, Storage Devices | | * HDD | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Solid state vs. magnetic | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Optical drives | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * CD / DVD / RW / Blu-Ray | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Removable storage | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Tape drive | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Solid state (e.g. thumb drive, flash, SD cards, USB) | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * External CD-RW and hard drive | Personal Computer Components, Storage Devices Installing and Configuring System Components, Install and Configure Storage Devices | | * Hot swappable devices and non-hot swappable devices | Personal Computer......

Words: 6966 - Pages: 28

Premium Essay

Risk Control Strategies

...Yates Professor Alfretta Earnest MGMT447-02: Technology Management 31 October 2012 Abstract In this presentation, the processes of risk assessment, risk identification, and risk control strategies will be explained. Examples of some of the risk control strategies that are available for companies are cited along with possible ways to utilize these tools to create a company risk policy. Also included are explanations of control types, how they are used and implemented, and the risk they are intended to minimize. Unit 5 Individual Project: Risk Control Strategies Risk Management is a discipline employed by organizations for the express purpose of minimizing threats to the company’s security assets. Risk management also works to support managers and increase their confidence when making decisions. Security risk plans are used to help management develop coherent and comprehensive strategies for managing risk prevention. An important part of a security risk plan is evaluating the level and type of countermeasures needed to guard against security threats capable of causing security breaches (Stoneburner, Goguen, & Feringa, 2002). The security management process can be described in four steps: I. Identify security risks. II. Develop strategic countermeasure plans. III. Implement strategies. IV. Monitor, evaluate, and maintain appropriate security measures. Areas of Risk Management A threat is defined as a situation where a......

Words: 1751 - Pages: 8

Premium Essay

Hello Hello

...Principles of Information security textbook problems Chapter ... www.cram.com/.../principles-of-information-security-textbook-problems... Study Flashcards On Principles of Information security textbook problems Chapter 1 & 2 at ... What is the difference between a threat and a threat agent? A threat ... 01_Solutions - Principles of Information Security, 4 th Edition ... www.coursehero.com › ... › ISIT › ISIT 201 Unformatted text preview: Principles of Information Security, 4 th Edition Chapter 1 Review Questions 1. What is the difference between a threat agent and a ... Chapter 1-Introduction to Information Security Principles of ... www.termpaperwarehouse.com › Computers and Technology Jun 16, 2014 - Chapter 1-Introduction to Information Security: 1. What is the difference between a threat and a threat agent? A threat is a constant danger to an ... Category:Threat Agent - OWASP https://www.owasp.org/index.php/Category:Threat_Agent May 15, 2012 - The term Threat Agent is used to indicate an individual or group that can ... Organized Crime and Criminals: Criminals target information that is of value ... Threat Risk Modeling is an activity to understand the security in an application. ... NET Project · Principles · Technologies · Threat Agents · Vulnerabilities ... Threat (computer) - Wikipedia, the free encyclopedia https://en.wikipedia.org/wiki/Threat_(computer) A more comprehensive definition, tied to an Information assurance point of view, can be found .........

Words: 598 - Pages: 3

Premium Essay

Widgets International

...NETWORK SECURITY Introduction Network security is a major issue when developing a new computer system. A few of the issues that the new WInt must address are accidental disruptions to the system, loss or theft of sensitive data by employees, malicious attacks to system, and theft of intellectual property by employees (National Institute of Standards and Technology, 2014). The accidental disruption to systems are caused by employees who input mistakes or leave out important data during input; these mistakes and omissions are typically caused by data entry clerks that input a lot data every day or other system users who create and edit system data. WInt would need to implement applications that use quality control protocols, as well as requiring all users with system access to be trained to help reduce this type problems (National Institute of Standards and Technology, 2014). Loss or theft of sensitive data by employees can be described as computer crimes by people who have or get access to the system and steal or destroy sensitive information on the system. The majority of these crimes are committed by disgruntled, current employees, although some are committed by former employees who keep all their system log-in information, who use their access to commit fraud, theft or destruction of system data (National Institute of Standards and Technology, 2014). Malicious attacks to the system are caused by malicious software like viruses, worms,......

Words: 1907 - Pages: 8

Premium Essay

It Audit

...5.2 Vulnerabilities. 5 6. PERSONNEL 5 6.2 Management. 6 6.3 Operations. 6 6.4 Development 6 6.5 Vulnerabilities. 7 7. Systems and Applications. 7 7.1 Vulnerabilities. 7 8. Information Processing Facilities (Data Centers) 7 8.1 Vulnerabilities 7 9. Systems Development 8 9.1 Vulnerabilities 8 10. Management of IT and Enterprise Architecture 8 11. Client, Server, Telecommunications, Intranets and Extranets 8 11.1 Building Vulnerabilities 8 11.1 Security Perimeter 8 11.1 Server Area 8 12. Summary 8 12.1 Action Plan 8 1. Introduction • At present the Hospital has 250 beds including 40 adult ICU and 8 Pediatric ICU beds. • The Hospital is well equipped with latest technology like 1.5 Tesla MRI, 6 Slice Spiral CT Scan, Digital X-ray, Mammography, Intense Pulse Light (Cosmetic) and Diabetic Foot Care Equipment’s in the year 2007-08, the hospital provided services to 46000 patients. So far the hospital has repaired approximately 2400 cleft lip and cleft palate of children under the "Smile Train Programme" with no cost to the families. 2. Purpose An IT audit was performed for hospital from JUNE 5, 2012 through JUNE 15, 2012. The objectives of this security audit were to review: ✓ All (formal and......

Words: 2618 - Pages: 11

Premium Essay

Case Study Data Breaches and Regulatory Requirements

...Requirements Erica Benson CIS 324 Computer EthicsProfessor Stephens5/17/201 | Describe the data breach incident and the primary causes of the data breach? Inmates at a men’s State Correctional Facility in Concord, New Hampshire were working on a closed network in the correctional industries part of the prison. The area where the computers are, there are minimal supervision one guard and one civilian overseeing all inmates in the industrial shop. There are a total of 24 inmates that have access to the network the inmates have pass codes to access the IT system. The network was used to track invoices and billing for correctional industries contracts. The inmates were able to access the main offender management data system CORIS, Corrections Offender Records and Information System, the data base system was used to store and manage all correctional facility records addresses, contact information for prison staff members, sentencing, parole dates, status history, risk profile, treatment, and tracking. How the breach happened was the inmates connected a single wire to that of a staff members computer once in inmates could possibly alter parole dates, sentencing information, view personally identifiable information, information on staff members, programming schedules, they could delete, change, detain information from other states. The breach was discovered August 24, 2012 a prison staffer saw a cable connecting an inmate’s computer to that of a staff member.......

Words: 1570 - Pages: 7

Premium Essay

Common Information Security Threats for Colleges

...Information Security Threats for Colleges CMGT/400 August 11, 2014 Common Information Security Threats Technologic advances occur at a rapid pace, with new devices coming out at frequent intervals. These new devices are appealing to college students who want to do everything as quickly and easily as possible. Because of the numerous smartphones, tablets, and laptops used by students and employees, college campuses face various security issues from mobile devices that connect to the network, often unintentionally. Identification of Threats There are many threats a network faces when the IT department allows students to connect to the network or Internet using mobile devices. Some threats affect the campus network only, while other threats directly affect students or employees. For the campus network, threats include Social media vulnerabilities, Unauthorized access to employee or student information, and Email attacks (phishing) For students, the main threat comes from identity theft, often a result of inappropriate practices connected to social media and email attacks. Often, attacks to a college network occur because of unintentional and misguided errors from students. Information Vulnerabilities Students use mobile devices, ranging from smartphones to tablets to laptops, to access class schedules, grades, email, and social network sites. Many devices have the capability to store user ID’s and passwords but personal security measures......

Words: 1428 - Pages: 6

Premium Essay

A Security Risk Management Approach for E Commerce.Pdf

...A security risk management approach for e-commerce M. Warren School of Information Technology, Deakin University, Geelong, Australia W. Hutchinson School of Computer and Information Science, Edith Cowan University, Mt Lawley, Australia Keywords Electronic commerce, Risk analysis, Information systems Introduction Information systems are now heavily utilized by all organizations and relied upon to the extent that it would be impossible to manage without them. This has been encapsulated by the recent development of e-commerce in a consumer and business environment. The situation now arises that information systems are at threat from a number of security risks and what is needed is a security method to allow for these risks to be evaluated and ensure that appropriate security countermeasures are applied. Abstract E-commerce security is a complex issue; it is concerned with a number of security risks that can appear at either a technical level or organisational level. This paper uses a systemic framework, the viable system model (VSM) to determine the high level security risks and then uses baseline security methods to determine the lower level security risks. Security methods The aim of the research was too combine a information systems modeling method with a baseline security method to form a hybrid security method. This method could be used to evaluate high and low level security risks associated with e-commerce. The methods used in this model are the......

Words: 2218 - Pages: 9

Premium Essay

Principles of Information Security Chapter 1

...Principles of Information Security, 4th Edition 1 Chapter 1 1 Review Questions 1. What is the difference between a threat agent and a threat? A threat agent is the facilitator of an attack, whereas a threat is a category of objects, persons, or other entities that represents a potential danger to an asset. Threats are always present. Some threats manifest themselves in accidental occurrences and others are purposeful. Fire is a threat; however, a fire that has begun in a building is an attack. If an arsonist set the fire then the arsonist is the threat agent. If an accidental electrical short started the fire, the short is the threat agent. 2. What is the difference between vulnerability and exposure? Vulnerability is a weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Exposure is a condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The availability of information assets is dependent on having information systems that are reliable and that remain highly available. 4. What type of security was dominant in the early years of computing? In the early years of computing when security was addressed at all, it dealt only with the physical security of the computers themselves and not the data......

Words: 4896 - Pages: 20