Premium Essay

Access Security

In: Computers and Technology

Submitted By tomdapore
Words 305
Pages 2
1. From the identified threats & vulnerabilities from Lab #1 – (List at least 3 and No More than 5, High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities)
a. Denial of Service Attack of organized e-mail server. Vulnerability: High
b. Loss of Production data. Vulnerability: medium
c. Unauthorized access to organization owned Workstation. Vulnerability: High
d. Workstation browser has software vulnerability. Vulnerability: High
e. User downloads as unknown e-mail attachment. Vulnerability: low
2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected?
PO9.1 IT Risk Management Framework- A
PO9.2 Establishment of Risk Content – B
PO9.3 Event Identification- A & B
PO9.4 Risk Assessment- C, D, & E
PO9.5 Risk Response- None
PO9.6 Maintenance and Monitoring of a Risk Action Plan- None
3. From the identified threats & vulnerabilities from Lab#1 – (List at Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality, integrity, availability:
a. Denial of Service attack of organized e-mail server: Integrity, Availability
b. Loss of Production Data: Confidentiality, availability
c. Unauthorized access to organization owned Workstation: Integrity
d. Workstation browser has software vulnerability: confidentiality, availability
e. User downloads as unknown e-mail attachment: integrity
4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure?
a. Denial of Service attack of organized e-mail server: Change passwords, close ports, and set mirror server and proxy server.
b. Loss of Production Data:
c. Unauthorized access to organization owned Workstation: close…...

Similar Documents

Free Essay

Access Security Unit 10

...IS3230 Wk10 | | ICT Development Index (IDI) | | Javier Feliciano Fady Girgius Christopher Penney Michael McClinton | 11/26/2012 | | The ICT Development Index (IDI) The Information and Communication Technology (ICT) Development Index or IDI is a composite index combining 11 indicator into one benchmarks measure that serves to monitor and compare developments in ICT across many countries. Developed in the year 2008 by ITU was presented in the 2009 edition of Measuring the Information Society (ITU, 2009) and established in response to the request to develop a regularly published single index. The IDI is divided in to the following 3 components (indicators): 1. Access – this component defines readiness, and includes five infrastructure and access indicators (fixed-telephony, mobile telephony, international Internet bandwidth, households with computers, and households with Internet). 2. Use – this component captures ICT intensity and includes 3 ICT intensity and usage indicators (Internet users, fixed broadband, and mobile broadband). 3. Skills – this component the capability or skills as indispensable input indicators. It includes 3 proxy indicators ( adult literacy, gross secondary enrollment and gross tertiary enrolment). The Main Objectives of the IDI The main objective of the IDI is to measure: * The level and evolution over time of ICT developments in countries and relative to other countries. * Progress in ICT......

Words: 413 - Pages: 2

Premium Essay

Access Control

...of 12 computers that have Internet access. For this scenario, I would implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers. 2. Top Ads is a small advertising company consisting of 12 computers that have Internet Access. All employees communicate using smart phones. I would again implement Software controls. With software controls you can determine who has the appropriate permissions to access the 12 computers as well as the smartphones that will be used. 3. NetSecIT is a multinational IT services company consisting of 120,000 computers that have Internet access and 45,000 servers. All employees communicate smartphones and email. Many employees work from home and travel extensively. Software controls for computers and smartphones, but I would also apply Logical/technical controls to provent human error for when employees work from home. Also Physical controls to protect the room the servers will be placed in. 4. Backordered Parts is a defense contractor that builds communications parts for the military. All employees communicate using smartphones and email. I would apply Physical controls to protect the parts as well as Software controls for the smartphone and email use. 5. Confidential Services Inc. is a military-support branch consisting of 14,000,000 computers with Internet access and 250,000 servers. All employees must have security clearances, and they......

Words: 287 - Pages: 2

Premium Essay

Access Security Final Review Guide

...Access Control: Final Exam Review: What is subject to an access control scenario?  Policies Subject Objects What are the elements of a well-defined access control system?  Policies Procedures Tools What is the purpose of access control?  To regulate interactions between a subject (usually, but not always, a human user) and an object, like a network, device, or data itself.  What components can be used to measure the confidence in any authentication system?  Thetype of correlation and the number of authentication factors in place. What holds true while hardening an organizational network through security controls?  100percent of access control threats cannot be eliminated What should be considered while implementing a layered access security approach? Use of case studies to learn from what others have done and apply those lessons to your own situation (risk assessments) Which attack strategies has the highest success rate of making a particular system vulnerable?  Denial of Service (DoS) attacks What is the preferred method to reduce risks while managing access security controls within the system/application domain?  Checking and applying updates and new patches on a regular basis True or False: When considering access control security options to mitigate vulnerabilities within the infrastructure, it is unnecessary to place access controls on each asset. True Defense-in-depth is the concept and strategy of implementing......

Words: 1028 - Pages: 5

Premium Essay

Enhance Security Controls for Access to Sensitive Data

...role. 3. Provide at least 3 examples of Network Architecture Controls that help enforce data access policies at the LAN-to-WAN Domain level? 1. Smart Cards – A token CAC card that is used in tandem with a password 2. Passwords – User defined passwords that coincide with password standards. 3. Cognitive password – Pre-answered questions that hopefully only the user knows the answer to. 4. When a computer is physically connected to a network port, manual procedures and/or an automated method must exist to perform what type of security functions at the Network Port and Data Switch level for access control? Name and define at least three. Verify authorized access to the asset Verify the user is who they say they are through authentication Verify the configuration of the computer is compliant with local security standards.. 5. What is a Network Access Control (NAC) System? Explain its benefits in securing access control to a network. A NAC is the use of certain policy of the network information structure that temporarily limits access the certain recourses while authenticating the user. 6. Explain the purpose of a Public Key Infrastructure (PKI) and give an example of how you would implement it in a large organization whose major concern is the proper distribution of certificates across many sites. PKI - a framework consisting of programs, procedures and security policies that support cryptography and certificate standards. A PKI or Public Key......

Words: 536 - Pages: 3

Premium Essay

Access Security

... Segregation of Duties Matrix | | (System User–Rights and Permissions) | Department | Jennifer | Buster | Bradley | Lloyd | LuEllen | Robert | Spare | Sam | Receiving | RO BP F A | RO BP F A | A F BP RO | RO | Ro BP F | A F BP RO | T RO | N | Shipping | Ro BP F A | RO BP F A | A F BP RO | RO | RO BP F | Ro BP A F | T RO | N | Sales | A F BP | N | N | A F BP | N | N | N | N | Accounts Payable | A F BP | N | N | A F BP | N | N | N | N | After assigning the correct roles and access privileges to the users given in the scenario, answer the following questions: * What were the incompatible functions in Jennifer’s access account, and why do you think such an incompatibility existed? Since Jennifer only worked primarily in sales she only needed access privileges to certain roles which she needed to preform her job. * What were the potential conflicts and incompatible functions in Lloyd’s access account authorizations? Lloyd function only dealt with sales however, when the manager gave him another duty to perform he had to gain a more appropriate role in the accounts payable. What are the requirements for Buster and LuEllen? The requirements for both Buster and Luellen are read only, Assigned to the user, Needed for primary function, and By Position Assigned. ...

Words: 313 - Pages: 2

Premium Essay

Access Security Lab 1

...Course: IS3230 Lab 1 1. Discretionary Access Control Lists form the primary means by which authorization is determined. An ACL is conceptually a list of <account, access-rights> pairs. 2. Sometimes an entire group needs access or permissions, and by giving the group permission any new person will automatically be given the permissions needed, with no need to add each person individually. 3. Modify, Read & Execute, Read, Write, List contents. 4. Read only, sometimes users need to be able to get information from the network, but without them being able to modify anything. 5. Some password policies are, password length, character diversity, time required to change password. 6. The only time it’s a good idea is when an application needs to read stored passwords. Normally they are encrypted, so storing passwords using reversible encryption should be done on a per-user basis. 7. Local group policies govern smaller groups on the network such as a hand full of machines or users. A domain group policy affects every workstation or user on the domain. 8. Local GPO, GPO linked to sites, GPO linked to domains, and GPO linked to organizational units. 9. Administrative Templates are a large repository of registry-based changes (in fact, over 1300 individual settings) that can be found in any GPO on Windows 2000, Windows XP, and Windows Server 2003. The Administrative Templates are Unicode-formatted text files with the extension .ADM and are used to create the......

Words: 335 - Pages: 2

Free Essay

Is3230 Access Security Week 1

...1. What does DACL stand for and what does it mean. It stands for Discretionary Access Control List (special permissions). 2. Why would you add permissions to a group instead of the individual? What policy definition do you think is required to support this type of access control implementation? To make your life easier and to add permissions to groups because many users require same permissions. The GPO policy would be required in order to use this function. 3. List the 5 different access control permissions that can be enabled on user folders and data within a Microsoft windows server. The 5 permissions are : Read/Execute, Full control, Deny, Modify, and Write. Modify will add Write by default. 4. What is the lowest level of permission you can enable for a user who must view the contents of a folder and its files? Why is this type of permission necessary? Read, it is required to see the contents of the folder but does not allow any other capabilities. 5. What are other available password policy options that could be enforced within a Microsoft windows server to improve security? The available policies are: Password history, maximum password age, minimum password age, password complexity, and store password using encryption. 6. Is using the option to ‘Store Passwords using reversible encryption’ a good security practice? Why or why not? When should you enable the option to ‘Store Passwords using reversible encryption’? No, they store the......

Words: 406 - Pages: 2

Premium Essay

Access Security Week 2

...in the security protections and access authorization mechanisms appropriate for that data. Such categorization encourages the discussion and subsequent full understanding of the nature of the data being displayed or manipulated. Data is classified as one of the following: Public (low level of sensitivity) Access to “Public” institutional data may be granted to any requester. Public data is not considered confidential. Examples of Public data include published directory information and academic course descriptions. The integrity of Public data must be protected, and the appropriate owner must authorize replication of the data. Even when data is considered Public, it cannot be released (copied or replicated) without appropriate approvals. Sensitive (moderate level of sensitivity) Access to “Sensitive” data must be requested from, and authorized by, the Data Owner who is responsible for the data. Data may be accessed by persons as part of their job responsibilities. The integrity of this data is of primary importance, and the confidentiality of this data must be protected. Examples of Sensitive data include purchasing data, financial transactions that do not include restricted data, information covered by non-disclosure agreements and Library transactions. Restricted (highest level of sensitivity) Access to “Restricted” data must be controlled from creation to destruction, and will be granted only to those persons affiliated with the College who require such access in......

Words: 800 - Pages: 4

Free Essay

Access Security

... IS3230 Access Security Paul Delgado Thomas Cuneo Saul Flores 6/25/15 Week 2 Discussion Chapter 3 Competitive Use of Information talks about the advantage of having sacred valuable information, because if a company or an organization has access to formulas, recipes, and trade secrets from a competitor, it would be key to putting together a strategy to eliminate the competition. Warfare as a Model for Business talks about the competition, for example liking Starbucks or coffee bean. Do you like eBay or amazon, do you like coke or Pepsi. Here is a reference to the section: The basic idea of warfare as a model for business is to view your competitors as opposing armies, and market share/customers as the battle field. You win by taking and holding profitable market share. As a company, you have to learn about your weaknesses and advantages to progress. This helps avoid damaging battles. This section also talks about the famous Sun Tzu. Sun Tzu was an ancient military general and strategist. His book The Art of War, is one of the definitive treatises on warfare. In his book there are six principles that apply very well to a business setting. Capture your market without destroying it—Sun Tzu called this “Win all without fighting.” You must capture market to be profitable, but if the act of capturing it ruins the profitability of the market the fight wasn’t worth the effort. A price war, as discussed above, illustrates this concept well. It is not worth starting a price war if......

Words: 858 - Pages: 4

Premium Essay

Access Security

...Payable | F | N | F | F | N | N | T/BP | F | What were the incompatible functions in Jennifer’s access account, and why do you think such an incompatibility existed? In Jennifer’s access account there were two incompatible functions. She was assigned access to both the receiving and shipping departments. This would have allowed her to make entries into the systems that may not have been accurate. With Jennifer’s primary job as Sales, and secondary as an Accounts Payable clerk, her system access needs to be modified in accordance with her duties. By correcting her access to read only for the Receiving and Shipping departments, she can now see the activity and provide updates to customers that may inquiry her about a shipment, and still perform her duties in Sales and Accounts Payable. Based on the initial duties matrix, it appears that everyone had been granted access to every department. This incompatibility that began with entering the users into the system, is what can lead to incorrect and accidental entries into a specific departments system. What were the potential conflicts and incompatible functions in Lloyd’s access account authorizations? The potential conflicts and incompatible functions in Lloyd’s access was having access to all departments. As the purchasing agent, Lloyd would need to update Receiving and Accounts Payable as orders dictate. Lloyd having Read Only access to Shipping and Sales can allow him to keep ahead as orders are entered into the......

Words: 364 - Pages: 2

Premium Essay

Access

...PPE: safety shoes, safety boots, leggings, Spat. [pic] Future Scope of Occupational Safety Occupational health and safety has come a long way from its beginnings in the heavy industry sector. It now has an impact on every worker, in every work place, and those charged with managing health and safety are having more and more tasks added to their portfolio. The most significant responsibility is environmental protection. The skills required to manage occupational health and safety are compatible with environmental protection, which is why these responsibilities are so often bolted onto the workplace health and safety professional. Future Risks Nanotechnology is another example of a new technology with few studies available that access the risks to human health. A Swiss survey of one hundred thirty eight companies using or producing nanoparticulate matter in 2006, resulted in forty completed questionnaires. Sixty five per cent of respondent companies stated they did not have a formal risk assessment process for dealing with nanoparticulate matter [11] Nanotechnology in the near future presents unique challenges for occupational health and safety professionals to anticipate and control, this will only become more difficult as nanostructures become more complex. The size of the particles renders most containment and personal protective equipment ineffective. The toxicology values for macro sized industrial substances are rendered inaccurate due to the unique nature......

Words: 2432 - Pages: 10

Premium Essay

Logical Access

...What is the difference between logical and physical access to the computer? Why is the security of both important? The difference between logical and physical access to a computer can be seen directly in the names. Logical access is when a computer is able to be accessed from a remote location. An individual may not be sitting right at the system when in use. Logical access gives an individual or group of individual access to data or system information from another location through a network. Physical access, on the other hand, is when a person is using the computer directly. He or she would be sitting in front of the computer when using and would be connected to the network directly. Someone who has logical access would have the permissions to complete the same tasks as someone who had physical access to the system such as printing capabilities, saving documents to the company drives, and viewing the needed information. Security for both types of access is important. With logical access, because people are accessing the network from different locations it is important for the company to protect what is shared. There should be strong passwords in place, firewalls, and internet security to ensure that outside threats are protected against. For logical access, only certain information should be shared so that interception of data does not occur. They same type of computer security should be in place for physical access, but when someone is using a computer directly, he or......

Words: 328 - Pages: 2

Premium Essay

Access Control

...Network Access Control, no matter what architecture you select, you definitely want to start by building a small interoperability lab. In this white paper, we’ll give you some advice on what to think about before you get started, and outline what resources you’ll need to have in place in order to begin testing. Any NAC deployment must start by answering three critical questions: 1) What is my access control policy? 2) What are the access methods (such as LAN, wireless, or VPN) I want to protect? 3) How will this integrate with my existing infrastructure? Once you answer these questions, you can begin to gather test lab resources, such as servers (for policy definition points), laptops or desktops (for network access requestors), and switches, access points, and VPN servers (for policy enforcement points). Getting Started with Network Access Control What is my access control policy? NAC is a generic concept that deals with defining access controls based on user authentication, end-point security assessment, and network environmental information. That’s too big for most network managers to bite off in a single chunk, so many NAC deployments hone in on a subset of these goals and expand over time. You’d be wise to do the same---trying to do too much too early in the lifecycle of this emerging group of products will lead to undue frustration and unnecessary complexity. To start, you should define a simple network access control policy. It is important to define your access......

Words: 1611 - Pages: 7

Premium Essay

Access

...Introduction to Microsoft Access 2003 Zhi Liu School of Information Fall/2006 Introduction and Objectives Microsoft Access 2003 is a powerful, yet easy to learn, relational database application for Microsoft Windows. This tutorial is designed for users who are new or only have little experience using Access 2003. It introduces fundamental database concepts and operations and illustrates how they are performed in Microsoft Access 2003. This tutorial does not cover all of the features and functions of Microsoft Access 2003; emphasis will be on basic and frequently-used features, such as the creation of tables and queries, or importing spreadsheet into Access. Please be aware that Microsoft Access is only available for Windows users; Mac users may want to seek out a FileMaker Pro Tutorial. Objectives By using this tutorial, you will learn to perform the following operations in Access 2003: • • • • • • Launch Access and identify the parts of the screen. Define fields and field properties constructing table structures. Enter and edit records in a table. Find, sort data. Design custom queries to display data. Import and export data between Excel and Access. Definitions These words are used often in Access so you will want to become familiar with them before using the program and this tutorial. Relational Database: in relational databases such as Access, data is stored in tables made up of one or more fields (Access calls a column a field). The data stored in each 1 ...

Words: 3238 - Pages: 13

Premium Essay

Richman Investment Remote Access Security Policy

...Richman Investment’s Remote Access Security Policy 1) Wireless Access At Richman Investment’s when the network is accessed remotely via wireless appropriate wireless security standards will be used. • Wired Equivalency Protocol (WEP) will be used as standard on Wi-Fi connections. • A WEP encryption key will be used. • The network will be configured not to advertise its presence. • The power of access points will be turned down to a minimum that still allows the access point to function. • Due to the possibility of cracking Wireless Encryption Protocol using sniffing software such as AirSnort all wireless access points will be outside the firewall. • Wi-Fi Protected Access (WPA) will be used where it is available. 2) Secure Access via VPN Access from remote users to the corporate network will be via secure IPSEC VPN or SSL VPN connections only. This is necessary to secure the connection from the remote device to the corporate network. 3) Prevention of Data Loss All laptops and PDA’s that are taken off site will have the following security configured, to prevent data loss in the event of theft. • The hardware password will be enabled if available. • All corporate data on the laptop or PDA will be encrypted using appropriate encryption software. • Sensitive documents will be accessed remotely and not downloaded to the laptop or PDA. 4) Remote Device Protection To prevent remote PC’s, laptops, PDA’s etc from compromising...

Words: 349 - Pages: 2

IS: Infinite Stratos 2 – World Purge Hen BD Subtitle Indonesia | Instant price | Baixar APK