Premium Essay

Unit 10 Assignment 1: Examine Real-World Implementations of Security Standards and Compliance Laws

In: Computers and Technology

Submitted By daboyd01
Words 502
Pages 3
UNIT 10 ASSIGNMENT 1: EXAMINE REAL-WORLD IMPLEMENATATIONS OF SECURITY STANDARDS AND COMPLIANCE LAWS

CIPA stands for The Children's Internet Protection Act. It is a bill that was signed into law in December 2000, and was to be constitutional by the United States Supreme Court in June 2003. It requires schools K-12 and libraries to have internet filters to protect children from harmful online content that blocks access to “visual depictions” on the Internet that are obscene, child pornography or harmful to minors. Meaning any picture, image, graphic image file, or other visual depiction that has been taken as a whole and with respect to minors, appeals to an excessive interest in nudity, sex, or excretion; depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors. The law also states that a school or library may disable the technology protection measures concerned, during use by an adult, to enable access for bona fide research or other lawful purpose. Public Schools and Public Libraries must comply with CIPA to be able to take advantage of E-rating discounts for telecommunication resources and LSTA grants for various programs.

The act has several requirements for institutions to meet before they can receive government funds. Libraries and schools must provide reasonable public notice and hold at least one public hearing or meeting to address the proposed Internet safety policy. The meeting must address the purpose for this policy such as, actions to restrict a minor’s access to inappropriate or harmful materials on the Internet. Make sure security and…...

Similar Documents

Premium Essay

Unit 10 Assignment

...Unit 10 Assignment Rosiland Hester MT460: Management Policy and Strategy Prof:  Donna DiMatteoGibson November 14, 2012 Reflect and describe which key concepts and topics in this course have made you a stronger candidate to enter the business world. Every business success is based on the profitability and the goal of each business is to maximize the profit, it is not possible without better planning and control and decision making ability at crucial point of business, The managerial accounting teaches the technique of budgeting for the planning and control purpose, And also certain concepts such as opportunity cost, differential cost, break even, direct costing, capital budgeting, etc, they help in doing appropriate decision at crucial times. Discuss how this course has affected you in your professional development as a student and as a person as well as encouraging you on your academic path. It has created in me the ability to set targets by doing planning and compare it what acutally8 has been done, which urges me to achieve my target as set by me. It has also created ability in me to do cost benefit analysis of every decision, I know that there is a cost being spent on by studies which will give me return once it is completed with goods grades, therefore it motivates me to do better and better. Since job growth for Cost Accountants look promising for the coming years. Most companies, who are trying to establish themselves in any market, but especially global......

Words: 295 - Pages: 2

Free Essay

Access Security Unit 10

... | Final Project | IS3230 Wk10 | | ICT Development Index (IDI) | | Javier Feliciano Fady Girgius Christopher Penney Michael McClinton | 11/26/2012 | | The ICT Development Index (IDI) The Information and Communication Technology (ICT) Development Index or IDI is a composite index combining 11 indicator into one benchmarks measure that serves to monitor and compare developments in ICT across many countries. Developed in the year 2008 by ITU was presented in the 2009 edition of Measuring the Information Society (ITU, 2009) and established in response to the request to develop a regularly published single index. The IDI is divided in to the following 3 components (indicators): 1. Access – this component defines readiness, and includes five infrastructure and access indicators (fixed-telephony, mobile telephony, international Internet bandwidth, households with computers, and households with Internet). 2. Use – this component captures ICT intensity and includes 3 ICT intensity and usage indicators (Internet users, fixed broadband, and mobile broadband). 3. Skills – this component the capability or skills as indispensable input indicators. It includes 3 proxy indicators ( adult literacy, gross secondary enrollment and gross tertiary enrolment). The Main Objectives of the IDI The main objective of the IDI is to measure: * The level and evolution over time of ICT developments in countries and relative to other countries. ...

Words: 413 - Pages: 2

Premium Essay

Unit 10 Assignment 1: Video Summary 8

...Unit 10 Assignment 1: Video Summary 8 Video 2.04 chkdsk (Check Disk) Topics * Disk Options * Drive properties Terms * Cross-linked Files: FAT Files that point to the same cluster. Cross-linked files are created as the computer is improperly shut down or an application abnormally aborts. For this video it reminded me that chkdsk used to be scandisk. Video 2.01 Windows Update Topics * Security Center * Control panel access * Internet explorer access route Video 2.10 Support Tools Topic * The Dependency Walker Terms * Dependency walker: troubleshoots faulty applications. For this video, I have learned the name of the process I have used to repair applications. Video 2.15 DirectX Diagnostic tool Topics * Run line access point / run line command * System tools access point Terms * Dxdiag: DirectX multimedia program run code. Video 4.01 Comparing LAN’s and WAN’s Topics * Stand-alone computer * Peer-to-peer Network * Client server Terms * LAN: Local Area Network * WAN: Wide Area Network * Work group: A peer-to peer network and all network computers. * Domain: A type of client-server network that requires at least on server prompted to have the role of domain controller. In the Video 4.01, I learned that Local Area Networks cover a short distance, and that Wide Area Networks can cover...

Words: 494 - Pages: 2

Premium Essay

Is3350 Unit 2 Assignment 1

...Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information IS3350 Unit 2 Assignment 1: Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information Background On 3 May 2006, a Department of Veterans Affairs (VA) laptop was stolen from a VA data analyst’s home in Montgomery County, Maryland. In addition to the laptop, a personal external hard drive was stolen. The external hard drive contained the personal data (names, social security numbers, dates of birth, disability ratings) for 26.5 million veterans and their spouses. It should be noted that the massive data theft was only one of many that had been discovered over the course of 1.5 years. Upon discovery of the theft, the VA employee immediately notified the local police and his supervisors. His supervisors did not notify the Veterans Affairs Secretary until 16 May 2006. On 17 May 2006, the Veterans Affairs Secretary notified the FBI, who began to work with the Montgomery County police to investigate the theft. Results and Conclusions Issue 1: The VA employee had authorization to access and use the VA databases for performance of official duties. He was not, however, authorized to take it home as he had no official need to have the data at home. The private data was not properly safeguarded. He failed to password protect (at the very minimum) and encrypt it (Opfer, 2006). For this, he receives the highest honors in the idiot category. Issue 2: The response of......

Words: 796 - Pages: 4

Free Essay

Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan

...Unit 4 Assignment 1 Implementation of an Organization-Wide Security Plan In this security plan we will need to consider all 7 IT infrastructure domains when it comes to developing access controls for the network. Access controls for our facilities will have an appropriate entry system access control that will specify which area should be locked at all times. There will be secondary locks on equipment and storage cabinets within the facility to further secure specific pieces of equipment, such as a database server. Preventing social engineering policy will specify goals for stopping social engineering that will include employee training. Access controls for systems will limit access to those employees who have a legitimate need for that resource. Strong password policy will be in effect that will require you to change it often and you will need to have uppercase, lowercase, numeric and special characters. Application access controls will provide standard testing procedures for any third party application installed in the environment for security. Access controls for data will include data encryption on all sensitive data and enforcing the principle of lowest possible access. Access control for remote access will grant access to the VPN through a two stage authentication process that includes a strong password and a token device. All of these controls will be included in our organization-wide access control plan. Now that we know what are access controls are, we will need......

Words: 380 - Pages: 2

Premium Essay

Unit 1 Assignment 2 Impact of Data Classification Standard

...Unit 1 Assignment 2 Ronald McMahon April 1, 2014 To: Senior Management. Richman Investment “Internal use only “data classification standard. Ronald McMahon April 1, 2014 Information or data shared internally by an organization. While confidential information or data may not be included, communications are not intended to leave the organization. This report is designed to describe clarify the standards for the “Internal use only” data classification for Richman Investments, this report will address which IT infrastructure domains are affected by the standard and how. The first IT infrastructure affected by internal use only classification is the User Domain. The user domain defines the people who access an organization’s information system. The user domain also will enforce an acceptable use policy ( AUP) to define what each user can and cannot do with any company data shall he or she have access to it. As well as with company users, any outsiders, contractor’s or third party representatives shall also need to agree and comply with the AUP . Any violation will be taken up with management and / or the authorities to access further punitive action. Work Station Domain – is where most users connect to the IT infrastructure. No personal devices or removable media may be used on this network. All devices and removable media will be issued by the company for official use only. Access Control Lists ( ACLs ) will be drawn up to appropriately define what access each person will......

Words: 385 - Pages: 2

Premium Essay

Unit 5 Assignment 1 Testing and Monitoring Security Controls

...NT2580 Unit 5 Assignment 1 Testing and Monitoring Security Controls Jose J Delgado Testing and Monitoring Security Controls A few different types of security events and baseline anomalies that might indicate suspicious activity. Different traffic patterns or influx in bandwidth usage can be considered suspicious activity. Also, services changing port usage, in turn creating variations in normal patterns. All sudden increase in overall traffic. This may just mean that your web site has been mentioned on a popular news site, or it may mean that someone is up to no good. A sudden jump in the number of bad or malformed packets. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Also large numbers of packets caught by your router or firewall's egress filters. Egress filters prevent spoofed packets from leaving your network, so if your filter is catching them you need to identify their source, because it is a clear sign that devices on your network have been compromised. Unscheduled reboots of server machines may sometimes signify that they are compromised as well. You should already be watching the event logs of your servers for failed logons and other security-related events. Log Files encompass complete records of all security events (logon events, resource access, attempted violations of policy, and......

Words: 524 - Pages: 3

Premium Essay

Unit 1 - Information Security Policy

...Running Head: UNIT 1 ASSIGNMENT Unit 1 - Information Security Policy Regina Sykes Kaplan University Abstract ------------------------------------------------- This paper will provide information on the purpose of a security policy and components of a security policy. Additionally, this paper contains information on a specific organization and the unique important items the organization choose to establish security policies around. Lastly, this paper provides information around the major areas of concern, missing or incomplete information in the policy and areas that are ill-advised in an identified organization’s security policy. Unit 1 - Information Security Policy Introduction Many organizations rely on the use of networks and computers to manage the business. Along with the use of networks and computers to manage the business there is also the need to establish a plan to secure the technology both the network and computers . A security policy is the plan developed with instructions from senior leadership instructing decision makers in the organization on how to protect the organization’s assets (Mattord & Whitman, 2012). There are various components of a security policy which include, statement of policy, equipment usage and access control, prohibited uses regarding equipment, who manages the systems, policies around violations of the policy, modifications and review section and lastly, limits of liability (Mattord & Whitman, 2012). Part......

Words: 2121 - Pages: 9

Free Essay

Unit 3 Assignment 1: Security Policy Frameworks

...Tra Johnson Ruben Barragan Bernie Rodriguez Unit 3 Assignment 1: Security Policy Frameworks A business is only as strong as its weakest link. This is true for any company from Apple to Microsoft to any Mom & Pop store. Unfortunately, when your weakest link is your security policy frameworks you put yourselves in a position of unnecessary risk. We are tasked in this assignment to list things that can affect your business if your company’s framework doesn’t align with the business. The first subject that was discussed was operations. Operations focus on various manual processes while ensuring there is minimal risk of errors. For example, if your company is still using paper-based ledgers for your daily paperwork and accounting. You would want to switch your systems to some sort of business software. Overall this will save you both time and money. You also must be careful not to all cost overrun. If your business is not streamlined you can definitely run the risk of this. Risk mitigation is the process of reducing risks as close to the point of absolute zero as possible. Using non-standardized methodologies, and non-compliance with regulatory requirements can damage your company beyond the point of no return. This is because, in the case of non-standardized methodologies, you will be using different processes in different departments and expecting those departments to be able to interact smoothly. Non-compliance with regulatory requirements can subject your business...

Words: 322 - Pages: 2

Free Essay

Is4550 Unit 3 Assignment 1

...          The  Critical  Security  Controls   for   Effective  Cyber  Defense   Version  5.0                     1       Introduction   .....................................................................................................................................................................  3   CSC  1:    Inventory  of  Authorized  and  Unauthorized  Devices  ............................................................................  8   CSC  2:    Inventory  of  Authorized  and  Unauthorized  Software  .......................................................................  14   CSC  3:    Secure  Configurations  for  Hardware  and  Software  on  Mobile  Devices,  Laptops,   Workstations,  and  Servers  .......................................................................................................................................  19   CSC  4:    Continuous  Vulnerability  Assessment  and  Remediation  .................................................................  27   CSC  5:    Malware  Defenses  ..........................................................................................................................................  33   CSC ......

Words: 31673 - Pages: 127

Free Essay

Unit 10 Assignment 1 Linux

...Unit 10 Assignment 1 John Smith 1 – None, FTP only makes necessary changes for compatibility. 2 - This file will be corrupted, resulting in a program that will not executable. 3 – When you would download a public file. 4 – You would enter the following command on the command line n /etc/vsftpd/vsftpd.conf: local_enable=NO 5 – SFTP is secure whereas FTP is not. 6 – The cd command changes the remote working directory; and the lcd command changes the local working directory. 7 – The server has blocked that port. An administrator may have disabled that port. 8 – Running vsftpd in the chroot makes it a lot more unlikely that a malicious user can exploit the system. VSFTPD does not run as root by itself, if ran in just root a user may stil be able to exploit the system where as using chroot is harder for a malicious user to exploit the system. 9 – You could use Free MD5 Checksum or Hashing Software 10 - To configure vsftpd to run through xinetd, set listen=NO in /etc/vsftpd/vsftpd.conf, and create a xinetd configuration file for vsftpd in /etc/xinetd.d. Chapter 26 Exercises 1 -10 1 - DocumentRoot "/usr/local/www" and <Directory "/usr/local/www"> 2 – Change the setting in httpd.conf, Listen 80 to Listen 81 3 - Just add an Alias and Directory directive to Sam’s site Alias /sam 4 - Apache listens on port 80 by default; port 80 is a privileged port. Only root can use privileged ports, so you must start Apache as root. 5 - Sset the interface that apache listens...

Words: 432 - Pages: 2

Premium Essay

Examine Real-World Applications of Security Standards and Compliance

...EXAMINE REAL-WORLD APPLICATIONS OF SECURITY STANDARDS AND COMPLIANCE Children’s Internet Protection Act (CIPA) is a bill that the United States Congress proposed to limit children's exposure to pornography and explicit content online. Once the bill was passed the Congress required schools and libraries to E-Rate discounts on Internet access and internal connections to purchase and use a technology protection measure on every computer connected to the Internet. These conditions also applied to a small subset of grants authorized through the Library Services and Technology Act (LSTA). In order for the schools and libraries that use the E-Rate discount is to have an internet safety policy that will include technology protection measure for each computer with Internet access. They must be able to block or filter to pictures that are obscene, child pornography, and/or harmful to minors. This only applies when access my minors. Adults can disable the technology protection measure while using the computers. Schools or libraries that don’t use the technology protection measure on received discount for telecommunication. If the schools or libraries use the technology protection measure must hold at least one public hearing to address the internet safety policy. Below you will find the items that need to be address during the hearing: • Access by minors to inappropriate matter on the Internet; • The safety and security of minors when using electronic mail, chat rooms and other......

Words: 372 - Pages: 2

Free Essay

Is 3120 Unit 10 Assignment 10

...Unit 10 Assignment 10: FCAPS is a network management framework created by the International Organization for Standardization (ISO) (Rouse, 2007). FCAPS categorizes the working objectives of network management into five levels. The five levels are: fault-management (F), the configuration level (C), the accounting level (A), the performance level (P) and the security level (S) (Rouse, 2007). The Marketing Company is a mid-size business that needs network management software. I recommend the Marketing Company should utilize network management toolset of the OpUtils software. It monitors network performance, calculates the bandwidth utilization, and scans the traffic for errors through SNMP. The tool also provides asset details such as the OS, installed software, and hardware and informs you about the general availability and performance of the network elements ("Network management tools," 2014). The goal of fault management is to recognize, isolate, correct and log faults that occur in the network. Furthermore, it uses trend analysis to predict errors so that the network is always available. This can be established by monitoring different things for abnormal behavior. When a fault or event occurs, a network component will often send a notification to the network operator using either a proprietary or open protocol such as SNMP (such as HP OpenView or Sun Solstice–formerly Net Manager), to collect information about network devices or at least write a message to its console......

Words: 681 - Pages: 3

Premium Essay

Top 10 Laws of Security

...understand the laws of security, by which all sectors in an enterprise or government can empower security within their perimeters. The higher understanding of this laws, the better security implementation is realized. These laws can be applied in each business field or any business environment. Such laws can be implemented in any degree of simplicity or complexity. Therefore, it is important to understand the environment deeply before reflecting such laws, in order to meet security goals aimed by the owners. 1 Introduction It is proven that analysis of a system the key factor for successful management. These systems are collection of functional and non-functional components that work inherently to meet the strategic objectives of the enterprise. For that, it is important to control relations and processes among such components. Without providing an acceptable security level, all of these components are facing various risks. These risks are hard to be migrated to an acceptable level without good security management. This paper is aimed to urge the top 10 laws of security in any system. Each of which should work with collaboration of the others to gain sustainable framework and robust integration to secure the enterprise. 2 First Law: Security is a process, not a product This law is the conclusion of Bruce Scheiner’s well known book “Secrets and Lies”. It is predicted result the should be taken as the first law. Most of decision makers handle with security as being......

Words: 1692 - Pages: 7

Premium Essay

Security Standard and Its Real World Application

...Assignment 4.4 For this assignment I have been asked to relate a well-known law to real-world applications, so for this assignment I decided to discuss the Sarbanes-Oxley Act I am going to explain what it is then list two real life businesses this Act falls under. The Sarbanes-Oxley Act was passed in 2002 and was enacted in response to a series of high-profile scandals that took place in the early 2000’s at companies such as Enron, Tyco, and WorldCom they rattled the confidence of investors. Sox was drafted by congressmen Paul Sarbanes and Michael Oxley what they aimed for was improvement on corporate governance and accountability. Sox was not just intended for corporations it was also meant for IT Departments that were in charge of storing the corporation’s electronic records. This law has a tremendous amount of regulatory standards all companies must comply with these standards. This law helps keep the corporation form going downhill and having to deal with a massive burden. This law asks that both corporations and IT financial department work together in ensuring that financial, corporate and technological controls provide accurate financial reports. The most important element of sox compliance is providing evidence that the financial applications and the supporting systems and services are completely secure to make sure that the financial reports can be trusted. This isn’t just used for corporations or IT departments it is also used for the public as well here are a......

Words: 404 - Pages: 2

Destino Final 2 | Velvet Feet Scholl Bundle | Blindspot 720p hevc