Information Technology

Q1)

a) What control policy is required in order to prevent unauthorized access and damage to facilities?

b) Write 2 example controls that are required for securing Offices, Rooms, and Facilities.

The server room should be locked.

All servers should be locked down, before the server is turned down for the first time, the server room should be locked up. There should be policies showing that the room should be locked when there is no one in the occupancy. The policy should also show who is authorized to enter the facility. The server room should be at the center of the company, routers and switches which their protection should be maximized to avoid damage to the whole network. The surveillance should be made so that should someone make attempt at entering the server room, they are recorded. Another solution should be having automated logbook and have authentication system incorporated. A video to avail the surveillance scans. The scans should made a call notifications if any detected.

Q2) Give two examples for protecting the equipment in an organization.

The following are the ways in which the equipment can be protected in an organization. Lock the server room, the server rom should be guaranteed to be blocked. The major aim of the lock is to bar the people from entering the server room whenever the server room is unoccupied. A constant observation is a requirement for a server room. A log book will be required to have an entry to the server room. A video observation is very important element in ensuring that the people entering the rooms can be discovered easily.

Secure messaging

01 Marks

Learning Outcome(s):

LO 5: Use effective, proper and state of the art security tools and technologies

Q3) Email is the most preferred way of communication in many sectors currently. Apart from its advantages in communication, emails are also prone to cause various threats to the information technology framework. Explain in the various threats (at least 2) of emails being sent over the internet or a network, and the techniques (at least 2) to protect the messages sent over emails.

There are many threats that come with emails, one example is someone asking for an email, send to you in order to ascertain the original address. Most scammers do not care if they are swindling because what is required is your money. Another feature in the email box is the auto-download, the business purpose for the email addresses and the junk emails that populate email address. Junk email will help in protecting the person from the sample email. Another feature of emails is that they can be hacked. The messages sent via email should be encrypted for there are hackers who can participate in intercepting emails. One tool that could be used is windows Desktop Standard, the software is a paraphrase-based encryption. Hushmail can also be used in sending secure emails.

Log management

01 Marks

Learning Outcome(s):

LO 5: Use effective, proper and state of the art security tools and technologies

Q4) Describe the activities involved in log management. How to select the appropriate data to log.

The following activities would be used in managing the logs..

· Check the event logs

· Check for the Instant messaging, IRC and transaction logs to analyse

· Message Logs

· Evaluates the results of the latest risk assessments.

· Check for the transaction logs

The activities are important in understanding the system designs and devising the system architecture.