Final Project
4
Information Security Plan
Information Security Plan
Authentication and Encryption
Authentication is used to determine the identity of a person accessing the information on a site. It involves the use of a user name and a password. Authentication will also be carried out through fingerprints, voice recognition, and retina scans. The authentication will not determine the tasks an individual can engage in or the files that one sees. The process only identifies and verifies the identity of the person or the system.
Encryption involves the transformation of data to an unreadable form by anyone without decryption keys. The encryption process utilizes several protocols such as Socket Layer (SSL) protocols and Secure Shell (SSH) protocols. Data that utilizes SSL transactions are usually encrypted between the browser and the webserver. Encryption allows data to be sent across the internet with minimal risks of being intercepted (Safa et al., 2016). This is especially important for critical data such as credit card numbers and social security numbers.
Roles and duties of a System Administrator
The systems administrator is responsible for monitoring and alerting any key concerns/issues in the organization's infrastructure and applications. A system administrator must know how to set up alerts based on monitoring thresholds to obtain on-call notifications during significant incidents. The systems administrator should be knowledgeable on how to use external system outputs and metrics to determine the health of their systems (Moody et al., 2018).
A system administrator is in charge of the administration of all applications and services. The system administrator is also responsible for managing passwords and SSO practices and policies in the organization and aids other employees in accessing the system. The administrator also offers procedures and sets policies on how files are organized and shared within the organization. This offers security from external attacks and allows easy access to files. The system administrator is also responsible for software installation and updates to minimize the threat of attacks. Above all, the administrator should advocate security to all staff during the formulation of policies and installation of servers.
User Responsibilities
Users are also responsible for cyber security protection within an organization. All users are expected to have a basic understanding of cyber security risks and how to avoid falling victim to cyber-attacks. The users should be willing to engage in educational activities organized by the organization's management (Moody et al., 2018). Users are also expected to abide by cyber security policies and procedures. Such policies include an acceptable usage policy, email usage policy, and BYOD policy, among others.
Auditing
Identifying regular cybersecurity audits helps organizations establish rules for handling sensitive customer and employee information. Auditing also helps the organization remain update with security measures. It also helps identify physical security vulnerabilities Auditing also helps in formulating new security policies for the organization (Moody et al., 2018). It prepares the organization for emergency responses during cybersecurity breaches.
Configuration
Configuration involves security measures implemented when installing and building computers and networks devices to reduce vulnerabilities to cyber-attacks. Configuration helps in reducing the risk of outages and security breaches (Safa et al., 2016). Accurate records ensure formal configurations in control processes.
References
Moody, G. D., Siponen, M., & Pahnila, S. (2018). Toward a unified model of information security policy compliance. MIS quarterly, 42(1).
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. computers & security, 56, 70-82.