3 hrs to rewrite

profilere.bertyh.elpsfuben.t
CMGT245Week5InformationSecurityPolicyPresentationWeek2-5.pptx

Individual: Security Policy Presentation: Final Project

Mike Lecoin

University of Phoenix

Professor Jamie Rost

Agenda

Is to come up Information Security Policy for Ben company to make sure sensitive information remains secure.

And to make it is cost effective.

IT IMPLEMENTATION FOR BEN’S BUSINESS

The main uses for an IT system in Ben's business

Technology generally always impacts the business operations

Technology generally always has an impact on the business operations. IT system will allow Ben to connect with customers. In the business environment, it is important for employees to interact with the clients rapidly. Websites allows customers to find an answer to a question. Fast shipment help’s the businesses for moving goods over a large environmental area. The IT system will also protect the financial data.

4

The main uses for an IT system in Ben's business

Websites allows customers to find the answer to a question

The main uses for an IT system in Ben's business

Fast shipment help’s the businesses for moving products over a large geographic area.

The main uses for an IT system in Ben's business

IT system will help resolve support the operations management.

The main uses for an IT system in Ben's business

Transaction processing system will also help in making running the more efficient business operations.

The most common risks associated with this system

Software & Hardware failure’s.

The risk that comes with an IT system are software and hardware failures. Losing power and corrupted data is also a major issue. Viruses, Malware, and Trojan Horses get into a system and spread it self throughout the Network will cause problems.

9

The most common risks associated with this system

Power Loss & Corrupted Data.

The most common risks associated with this system

Hacker will try to break into the system.

We must make sure not to allow employees to use private email accounts on the workstations. And we need to setup policies on who has access to certain files

11

The most common risks associated with this system

Security breaches include physical breaking as well as intrusion online

A prioritized list of the risks identified

General Information Technology Threats

The prioritized list of risks have been identified.

1. Software & Hardware Failure

2. Virus

3. Malware

4. Human Errors

5. Phishing & Spams

6. Criminal Threats

13

A prioritized list of the risks identified

Software & Hardware Failure

A prioritized list of the risks identified

Virus

A prioritized list of the risks identified

Malware

A prioritized list of the risks identified

Human Errors

A prioritized list of the risks identified

Phishing & Spams

A prioritized list of the risks identified

Criminal Threats

Mitigations to handle the risks

Install antivirus

Install antimalware

1. Install antivirus

2. Install antimalware

3. Install backups and UPS

4. Install firewall

5. Make sure to properly train IT staff and other employees on proper security

6. Make sure employees change there passwords every 60 days and to make the long and use numbers and characters.

20

Mitigations to handle the risks

Install backups and UPS

Mitigations to handle the risks

Install firewall

Mitigations to handle the risks

Make sure to properly train IT staff and other employees on proper security

Mitigations to handle the risks

Make sure employees change there passwords every 60 days and to make the long and use numbers and characters.

The Justification for the Prioritizations

To prevent customers and employees personal Information for being compromised.

To prevent customers and employees personal Information for being compromised.

If we do not take these measures it will cost us more in the long run and we will be liable for any data breach's.

25

Individual: Security Risk Review/Contingency Plan

Off-Site Storage in Case of Flooding

Datacenter downtime means Ben can’t serve his customers and it can’t execute transactions, leading, potentially, to thousands of dollars of lost revenue.

26

The key elements to include in a plan that will help ensure that Ben will be able to continue to service his customers following a flood

It very critical for data protection to house your data and backups in separate locations. To ensure continued operations in case of flooding.

27

The key items to consider when creating a contingency plan in the event the offsite data backup becomes unavailable

Prioritization

Contingency

You must always have contingency plan in place is the process of preparing your organization’s assets and operations in case of a disaster. A disaster recovery plan must handle business issues such as alternate locations for conducting business.

28

Individual: Information Security Policy – Access Controls, Authorization, and Authentication

The benefits of implementing access controls for Ben's office

Customizable System

You Won’t Lose Your Keys

Key Cards are Harder to Duplicate

Easy to Log Activity

Remote Access

Cut Costs

Password authentication

Email Authentication

Biometric Authentication

Key point Authentication

Implementing access control systems will be an asset because of their customizability. You can allow some employees unlimited access, and others access at certain times. Your daytime employees might be granted access between 8-6, while your night staff might have different access. You can go for a keyless system using key codes, fingerprints or facial recognition. With a key card is a good option they can because it can be duplicated. Keeping track of who comes and goes will not only help you be aware of who is inside your building, but will provide a detailed record in the event that there is an issue. A great feature of access control systems is their ability to be controlled remotely. Let’s say someone wants to get inside a room or building and you do not want them to have the code you can let them in remotely. To cut down on cost You can program your access control system to turn off lights, turn down your heat, and control other cost-saving factors. While password authentication is the most common way to confirm a user’s identity it not very secure anyone can get in if they know your password. There different ways of authentication. One is Email authentication that allows users to securely log in using just an email address.. Two is Biometric authentication includes any type of authentication method that requires a user’s biology. And Key point authentication confirms an online user’s identity.

30

Potential issues related to wireless security

Data Interception: Data sent over Wi-Fi can be captured easily, within a few hundred feet even farther with directional antennas

Denial of Service: WLANs are vulnerable to DoS.

Rogue Access Points: Business network penetration by unknown, unauthorized Access Points.

Endpoint Attacks: A compromised endpoint provides everything an attacker needs to gain a foothold on your network, steal data, and potentially hold it for ransom.

Evil Twin Access Points: An evil twin, in security, is a rogue wireless access point that masquerades as a legitimate Wi-Fi access point so that an attacker can gather personal or corporate information without the end-user's knowledge.

Wireless Phishing: In addition to the above man-in-the-middle application attacks, hackers continue to develop new methods to phish Wi-Fi users.

Data sent over Wi-Fi can be captured easily, within a few hundred feet even farther with directional antennas. One two keep from sensitive information protected when using Wi-Fi is combining two factor authentication and VPNs to keep sensitive business information secure. This layer of defense is also useful with your personal information. VPNs make it difficult for hackers to read your password.

31

The advantages and disadvantages of cloud technologies

Advantages of Cloud Computing

Cost Savings: With cloud computing, you can save substantial capital costs with zero in-house server storage and application requirements.

Reliability: With a managed service platform, cloud computing is much more reliable and consistent than in-house IT infrastructure.

Manageability: Cloud computing provides enhanced and simplified IT management and maintenance capabilities through central administration of resources, vendor managed infrastructure.

With cloud computing, you can save substantial capital costs with zero in-house server storage and application requirements. With a managed service platform, cloud computing is much more reliable and consistent than in-house IT infrastructure.

32

The advantages and disadvantages of cloud technologies

Advantages of Cloud Computing

Cost Savings: With cloud computing, you can save substantial capital costs with zero in-house server storage and application requirements.

Reliability: With a managed service platform, cloud computing is much more reliable and consistent than in-house IT infrastructure.

Manageability: Cloud computing provides enhanced and simplified IT management and maintenance capabilities through central administration of resources, vendor managed infrastructure.

With cloud computing, you can save substantial capital costs with zero in-house server storage and application requirements. With a managed service platform, cloud computing is much more reliable and consistent than in-house IT infrastructure.

33