week 2 IT470: Computer

Running head: Ds 2 1

Ds 2 9

Student 1

Computer Security

Meenakshi Sethi

I Global University

 

1) Computer security is essential to the protection of personal information and your company’s intellectual property. Please name some common procedures companies use to prevent business assets. Make sure to use real examples and share any resources you have studied?

 

Here are some helpful things, but that few companies regard or perform effectively. They are nothing more than common sense. (As Voltaire remarked, common sense issue is that not everything is that common.)

1. Identify what needs to be protected and why. If everything is classified, nothing is classified. Many businesses or organizations over-protect information that simply is not that important for rivals, enemies or foreign governments because of their feeling of vanity or reluctance to analyze it. This squander security resources and distracts focus from the actual security need.

2. Always remind your employees with sensitive IP access what to protect, why to defend it and what to safeguard it, and what the business (and them) may have if it flees.

3. Make sure your employees without IP access know what to do if they find IP securing accidentally.

4. Limit the amount of sensitive IP copies and highly encrypt them while traveling outside the globe, for example on laptops.

Question two

2) What is NIST 800-115. Explain how it works?

 

The NIST is an organisation, a member of the U.S. Department of Commerce and aims to become a leader in innovation and technology by offering fair standards and solutions. NIST's key competences are measurement science, rigorous traceability, and standards creation and application. These fundamental competences affect the dependability of the information the company produces. As a behemoth in the industry, NIST is able to establish quality guidelines that may be utilized by companies to build safe information security procedures and conduct security tests (Gupta et al. 2020). 

NIST provides papers that may assist build additional techniques and procedures utilized by ISS experts. NIST SP 800-115, the Testing and Assessment Technical Guide for Information Security, is one of the papers used to develop and plan appropriate safety procedures and processes. NIST SP 800-115 is a useful reference for penetration testing that may impact the technique employed by pen testers when testing for organizational vulnerability. NIST SP 800-115 should instead be useful in verifying that the security measures of your business are as secure as you anticipate them to be. That is why penetration testing agents gravitate to the concepts presented in NIST SP 800-115, since they provide unambiguous advice on the search for vulnerabilities.

References

Gupta, B. B., Perez, G. M., Agrawal, D. P., & Gupta, D. (2020). Handbook of computer networks and cyber security (p. 959). Springer.

Student 2

1. Computer security to the protection of personal information and company’s intellectual property.

The internet has been known as the information expressway. In any case, with hackers, scammers, and other bad guys attempting to take your personal information on the web, it's a smart good way to realize how to lock down or secure your devices, network, and information. That way, your Social Security number, passwords, or account numbers don't go speeding along the expressway to the scammers (“ConvoCourses,” n.d.).

· Select security questions that tell the answer to

· Safeguard Your Home-Network

· Safeguard Yourself While on Wi-Fi

· Keep your internet browser, operating system and security software up to date.

· Create and use strong passwords

· Locked Your Devices

· Use multi-factor authentication

The need to ensure intellectual property, regardless of whether it's copyrighted music or a secret ingredient, has consistently been important for makers. But, with regards to our quick developing and rapid rise of modern worldwide lifestyle, the threat to intellectual property has grown and turns out to be more complex, to be specific because of innovative technology and the requirement/needs for cybersecurity. Intellectual property and cybersecurity influence more than most people are aware. Learning the nuts and bolts of both gives a unique viewpoint on exactly how much the both points influence the world around us and to the utilization of technology in our personal lives (Souppaya & Scarfone, 2008).

Common procedures companies use to prevent business assets.

Lots of business owners are discovering that their assets are not too secured as they think. Smaller businesses with a couple or few employees dealing with the finances are especially susceptible to misappropriation of assets. If you there are no checks and balances to confirm that the transactions are accurate or fitting (Scarfone et al., 2008).

The most ideal way to protect your organization's assets is to recognize and further development in your weaknesses procedures. The business practices and procedures can assist one with limiting or minimizing potential inner control issues (Read "The Digital Dilemma, n.d.):

- Related duties should be assigned to different people: Certain operating functions and accounting are designed to reference each other for correctness.

- Know your employees and examine behavior changes: Always have a habit to verify employee that is coming from references before hiring. 

- Look at supporting documentation always before you sign a check or giving an authorization to a transaction.

- Set the tone at the top: Management should set an ethical air in the working environment and maintain those qualities consistently. 

- Lock and protect your valuables: Keep signature stamps, blank checks secured and deposit checks and cash daily.

All of this restricted rundown of internal controls can assist with financial discrepancies and secure your organization's assets as well as recognize the magnificent endeavors of your staff.

Real-Time Example:

Thomas Donohue, CEO of the U.S. Office of Commerce, on a most recent released on the significance of securing intellectual property in the period of Coronavirus, as new drug licenses are filed. He clarifies the importance of licenses or patents, from expanding interests in biopharmaceutical research to fostering participation between the government and the private area. His call for awareness demonstrates the significance of IP assurances on businesses and our regular day-to-day life of all way down to the medication we take (Thomas J. Donohue, 2013).

2. NIST 800-115 & Work

The National Institute of Standards and Technology (NIST) is a statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. NIST takes all the responsibility for creating standards and guidelines. NIST SP 800-115 gives, as a specialized in technical guide, a few rules concerning the associations on arranging and conducting technical specialization in information security appraisal and testing ([email protected], 2020). Furthermore, it proposes examination and improvement techniques for discoveries and mitigation strategies. This including minimum necessities, for giving satisfactory information security to all organization tasks and assets; yet such norms and rules will not make a difference to public safety frameworks. This rule is predictable with the prerequisites of the Office of Management and Budget (OMB) Circular A-130, Section 8b (3), "Securing Agency Information Systems," as investigated in A-130, Appendix IV: Analysis of Key Sections. Supplemental information is given in A-130, Appendix III ([email protected], 2020).

This guidance on NIST methodology includes (Harvey, 2019):

· Security Testing and Examination Overview

· Roles

· Policies

· Techniques

· Methodologies

· Review Techniques

· Documentation Review

· Target Identification and Analysis Techniques

· Wireless Scanning

· Ruleset Review

· Vulnerability Scanning

· System Configuration Review

· Network Sniffing

· Log Review

· Network Discovery

· File Integrity Checking

· Network Port and Service Identification

· Target Vulnerability Validation Techniques

· Penetration Testing

· Password Cracking

· Social engineering

NIST additionally defines penetration testing as security testing in which evaluators mirror certifiable attacks trying to recognize way to circumvent the security highlights of an application, framework, or network. Most penetration tests include searching for combinations of weaknesses on a single system or multiple systems that can be utilized to gain access than could be accomplished through a single vulnerability (Penetration Testing, 2019).

 

Common work techniques are into three categories:

1. Review Techniques & testing - process or cycle of practicing at least one assessment objects under specific conditions to look at real and anticipated behaviors.

2. Target Vulnerability Validation & Examination - process or cycle of checking, examining, inspecting, noticing, studying, or analyzing at least one appraisal objects to work with comprehension, accomplish explanation, or get proof.

3. Target Identification/Analysis & Interviewing - the way toward leading discussions with people or gatherings inside an association to work with comprehension, accomplish explanation, or recognize the area of proof.

References

 ConvoCourses. (n.d.). ConvoCourses. Retrieved July 21, 2021, from http://www.nist80037rmf.com/tag/nist-sp-800-115/

Harvey, S. (2019, October 17). How NIST SP 800-115 Informs Information Security & Pen Test Practices. KirkpatrickPrice Home. https://www.kirkpatrickprice.com/blog/how-nist-sp-800-115-informs-information-security-practices/

[email protected]. (2020, January 12). NIST SP 800-115 [Text]. NIST. https://www.nist.gov/privacy-framework/nist-sp-800-115

Penetration Testing. (2019, November 14). DIB SCC CyberAssist. https://ndisac.org/dibscc/implementation-and-assessment/vulnerability-and-risk-management/penetration-testing/