SlideShare a Scribd company logo

COMPUTER SYSTEM SECURITY.docx

Download as DOCX, PDF
T
ToobaTanvir3

COMPUTER SYSTEM SECURITY.

Engineering
1 of 43
1 Contents INTRODUCTION.......................................................................................................................................2 ASSESSRISKSTO IT SECURITY..................................................................................................2 IDENTIFYTYPES OFSECURITY RISKSTO ORGANISATIONS........................................2 METHOD TO ASSESSANDTREAT IT SECURITY RISKS............................4 ORGANIZATIONALSECURITYPROCEDURES...............5 IT SECURITY SOLUTIONS.........................................................................................7 Potential impacttoIT securityof incorrectconfigurationof firewall policiesand Third-party VPNs...................................................................................................................................7 ImplementingaDMZ, staticIP andNAT ina network Can improve network security.............................................................................................................10 THREE BENEFITSTO IMPLEMENT NETWORK MONITORINGSYSTEMS WITH SUPPORTIG REASONS........................................................................................................13 MECHANISMS TO CONTROLORGANIZATIONALITSECURITY........................14 RISKASSESSMENT PROCEDURES......................................................................14 DATA PROTECTION PROCESSESAND REGULATIONSAS APPLICABLE TO AN ORGANIZATION..................................................................................................................17 THE ISO31000 RISKMANAGEMENT METHODOLOGY AND ITS APPLICATION IN ITSECURITY....................................................................................................18 POSSIBLEIMPACTSTO ORGANIZATIONALSECURITYRESULITNG FROM AN IT SECURITY AUDIT.................................................................................................................19
2 INTRODUCTION As the globe evolves, more connected via the internet, more businesses are revealing part of their system data to the public. As a result, it is critical to understand what data of the organization is being exposed to the public and who is accessing thatdata. While workers nowadaysareableto connect and sharedata basically from any location, this also necessitates the need for them to ensurethat the communication is safe. The security of an organization's data is very crucial. ASSESS RISKS TO IT SECURITY ORGANISATIONS'SECURITY RISKS The following are the most common sorts of security risks that may or may hurt your business: • HACKERS • VIRUSES • SPYWARE • ADWARE • WORMS • SPAM • TROJAN HORSE • ROOTKITS 1- Hackers- They are those who research ways to infiltrate a computer system or an entire network of computers. Mosthackers targetbusinesses in order to get
3 financialgain. Inorderto protectyourorganization'sdata,youmustmaintain a high level of alertness at all times. The prevention of hackers from assaulting enterprises requires caution and the implementation of a security strategy, which should include file sharing and data management, both of which should be safeguarded. To keep hackers out of the organization's resources, itis essential that they be protected. 2- Virus- This is a little softwarepackagethat is designed to causeharmto a computer or the files stored on a computer. This programme creates itself and also operates within the computer or its files at the sametime. Viruses may grab information away from the computer, duplicate the information, or destroy the information fromthe computer, and this can posea significantdanger to companies. 3- Spyware- Additionally, this is a piece of softwarethat grabs or even is responsiblefor monitoring data or information from servers; this may occur over the internet without the need of a special programme the involvement of specific employees. Ifspywareis puton a device used by an organization,the individual who installed it may monitor any activity on that device. 4- Adware- The term refers to when pop-ups appear on your computer, for example, advertisements. Many workersin businessesmakethemistakeof clicking on or downloading adware, which allows the company to gather information without anyone's knowledge.
4 5- Worms- The term "worm" refers to software that is installed in a network or that arrives squirming. Worms are distributed in order to self-replicate fromone computer to another; worms do not need the involvement of the user in order to propagate. This programme generates a large number of worms in a very short period of time. Worms may cause performance issues on your network as well as the introduction of harmful assaults into the organization's computer network. 6- Spam- A spam is a message that doesn't make sense and is sent to a lot of people who usethe internet. They can be illegal ads or spread malware. This usually comes in the formof emails that haveharmfullinks in them, which can make the mailserversofthe organizationveryfull. Thiscan also spreadmorespam. In the servers of the company 7- Trojan horse- To put it another way, Trojan horses aremalicious softwarethat is disguised as legitimate software. The Trojan horse is typically installed on a user's computer by cyber thieves or hackers in order for them to gain access to the organization'suser'ssystems.Oncea Trojan horseis executed and activated, it can be used to spy on the users, stealimportant information, or even gain access to backup data on the system. 8- Rootkits- A rootkit is a programme (or, more often, a set of programmes) that allows remote access and control of a computer or other system. There are many
5 different forms of rootkits that may be installed. When a rootkit is installed, it provides the user access to the operating systemand has complete control over it. METHOD TO ASSESS AND TREAT IT SECURITY RISKS Methods for evaluating information technology security risks Identify and arranging the belongings Among these assets are servers, client data, as well as the organization's most important and sensitive information and data. As a result, in this case, you will need to compile a list of all of the organization's highly sensitive assets. The following are really crucial for each and every belonging: • Software • Hardware • Data • Interface • Network topology Identify the threats- threats are anything that can harm the organizations or disrupt its security protocols. In today's environment, there are several tools for password cracking; some workers attach their login information on sticky notes on their monitors, which causes employees to communicate their login information with one another. While the changes required to accomplish this are costly, for example, installing fingerprint scanners in an organization can cost up to $200 per station. While not all departments require fingerprint scanners, some departments that handle sensitive information, such as the accounting department, may benefit from having them installed. Even if you implement multiple authentication methods in the organization, such as smart card readers, finger print readers, and so on. When a person steps away from their workstations, it is possible for someone else to make transactions or do something in their name instead of their own.
6 P2- DESCRIBE EXAMINATIONS ORGANIZATIONALSECURITY PROCEDURES These precise instructions are laid out step by step and illustrate how to implement security measures in accordance with the organization's policy. Security procedures are also known as security policies. In order to ensure that the security control is implemented reliably, these processes must be followed exactly as described. When there is a business-related security process in place, these processes must be followed at all times. The Common Procedures Everyone who works for the organisation should be provided with their own identification card, which should be documented in the organization's system. In the event that an employee is intended to join the organisation, a security guard should verify to see whether the workers match the organization's records by looking at their names, pictures, and identity numbers, among other things. The individual should only be permitted if their data matches that of the organization's records and if their visage matches that of their identification images. If a virus has been found in a network or if a virus is soon to be detected, Information Technology may decide to disconnect the organization's network from the internet if no further protection is provided by the equipment in question. Furthermore, if a portion of the network is contaminated with a virus, the IT system isolates both the virus-infested portion of the network and the virus-free portion of the network. Devices such as computers, phones, and other electronic devices that are infected with a virus will be unplugged from the organization's network if this occurs. Because of this, the device that was infected with the virus should be cleansed and properly examined to ensure that there is no further risk of infection, and the equipment should be checked by a professional technician before it is reconnected to the organization's network. The organisation should install anti-virus software on the device to prevent the infection from re-entering the device. If a file becomes infected, it should be thoroughly cleaned; if it cannot be cleaned and has been backed up, the infected file should be removed completely and the backed up file restored; if there is no backup and the file cannot be cleaned, the file should be removed from the network immediately. If there is no backup and the file cannot be cleaned, the file should be removed from the network immediately. Laptops, PCs, and other electronic devices belonging to the company should not be left unattended for the sake of their security. Individuals utilising the devices should be held accountable for the devices they are provided by the organisation, and all cash should be
7 stored in a vault protected by lock and key at the organization's office, with the key retained with the right staff. Any theft that occurs should be reported as soon as possible to the appropriate person, if possible to the authorities. Employees should be provided with a multi-layered security method, each employee should have a powerful firewall that protects their internet connection, and the organization's server should be protected by powerful antivirus software. On the other hand, let us say Email filters should be installed on all company servers, and these filters should check all emails that have been sent to the organisation, as well as any harmful attachments in the email. If a pop-up window indicates that the email contains harmful viruses or other harmful content, the employee should not be allowed to open the email. Employee protocols should be rigorously adhered to, and no employee should be permitted to leave the office after hours unless they have received permission from their managers. Employees who are required to work longer hours should speak with the building's administration about the possibility of having their automobiles or other vehicles stored until their duty is completed. IT SECURITY SOLUTIONS The possible effect on IT security of incorrectly configured firewall settings and third-party VPNs What is a firewall? To begin with, a firewall is a form of security technology that may be used to filter certain types of traffic that travels across a network such as the internet, such as email. This device further examines everything that comes into and leaves the network and makes a decision on whether to allow the item in question or to prevent it from coming into or leaving the network altogether. In addition to software and hardware, firewalls may also be accessed over the cloud. What are firewall policies? Network traffic that should enter and depart the network should be managed according to the firewall rules of a company. It also contains information on the settings that should be enabled and deactivated in a certain policy.
8 The impacts of incorrect configuration Firewalls that are set improperly not only pose a hazard to the business, but they also pose a threat to the individuals who use the network on behalf of the firm. If a firewall is penetrated, it indicates that either the relevant logs are missing or that the company's assessment will take a lengthy time. Firewalls are critical components of a company's security architecture, and they must be installed correctly and at the appropriate time. What are the leads to a security breach? A breach is defined as an occurrence that demonstrates illegal access to networks and services inside a network. This occurs as a result of gaining access to the network by breaching the company's security. A security breach occurs when an unauthorised piece of software, or even an application, gains access to an information technology system without authorization. Breach investigations are constantly monitored in many firms, and they are minimised by the use of software or firewalls.Ifa security breach happens and is noticed in the company, a firewallwould notify the network administrator; as a result, if there is no firewall in the organisation, a hacker may easily get access to the organization's computer system. The loss of the performance It is possible to have issues with firewalls even if they are present on the network if the settings are difficult to understand. A decrease in network speed may ensue, and the firewall may be unable to provide complete protection in this situation.. It is not recommended to allow for a dynamic change in a configuration that has been in place for some time since it may result in a loss of performance and hence a reduction in security. Testing and verifying are two approaches for detecting misconfigurations.
9 What is a VPN? VPNs (virtual private networks) are a kind of network that enables users to securely connect to another network via the internet. A virtual private network (VPN) may also be used to access websites that are blocked to certain geographical areas. Impacts in third party VPNs for wrong configuration VPNs are becoming more safe in today's world. However, although IPsec is the most secure VPN available, SSL VPNs have several difficulties to overcome, especially when using web browsers. The web browser that is used in conjunction with the SSL VPN is the most important component of the VPN network. Because web browsers make security claims, there is a risk of security breaches occurring when using them. Back to IPsec VPNs: they are divided into two parts: the VPN client and the VPN gateway, which are both connected to the same network. Suppose a client is using the AES128 encryption method and then switches to the DES encryption algorithm. This would result in a significant drop in security since the DES algorithm has a very low encryption strength and also has the disadvantage of being relatively simple to hack. How misconfiguration of VPN can be avoided VPN misconfiguration may be prevented by sharing a preconfigured VPN customer with a locked- down configuration, which reduces the likelihood of mistakes. Access will not be granted to anybody who is not permitted, in other words, it willprohibit any modifications from being made. It also gives the network administrator/s the ability to make changes to the VPN's settings. A management systemshould be implemented so that the controlling systemcan ensure that only legitimatesettings are accepted and then sent to VPN users,hence avoiding any misconfiguration with the VPN users. By incorporating a DMZ, static IP addresses, and NAT into a network, network security may be enhanced. DMZ-
10 A DMZ (also known as a Demilitarized Zone) is a computer security term that refers to a subnetwork that is used to provide a service to an organization's customers. Fundamentally, it serves as an open gateway to a network that is not trusted, which is often the internet. In the example above, two firewalls are used to create a DMZ. As indicated above, the DMZ network drives the two firewalls in this case.The perimieter wallis the first of two firewalls,while the internal wall is the second. In the DMZ, the perimeter firewall is set to let outside traffic through to the DMZ alone. In order for traffic from the DMZ to be able to travel into the internal network, the internal firewall must be set in a certain manner. The fact that two devices must work together before any attacker can get access to the network is well recognised as a safe practise. How implementing a DMZ would improve the security of a network A DMZ is a network segment that is used to offer an additional layer of protection to an organization's network. The DMZ provides additional protection by detecting security breaches before they reach the internal network where valuable files are stored. For example, if there are two servers; an application server and a database server, a connection should be established to the DMZ with the application server and the firewall, with the database server being the most secure behind the DMZ, as the application server is used by users but the database server is used by the database server. As a result, the DMZ provides a distinct edge.
11 Static IP address- In order to avoid having an IP address provided by a DHCP server, a static IP address may be established manually in a device. This IP address is referred to as a static IP address since it will not change over time, while a dynamic IP address will change. It is possible to set static IP addresses for devices such as routers, desktops, laptops, phones, and other devices that need an IP address. This is often accomplished via the use of an IP address, which may be provided by a router, or by manually entering the address into a web browser. An example of a static IP address is shown in the figure below. How implementing the Static IP address can improve the networks security By assigning a static IP address to the firm, the network of the company receives an additional layer of protection against any security concerns that may arise in the network. It is simple to maintain and to supply a static address when using a static IP address. It becomes easy for network administrators to monitor any internet activity and also provide access to any certain users at certain periods. The use of a static IP address provides enough protection against any security issues that may arise from the use of dynamic IP addresses. What is NAT (Network Address Translate)? This is a process where a network device gives an address but a public address to a PC in a network. The use of NAT is used to limit the number of public addresses.
12 Types of NAT • Static NAT- This is one IP address linked to another IP address.A private IP address is effectivelymade public. This NAT hosts websites. • Post address translation- This approach may convert several local (private) IP addresses to a single public IP address. Port numbers indicate which traffic belongs to which IP address. • Dynamic NAT- This kind of NAT maps private IP addresses to a pool of public IP addresses. How implementing a NAT can improve the network security Network Address Translation (NAT) increases security by allowing IP addresses to be reused. This router transforms traffic entering and departing the private network to and from the Internet. This point is shown in the graphic below.
13 THREE BENEFITS TO IMPLEMENT NETWORK MONITORING SYSTEMS WITH SUPPORTIG REASONS What is network monitoring? Network monitoring is the use of a system that continually monitors a computer network for problems and alerts the network administrator through email, phone call, SMS, or other means. Network monitoring is vital to every firm. Its main job is to monitor the company's computer network and how it is utilized. It also checks for systemfailures or poor performance. Three Benefits of network monitoring systems • Fixing problems faster – The use of network monitoring software may make troubleshooting difficulties much simpler. Whether you're dealing with a configuration mistake or a traffic surge, network monitoring software can assist you in resolving issues once and for all. Live network maps assist the user in locating the cause of problems, while status displays offer performance metrics throughout the course of time. • Saves money- • Network monitoring can save you both time and money in the long run. It would be necessary to spend a significant amount of time testing if this were not the case. Not only would it be more expensive in terms of labour due to the testing, but it would also have a negative impact on productivity. If you are able to quickly identify and resolve network difficulties, you will be able to enhance your revenue. When things move more smoothly, it gives you more time to handle your company, which is beneficial.When you understand how all of your devices are employed to achieve speedy and effective expansion in capacity, you can determine how much more disc space is required. • Equipment upgrades-
14 Convincing the vast majority of executives that a server needs to be upgraded is insufficient. However, it is much more difficult to provide historical information regarding the functioning of this gadget over the course of the past year or so. Using network monitoring technologies, you may get a historical picture of how devices have behaved over time. Trend analysis allows you to determine if your current technology is capableof meeting your company's needs or whether you need to invest in new equipment. MECHANISMS TO CONTROL ORGANIZATIONAL IT SECURITY RISK ASSESSMENT PROCEDURES Risk assessment This is the process of identifying hazards and dangers that might affect the organization and determining the best measures to prevent them from entering. The goal of this process is to ensure that consistent methods of dealing with the use of risk evaluation methodologies are applied across all administrations within the Trust. Creating and maintaining a threat consciousness culture inside the organisation, which is reflected in both business planning and the activities assigned to leaders, is another priority. Promote risk-aware associations via hazard assessment and proactive risk management across all levels of government, and make training and assistance available to representatives who are responsible for hazard evaluations, among other things. How to assess risks in a work place 1- If you are a small business owner who is confident in your ability to understand the job, you may do the evaluation yourself. You may enlist the assistance of a conscientious employee, security agent, or health and safety official if your organization is larger. When in doubt, seek advicefrom someone who knows what they are talking about. But it is your responsibility to ensure that everything is completed properly. If you are doing the appraisal yourself, stroll around your working environment and take a gander at what could sensibly be required to cause hurt. Ignore the trivial and concentrate just on major threats that might do actual harm or interfere with IT gear. Inquire with your employees
15 or their agents about their thoughts. They could have observed things that aren't immediately obvious. Datasheet instructions from manufacturers may also assist you in identifying risks and putting opportunities into context. 2- 2- Even after all insurances have been taken out, there is still a risk of anything going wrong. What you must decide for each important hazard is if the extra risk is high, medium, or low in relation to the critical hazard. To begin, determine whether or not you have completed each and every one of the tasks that the law requires you to do. For example, there are legal requirements for avoiding entry to potentially dangerous items of hardware or equipment. At that point, inquire as to whether or not generally recognised industry guidelines have been established. Your primary goal is to reduce the severity of all risks by increasing your insurance coverage if necessary. 3- If you discover that something should be done, ask yourself. • Can I dispose of the peril by and large? • If not, how might I control the dangers so that mischief is impossible? Possibly utilize individual defensive gear when there isn't anything else that you can sensibly do. 4- 4- If the nature of your work will vary significantly over time, or if you or your representatives will be moving from one site to another, identify the risks that you can reasonably anticipate and assesstherisks that may arise from them, and then identify any risks that may arisefrom them and assess therisks that may arisefrom them, and soforth. If you see any unusual hazard when you arrive at a place, get information from individuals who are already there and respond quickly if it looks to be needed. 5- If you share a working environment, tell different businesses and independently employed individuals there about any dangers your work could cause the IT assets, and what insurances you are taking.
16 6- There is no compelling reason to show how you did your evaluation, if you can show that: o An appropriate check was made o You asked what may be influenced o You managed every one of the conspicuous critical risks o Taking into account the quantity of individuals who could be included o The safety measures are sensible, and the leftover danger is low Evaluations should be reasonable and adequate, not great. The genuine focuses are: • Are the protections sensible? • Is there something to show that an appropriate check was made? 7- Keeping the written record for future reference or usage might be beneficial in the event that a monitor questions your safety precautions or in the event that you are involved in any activity. It may also serve as a reminder to keep an eye out for certain problems, and it can aid you in demonstrating that you have followed the law. 8- You will be introduced to new machinery, chemicals, and processes at some point, which may result in the introduction of new hazards. The evaluation should be updated to reflect any significant changes in order to evaluate the potential for new risks. However, it is acceptable practice to do an occasional survey of your assessment. You should avoid adjusting your appraisal for each insignificant change, or even more, for each new position; however, if a new position introduces significant new risks of its own, you will need to consider them on their own merits and take whatever steps are necessaryto keep the risks to a minimum.
17 DATA PROTECTION PROCESSES AND REGULATIONS AS APPLICABLE TO AN ORGANIZATION The Data Protection Act (DPA) was enacted in 1988. It was intended to regulate how the organization's administrative body utilized information. This legislation protects people's personal information and sets forth the standards for how it may be used properly. These are some of the important security tests that must be undertaken to guarantee your organization is ready for any potential GDPR (GDPR) • IAM (Identity and Access Management) – For commercial operations, IAM is a framework that makes it easierto manage electronic and digital identities, which is referred to as identity administration. Digital identities are administered by an organization's regulations, which are accompanied by the technology required to facilitate the administration of identities. When you have adequate IDAM controls in place, it is easier to restrict access to personal data of authorised personnel to everyone. Two of the most important concepts in IDAM are task separation and minimal privileges, which ensure that employees have access to information and systems that are relevant to their jobs and are not restricted to information and systems that are not. • Data loss prevention (DLP) – In terms of the General Data Protection Regulation, data loss prevention is critical to preventing personal data loss. Technical protection measures, such as DLP devices, will be critical in preventing infringement. General Data Protection Regulation (GDPR) defines a company's duty for lost or stolen personal data, regardless of who possesses or maintains it. Despite the fact that the flow of personal data to the network is limited to give additional security, DLP provides higher protection against threats for all personal and organizational information. • The policy management – The security checks stated before shall be held legally responsible for this policy, according to the policy. In a constantly changing network security environment, it must
18 be completely certified by the industry and implemented across the whole organisation in order to monitor and update security checks.. It is necessaryto recognize organizational policies and training policies in order to ensure that policies are communicated effectively and that policy substance is comprehended. Compliance with the GDPR is impossible without effective policy administration, which must be regulated and followed. • Third party risk management where does responsibility lie in the event of an infringement when an organisation delegated the processing of personal data to another department? THE ISO 31000 RISK MANAGEMENT METHODOLOGY AND ITS APPLICATION IN ITS SECURITY A well-known worldwide standard, ISO 31000 was developed to assist enterprises in efficiently managing their risks. Companies may use ISO 31000 as a practical document to develop their own risk management strategies since it gives fundamental rules, processes, and procedures for managing any kind of risk in a clear and systematic manner. In line with ISO 31000, "any commercial or public businesses, organizations, groups, or individual firms" may be employed. It is possible that risks to the organization's economic performance and reputation will be negatively affected by factors such as environmental performance and safety, as well as by the society. Therefore, risk management enables the organisation to operate effectively in an uncertain environment. Among the ideas, structures, and methods covered by ISO 31000 are suggestions for improvement. How does ISO 31000 help organizations? • Improves the organization’s financial reporting • Improves the identification of threats • It increases control • It improves organizational learning • Improves organizations resilience • it reduces loses • this increases the partners trust and also their confidence
19 • it is dynamic and responsive to change • it is reliable for making and planning any decisions • the health and safety performance is improved therefor environmental protection IMPACTS TO ORGANIZATIONAL SECURITY RESULITNG FROM AN IT SECURITY AUDIT What is an IT security audit? Organizations, including cybersecurity companies, may test and analyse their whole security posture using a security audit, which is an advanced description of how to do so. You may need to conduct more than one kind of security audit in order to get your expected results and achieve your business objectives. how often can IT security auditing be used? While the timing of a security audit is entirely up to the business, it is strongly suggested that they be conducted twice a year. The interval between audits is determined by the organization's size. There are other considerations to consider, such as the complexity of the organization's information technology systems. Impacts in security audits Reduce risks - An IT audit is a process that involves examining and detecting hazards associated with information technology in an organisation. Integrity, confidentiality, and availability of infrastructures and processes in information technology are all issues that are often included in an IT audit. Many more dangers are present in the areas of efficiency,efficiency, and IT reliability. It will be easy to understand clearly how the insurance risk may be conveyed if risks are well investigated.Risks may either be decreased viacontrols or simply accepted as part of the working environment if risks are thoroughly investigated. Flow of data in the organization – Information/data is one of your major assets requiring the highest level of protection. In- and out of your business and who has access to this information, your IT security auditors establish the sort of information you have. All technologies and
20 procedures for your anti-data infringement actions are examined to ensure no data is lost,stolen, abused or manipulated. Otherwise, your clients or other impacted parties are at danger of having legal arguments. Cyber defense - Effectively counter the threat of hackers and other criminals manipulating the information systems for their own goals. It is necessary to maintain your IT system to manage your company through the whole day. In order to ensure that every file produced is utilized in future, it must be safeguarded. All confidential information should be subject to continuous key. Security audits in IT are supported additional common files having a backup of an information mirror when anything goes wrong external or cloud hard disk ensures that all the fundamentals may still be accessed. Not just downtime it impacts your productivity; it eventually impacts your business. Contents
21 Organizational security Designing and implementing a security policy for an organization: It is the basis of every safe firm to have a workplace safety policy in place. Your firm will benefit from having a security strategy in place, regardless of the kind of business you run or the size of your organization. Occupational safety and health objectives are outlined in this policy. Many security hazards may be avoided if a strict security strategy is followed. It is essential that all policies and procedures describe fundamental principles, norms, and definitions that are uniform across the company. If you want to add regulations such as making sure the badge is worn all the time or telling workers about the laws of using the safety camera at work, you can do so. You may also include actions such as putting in place physical and digital security measures. This security method piqued AiTi's curiosity. The strategy includes security goals, objectives, basic security management strategies, and policy execution on key security mechanisms. Employers must be aware of and follow precise security procedures to safeguard assets. Security policy underpins all security-related operations including strategy, design, implementation, and administration. The rules and procedures for network and information security are detailed here. Goal of this policy is to ensure appropriate security of AiTi business information controlled by computers. This policy applies to everyone using the AiTi Company's computer network. We'll call them "users" throughout this policy. The AiTi business or one of its affiliates owns and manages computer communication networks and data. Final User Password • • Employees, partners, and any third parties providing AiTi Company with intellectual property or personal or financial information must be safeguarded. Using a difficult to guess password is the first step to efficiently fulfilling an obligation. • AiTirequires a password of at least8 characters,with at leastone uppercase and one number or special character, to access information. • Passwords will expire once per year, or 365 days. Passwords must be changed or generated when they expire. The new password must be distinct from the previous three. • Passwords stored electronically should not be stored in a readable form where unauthorized persons may find it. Passwords cannot be written and left in place where people are not allowed to find it. • Passwords cannot be shared or disclosed to anyone other than authorized users. • If the password is suspected to be disclosedor known to have been disclosedto anyone other than the authorized user, it shall be changed immediately.
22 Login process Users must be recognised by the systembefore they may access any computer or AiTi community. User IDs and passwords are used by AiTi networks of businesses to guarantee that only authorised users may access their internal networks of firms. Unprotected Internet or remote AiTi systemor network connections still need a user ID and password combination. Modems, wireless access points, routers, switches, and other devices placed on workstations connected to the AiTi company's network are forbidden unless they fulfil all technical criteria and have a user authentication method authorised by the Information Technology department It is easy to connect in to the networked AiTi corporate computer systemand follow the offered instructions. The user must input both a valid user ID and a valid password to access some internal systems. The systemshould clear the screen and end the session if no activity is taken for a period of time. Only when the user has submitted a valid password must the session be reconstructed No more than 30 minutes is recommended. Suppression of a teacher's ability to conclude a lesson if the systemis physically secured by locked doors or safe room badge readers. Exceptions to this regulation will be permitted for class teaching activities. Except for electronic bulletin boards and other systems where all regular users are anonymous, users are prohibited from joining the anonymous AiTi systemor network of companies, For certain privileges, users must first sign in with a user ID that clearly identifies them or their affiliation before they may utilise system rights that allow them to change their current user ID. Restrict System Access It is necessary to limit access to computers that may connect people to AiTi's network of firms via its computer and communications system. It is possible to impose these limits via the use of routers, gateways, firewalls, wireless access points, and other networking components. It is necessary to use these limits in order to, for example, restrict the user's ability to log into a certain computer and then transfer from that computer to another computer. Process for Granting System Privileges A year must pass before destroying any supporting documents. • Unauthorized users or access to AiTi computers or networks must have the written approval of a current employee who is fully responsible for their conduct. Use the Sponsorship Account Request form. • Non-AiTi employee rights must not exceed 180 days. Every 180 days, the sponsors department head must authorise the nominated users. • Only system administrators or security employees should have special permissions, such as writing to other user files. A commercial or academic requirement must be satisfied to get the truth through the exception approach. System administrators must configure and modify the OS. • Before allowing Internet access or access to the computer or AI company network, a system administrator must verify the third-party vendor's academic business/requirement. Allowing
23 remote maintenance, for example, needs this access for a limited time. If a continuous or long- term connection is required, an extension must be requested using advanced user verification. AiTi's internal networks or multi-user systems connected to AiTi's internal networks need all users to agree to any rules imposed by the network Process to Revoking System Access • All user IDs should have their privileges revoked after 180 days of inactivity. It should be simple to deny users rights if the computer's access control subsystemor communication system is broken. If the access control subsystemfails, the system should be inaccessible until it is repaired. |||||||||||||||||||||||| An attempt to hack into an untrusted system, guess passwords or decode files may be a crime. Customers can't circumvent AiTi's security systemunless the director of IT Infrastructure Services authorises it or AiTi is compelled to comply. System security pranks and practical jokes are absolutely forbidden. • Management should assess user credentials annually based on their role inside the firm. Any user-unused permissions should be promptly withdrawn. • If a worker's employment status changes, the department head or director must inform IT (for IT-managed systems). Terminating an employee entails contacting Information Technology and any systemadministrators responsible for systems where the dismissed employee may have a user ID. Computer Virus, Trojan Worm and Horse • Virus protection software must be activated on the PC. This programme must be used to scan all software from third parties or other AiTi divisions before it is run. • Users are accountable for the harm caused by viruses on the computer systems they manage. Any user who detects a virus should contact the IT department to prevent further infection and have the virus removed by an expert (817.531.4428). • Before using any computer programme, make a copy and save it safely. This master copy may be used to repair computer viruses, hard disc crashes, and other issues. This includes software from sources other than business/academic/business colleagues, well-known systemsecurity authorities, computer suppliers or networks, or commercial software providers. Software from untrusted sources, such as electronic bulletin boards, shareware, and public domain, must be tested and authorized by the IT Infrastructure Services Director. Data Backup and Programs • Computer users must back up their data. Backups of servers and multi-user communication systems must be performed routinely. It is the office computer user or multi-user computer system administrator's responsibility to backup multi-user PCs without end-user interaction and during downtime. A few blocks distant from the backup system, media should be housed in fireproof freezers. Documents must be preserved according to the Business Office's Retention Schedule. After two years, other data must be properly disposed away.
24 Plans to restore non-IT-run manufacturing and production systems are developed, tested, and updated departmentally. A network service contingency plan must be provided by the IT department. Encryption of critical data on backup media. Portable Computer Confidential information should be marked on discs or other storage media. When not in use, this material should be put in a safe or secured furniture. Handling Network Security Information • The IT Infrastructure Services Director may assign people to examine computer security rules and other networks. The IT director of Infrastructure Services or his designee must be notified promptly of any suspected network security concern including intrusion and outward compliance. • If a user reports a virus attack soon after being seen, even if carelessness is a contributing element, no disciplinary action will be taken. Notify the IT department or service provider of any network or system software issues. • Information concerning AiTi company security measures for computer systems and communications is proprietary and should not be disclosed without the authorization of the IT Infrastructure Service Director. Publication of system access information in directories is forbidden. Violation AiTi network users who intentionally and intentionally violate this policy will be subject to disciplinary action up to and including termination, expulsion from the university, and / or legal action. Main components of an organizational disaster recovery plan, justifying the reasons for inclusion: This strategy ensures that when business data is lost or IT systems and networks are down, businesses can be restored quickly. The official Disaster Recovery Plan (DRP) should document the disaster recovery process. This eliminates the need for decisions and ensures everyone knows what to do. For unanticipated catastrophes, the disaster recovery plan (DRP) is an organized strategy with directives. With this step-by-step method, companies can promptly resume mission-critical services and reduce the impact of catastrophes. It typically includes business process analysis and sustainability requirements. Many organization’s conduct BIA and risk analysis prior to developing detailed plans, and set RTO and TRP targets (RPO). Certain types of disaster recovery plans
25 The DR plan can be customized specifically for the given environment: • A virtual rehabilitation plan Virtualization facilitates catastrophe recovery. Virtual environments can quickly create new virtual machines (VMs) and ensure high availability. However, the strategy must allow for testing of apps in disaster recovery mode and return to regular operations within RPO and RTO. • DR network plan The intricacy of networks makes developing restoration strategies difficult. It's critical to document, test, and update recovery methods. This plan's statistics will be network-specific, including performance and employees. • Cloud backup strategy. Cloud-based disaster recovery may be as simple as file backups till replication. The DR cloud may save space, time, and money, but it must be managed properly. He must know the real and virtual server locations. Securing the cloud is a typical issue that may be mitigated via testing. • Recovery strategy for data centres This sort of package exclusively covers data centre infrastructure. Building locations, electrical systems and protection, security, and office space are all factors in operational risk assessment. This strategy must cover all eventualities. Components of the disaster recovery plan of the organization Create a disaster recovery team: The Disaster Recovery Plan is developed, implemented, and maintained by this team. Individual duties and contact information should be included in the Disaster Recovery Plan. For emergencies or anxieties, the Disaster Recovery Plan should specify who to call. A catastrophe recovery plan should be communicated to all personnel. Creating a team for disaster recovery is important because it helps the company prepare ahead. An office virus is perplexing and distressing in the case of a catastrophe. Nothing positive comes from all the confusion and confusion. No one knows who can switch it on or how to start it. The catastrophe recovery plan outlines who, how, when, and where. That is, your team will know precisely what to do and who to blame. A firm' professional image and client connections are more likely to survive a data catastrophe when it can respond precisely. • Determining responsibility: In the case of a catastrophe, your recovery plan should specify who is in charge of what. Create a clear picture of who is responsible for what. This helps everyone participating in the rehabilitation process communicate better and feel less stressed. So long as you and your third-party supplier are both aware of your responsibilities, you may work together effectively. A catastrophe recovery strategy must clearly demonstrate ownership. the team did not err in defining and assigning their respective duties when the disasters occurred. They know their roles before the calamity and can perform them when it happens. Document recovery: • Your company's critical records might be lost in an instant in a fire. When papers get wet, they start to deteriorate quickly. Document loss can be disastrous without proper preparation and recovery. Luckily, there's a solution: • Safes, inboxes, or folders are good places to save essential papers that might impair operations if they are lost.
26 Store essential papers in safe deposit boxes or other off-site locations. • Store all firm records in a cloud-based system accessible fromanywhere. Many organization’s provide secure scanning services and may automatically upload and save scanned documents. • Keep important papers above, not in the basement or street. • A list of companies that can recover damaged documents such as movies, books, pictures, etc. Polygon specializes in document cleaning and recovery utilizing cutting-edge methods. The safety of your personal data is ensured by our secure methods and facilities. • Employee communication and preparation: Your staff can help rebuild after a calamity. The strategy is pointless if staff cannot prepare or restore. Participation of at least one person from each department, including senior management, is an excellent method to start worker training on disaster recovery plans. It is strongly advised to form a committee to address the numerous concerns. Additionally, committee members may instruct their departments' workers on how to prepare for and recover from disasters. When including your staff in emergency preparedness, ensure sure many people are aware of the critical steps. So clever strategies won't fail because you can't get the most familiar people's information. • Assets inventory: Your company will not fully recover if you do not know its assets. In the recovery plan, identify the company's assets and their values (e.g. make, model, serial number, date of purchase and purchase price). Examples of daily-used assets on the list include laptops and tablets as well as phones and scanners. Include workplace images before, during, and after emergency readiness (to show the firm is diligent in obtaining equipment in response to the warning). The company recovery effort is only the groundwork for the long-term strategy. Test the training after creating a catastrophe recovery plan. Review the strategy at least once a year to verify it is current. • Documentation: Your disaster recovery plan should include all major IT infrastructure components (hardware and software), a responsible team, and the measures followed to restore business operations. To keep up with changes in your IT infrastructure, documentation must be maintained updated. They encompass numerous disciplines and components. These components may be released or terrified, causing further loss. In the case of a calamity, all you need to do is follow a series of planned procedures. Data backup: • Every day, businesses create vast volumes of data. Malware and hacking may cause data loss, damage, or compromise. Data loss or corruption may cause major issues. In a company continuity and IT disaster recovery strategy, data backup is essential. A data backup includes creating hardware and software backups, scheduling them, and monitoring their
27 effectiveness. Lost or corrupted data due to technical failure, human mistake, hacking, or malicious software requires prompt action. • Normal test: Developing a strategy without testing it periodically requires some work. Your disaster recovery strategy will evolve as your company expands. Catastrophe recovery plans must be evaluated periodically to ensure they are kept up to date and work optimally when disaster occurs. Every year, a new risk emerges, and your strategy should address it. • Recovery time: To guarantee the essential system is restored as fast as possible, every second counts in business. The maximum time that the catastrophe must be addressed is determined an acceptable data recovery time. Because if the deadline isn't fulfilled, then there's a major issue. In addition, doing a business impact study can assist you identify critical IT infrastructure aspects. So you can plan your business's comeback. • Setting up RTOs and RPOs: Recovery objectives are recovery measures. Essentially, the RTO defines how long your company can function without one of its systems or applications. The RPO establishes how much company data may be lost without affecting operations. An ideal RTO/RPO would be 0. But for many companies, this is an unnecessary expense. The good news is that you may specify multiple RTOs and RPOs for each VM, limiting the most restrictive goals to the most essential business requirements. To prevent data loss, applications used by VM residential customers must be configured to zero objectives; programs used by VM administrative customers may suffer some data loss. Plan continuity system: A disaster recovery strategy should address your company's specific requirements. Operational, financial, supply, and communication requirements must be understood. For proposals, business continuity, and a thorough grasp of the demands and logistics, major business users should record their needs.
28 Roles of stakeholders in the organization to implement security audit recommendations • Stakeholders are those who are influenced by and influence an organization's decisions and actions. Parties to a contract are called stakeholders. A small firm's success requires the efforts of many stakeholders. It is a significant corporation's ethical obligation to assess the effect of its activities on stakeholders. Positive public view of small businesses will help to their long-term success if they are built on mutually beneficial relationships. Stakeholders are an essential part of every organization that actively or passively develops its goals. Decisions making: Commonly, high-ranking executives and outsiders who own significant shares in a firm form a board of directors. Has the ability to change the company's performance or concepts. In order to make better judgments, they may give a 360-degree picture of the organization. Identifying the issue permits the administration to think about the business's vulnerabilities and degeneration. This will assist clarify the business's difficulties and secure the business's long-term future. The issue will be better understood if all data is collected in one location. The availability of all vital data in one location will help us swiftly identify answers to our difficulties. It is also possible to design a range of alternate solutions, allowing for more choice and flexibility. This way, management may take actions to prevent fraudulent behaviors’ from occurring. • Conflict resolution and minimize errors: Stakeholders may need to intervene in commercial conflicts to prevent further escalation. A company must determine whether or not to fire a CEO who is suspected of breaking the law by engaging in unethical business activities. If the management is unable to achieve consensus, the stakeholders must vote to decide. Stakeholders should be prepared to act as mediators in any important corporate disagreements. In other words, if anything goes wrong in IT or a risk arises, the stakeholders can address the issue, take action to mitigate the risk, and ensure the business stays on track. • Idea and solution sharing: Participants in the decision-making process may assist generate solutions and ideas. Diverse viewpoints are a result of diverse stakeholder backgrounds. This enables for debate and discussion of opposing viewpoints. Demon support implies stakeholders may spread ideas beyond the original concept. • Management: Shareholders may have significant managerial roles reporting directly to the president, CEO, or CFO. Management may be responsible for recruiting, training, and advising the department of updates or changes in corporate rules and processes. • Investing:
29 Stakeholders are usually responsible for maintaining or achieving return on investment. Sometimes, investments can be made consistently over time. For example, consistently investing in stocks through one company is an example of a stakeholder that continues to increase its interest in the company. The stakeholders are responsible for reviewing the company's financial data to ensure that the business works well and they do not lose their investment. They may also be responsible for voting on certain funding provisions. • Social responsibility and environment: Stakeholders must guarantee that their decisions do not negatively harm society or the environment. It is possible that they will use other sources if they are aware of the existing resource constraints. In certain cases,board members may choose to lessenresource scarcity or employee exploitation in order to help needy countries (such as third world countries). That the public interest always comes first and takes priority over profit maximization aims is guaranteed. Suitability of the tools used in an organizational policy: Online software to train and update staff Keep your staff happy by giving them the chance to acquire and use new abilities. Employees who have the abilities and confidence to accomplish a good job are rewarded with happiness, which leads to increased workplace engagement and loyalty The advantages of online software to train and update staff are: • Work performance improvement: Good training makes employees want to go above and beyond. Employees who keep up with industry trends and learn more about safety measures perform better work more effectively. • Training perseverance: Your staff will have the same experience, prior knowledge, and core understanding if you centralise all of their training. To better understand what people want from you, make information easily available. • Steps on the effectiveness of exercise effectiveness: In order to bridge the gap between employee training and performance, you must first identify the most effective courses for your team. Analyze student data, develop reports, and get learning insights to better align monitoring tactics with company goals. Types of online software training:
30 The finest employee development programmes address staffing needs throughout the employee life cycle, including: Compliance training is designed to help employees grasp all of the laws, regulations, and policies that affect their everyday activities and responsibilities. Lifelong training keeps workers abreast of new skills and practices in their areas. Lifelong training also protects high-potential individuals and businesses by encouraging continuous employee development. New employees get onboarding training to acquaint them with their jobs and responsibilities, as well as the company's mission and culture. Induction events help staff integrate and get to work faster. Why worker training is important to the organization? Staff training retains high performers and reduces attrition. Employee safety rules reduce risks and save money. Training improves customer service and income. Employee development produces a creative workforce that produces new ideas, strategies, and products. The benefits of online software to train and update staff are: • The starting cost is lower: Buying software is optional. You also save time and money on software installation, troubleshooting, and distribution. This system appeals to small and medium-sized businesses due to its simplicity and online accessibility. Others allow firms to test free solutions before paying. • Enhanced data security: However, many companies still use social media to communicate with their clients. Regrettably, many of these sites are undefended. Course developers who share information and ideas remotely through the learning system do not have to worry about data theft or loss. Modern LMSs secure user data. They secure the site's transactions, connections, and
31 interactions. They also allow businesses to assess user demographics without compromising online transaction security. • Easier to maintain: In general, vendors of online learning management systems already have IT employees on standby to handle any interruptions and other operational issues that waste your time and resources. Also, new features and improved functionality are accessible without having to look for them or pay extra. Penetration testing Testing the IT infrastructure's security by securely exploiting vulnerabilities. Operating system flaws, service and application vulnerabilities, incorrect setup, and end-user risk behavior may all be culprits. Assessing defensive mechanisms and end-user compliance with security regulations also helps validate the evaluation. In order to avoid ocular exposures, perforation examinations are frequently done manually or automatically. With expanded credentials, testers may get access to more assets and electronic information. Types of Penetration Tests: • Comprehensive penetration test Comprehensive penetration testing service imitates attackers who want to access sensitive assets by exploiting security vulnerabilities that exist in various systems. • Application assignment test Application penetration tests your custom web apps as well as standard apps such as antivirus, embedded applications, games and other system apps. • Wireless penetration test Wireless penetration services that involve standard corporate Wi-Fi network security tests to evaluate specific wireless solutions. Why Do Penetration testing: • Security breach and service interruption are expensive. If a security breach occurs, or if any harassment occurs in connection with the performance of the service or application, the organization may suffer direct financial loss as well as reputational damage and customer loyalty, as well as negative press coverage and the imposition of significant fines and penalties.
32 • It is impossible to protect all the information, all the time. Companies have traditionally attempted to avoid infractions by implementing layers of protection such as user access control, encryption, IPS, IDS, and firewalls. It is now more difficult to identify and eradicate all organizational flaws and to guard against various forms of possible security events due to the use of new technology. • The penetration test identifies and prioritizes security risks. Analyses the organization's capacity to safeguard networks, apps, endpoints, and users against illegal access or privileges to protected assets. The advantages of penetration test: • Sincerely manage weaknesses Penetration testing provides detailed information on real-world security threats. Penetration testing may discover critical, non-critical, and false positives. So your company can better priorities recovery efforts, implement key security patches, and allocate security resources so they are available when and where they are required. • Avoid network downtime costs IT recovery operations, consumer protection and retention initiatives, legal actions, and other costs associated with recovering from a security breach may cost firms millions of dollars. • Fulfill regulatory requirements and avoid fines Organizations may use penetration tests to aid with general audits and compliance. Auditor due diligence may be shown by detailed reports generated by Penetration Testing. • Preserve corporate image and customer loyalty Every breach of customer data might be expensive, both in terms of lost revenue and damage to the company's public image. No one wants to lose the loyal customers they've fought so hard to get, and data breaches are more likely than ever to drive away potential customers in this day and age of higher client retention costs. The penetration test helps you prevent data breaches that might compromise your company's brand and client trust. The benefits of penetration test: • Detects and manages security threats: Privileged or unauthorized access to protected assets is assessed by a penetration test. After the pen test, IT management and security specialists may plan recovery measures. A full penetration test may help organizations anticipate future security dangers and prevent unauthorized access to vital information and systems.
33 • Meet the requirements of monitoring and avoiding penalties: HIPAA, SARBANES-OXLEY, and GLBA are addressed by the IT department, as are the recognized test requirements in the NIST/FISMA and PCI-DSS commands federation. A thorough report from penetration testing may help firms avoid substantial fines for non- compliance and show the auditors the appropriate security safeguards. • Remove the network downtime: A safety flaw remedy is pricey. Legal action, decreased income, reduced labour productivity, and unproductive trade affiliates may all be part of the recovery approach. The penetration test helps the firm prevent financial loss by monitoring and mitigating risks before a breach or security attack occurs. • Protect customer loyalty and company image: Even a single instance of leaked customer data may do irreparable damage to a company's reputation and have a negative influence on it. The penetration test assists enterprises in avoiding data incidents that might jeopardize the company's image and dependability. • Service interruption and security breach are expensive: Financial losses, brand harm, consumer dissatisfaction, bad news, and unanticipated fines and penalties may all result from security breaches and disruptions. Permanent payroll penetration saves money. Your company's IT infrastructure is protected by the penetration test. Your company's brand value and financial soundness must be protected proproactively. To ensure that an attacker cannot compromise your network's confidentiality, availability, or integrity, a professional should conduct a penetration test. Security audits Qualified security experts must inspect and analye your home to find places where your security isn't as strong as it should be. It is best to use security audits on commercial buildings, office buildings, and schools. Assuring that employees' property is safe helps to avoid theft and damage to property. The benefits of security audit are: • Security assessment: First, learn about your property before installing a security system. Securing your property is a security audit. So you know where vandalism, theft and other crimes are most likely to
34 occur. They inspect your property and recommend any further security measures. Security guard services may be adjusted or changed based on your property's need. • Improve your safety system: Your security system may be upgraded after you've identified high-risk regions and their shortcomings. Insuring that any unpleasant occurrence is captured on tape by installing bespoke cameras in strategic locations throughout your home. It is possible to record and examine videos afterwards, assisting in the prosecution of criminals. We will work with you to ensure you understand how to maintain your security systemso that it is always operating correctly, avoiding problems like as false alarm calls to the police, and we will work with you to guarantee your property is always safe. • Crime prevention: Some security systems, such as video cameras and alarms, can keep burglars away from your home. They can help you keep your home safe. If you want to keep troublemakers, thieves, and other criminals away from your home, you might set up the camera in a visible, open, and bright place. During a break-in, we can keep your valuables safe and make sure that any criminal acts are recorded on video. Detailed security audits can help you figure out what your home needs in terms of security. On the other hand, we may look for areas that need to be fixed, as well as places where your current security systemisn't strong enough. Then, we'll work with you to come up with a security plan that fits your needs and includes monitoring. References Cybersecurity Assessment Checklist (no date). Available at: https://www.netwrix.com/information_security_risk_assessment_checklist.html (Accessed: March 17, 2022). Common Types of Security Threats to Organizations - Cyber Threat & Security Portal (no date). Available at: https://cyberthreatportal.com/types-of-security-threats-to-organizations/ (Accessed: March 17, 2022).
35 Chapter 4-Security Management, from Safeguarding Your Technology, NCES Publication 98- 297 (National Center for Education Statistics) (no date). Available at: https://nces.ed.gov/pubs98/safetech/chapter4.asp (Accessed: March 17, 2022). Chapter 4-Security Management, from Safeguarding Your Technology, NCES Publication 98- 297 (National Center for Education Statistics) (no date). Available at: https://nces.ed.gov/pubs98/safetech/chapter4.asp (Accessed: March 17, 2022). (no date). Available at: https://oaktrust.library.tamu.edu/bitstream/handle/1969.1/195007/Module%2012%20Ope rational%20and%20Organizational%20Security.pdf?sequence=13&isAllowed=y (Accessed: March 17, 2022). Impact to it security of incorrect configuration of firewall policies… (no date). Available at: https://www.slideshare.net/usmanbutt54/impact-to-it-security-of-incorrect-configuration- of-firewall-policies-and-third-party-vp-ns (Accessed: March 17, 2022). What Is a DMZ and Why Would You Use It? | Fortinet (no date). Available at: https://www.fortinet.com/resources/cyberglossary/what-is-dmz (Accessed: March 17, 2022).
36 [Solved] Discuss possible impacts to organizational security resulting from an IT security audit. | Course Hero (no date). Available at: https://www.coursehero.com/tutors - problems/Information-Security/22324077-Discuss-possible-impacts-to-organizational- security-resulting-from-an/ (Accessed: March 17, 2022). Security Risk Management & ISO 31000 - Athena Risk (no date). Available at: https://www.athenarisk.com/security-risk-management-iso-31000/ (Accessed: March 17, 2022). Blog, risk assessment procedures. [Online] retrieved from https://blog.netwrix.com/2018/01/16/how-to- perform-it-risk-assessment/ [Accessed on 18th March2022]. Citizens information, data protection regulation. [Online] retrieved from http://www.citizensinformation.ie/en/employment/employment_rights_and_conditions/d a ta_protection_at_work/data_protection_in_the_workplace.html [Accessed on 18th March2022 ]. Technopedia, data protection process. [Online] retrieved from https://www.techopedia.com/definition/29406/data-protection [Accessed on 18th March2022]. Search data backup, data protection process. [Online] retrieved from https://searchdatabackup.techtarget.com/definition/data-protection [Accessed on 18th March2022]. Linfordo, organizational security procedures. [Online] retrieved from https://linfordco.com/blog/security-procedures/ [Accessed on 18th March2022]. Archive industry, treat the IT risk (avoidance). [Online] retrieved from https://archive.industry.gov.au/resource/Programs/LPSD/Risk-management/Riskanalysis- and-control/Pages/Treat-risks.aspx [Accessed on 18th March2022].
37 Search compliance, treat the IT risk (reduction). [Online] retrieved from https://searchcompliance.techtarget.com/definition/risk-avoidance [Accessed on 18th March2022]. Strong hold data, DRP components. [Online] retrieved from https://www.strongholddata.com/3- important-reasons-business-needs-disaster-recoveryplan/ [Accessed on 18th March2022]. Mksh, DRP components. [Online] retrieved from https://mksh.com/5-elements-of-adisaster- recovery-plan-is-your-business-prepared/ [Accessed on 18th March2022]. Polygon group, DRP components. [Online] retrieved from https://www.polygongroup.com/en-US/blog/top-5- components-of-the-best-businessdisaster-recovery-plans/ [Accessed on 18th March2022]. Ni business info, types of IT risk. [Online] retrieved from https://www.nibusinessinfo.co.uk/content/different-types-it-risk [Accessed on 18th March2022. Technopedia, static IP addresses. [Online] retrieved from https://www.techopedia.com/definition/9544/static- internet-protocol-ip-address-static-ipaddress [Accessed on 18th March2022]. Technopedia, NAT definition. [Online] retrieved from https://www.techopedia.com/definition/4028/network-address- translation-nat [Accessed on 18th March2022]. Tfe connect, disaster recovery plan component. [Online] retrieved from https://www.tfeconnect.com/3-things-disaster-recovery-plan-include/ [Accessed on 18th March2022]. Ready, DMZ implementation. [Online] retrieved from https://www.ready.gov/business/implementation/IT [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/riskacceptance [Accessed on 18th March2022]. Search compliance, how treat IT risk. [Online] retrieved from https://searchcompliance.techtarget.com/definition/risk-avoidance [Accessed on 18th March2022]. What is, what is an IT asset? how treat IT risk. [Online] retrieved from https://whatis.techtarget.com/definition/IT-asset [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/riskreduction-examples [Accessed on 18th March2022]. Omnisecu, organizational policy. [Online] retrieved from http://www.omnisecu.com/ccnasecurity/organizational-policies-procedures-standards-and- guidelines.php [Accessed on 18th March2022].
38 Policy, sample of organizational policy. [Online] retrieved from https://policy.vu.edu.au/download.php?id=287&version=1 [Accessed on 18th March2022]. Nics, router and switch procedure. [Online] retrieved from https://nics.appstate.edu/support/router-and-switch-security-procedure [Accessed 18th March2022]. Linked in, data theft. [Online] retrieved from https://www.linkedin.com/pulse/20141008131337-109191746-data-theft-legal- remedy [Accessed on 18th March2022]. Ccsinet, types of IT risk. [Online] retrieved from https://www.ccsinet.com/blog/commonsecurity-risks-workplace/ [Accessed on 18th March2022]. Meta compliance, types of IT risk. [Online] retrieved from https://www.metacompliance.com/blog/10- it-security-risks-your-employees-bring-toyour-organization/ [Accessed on 18th March2022]. Linfordco, security procedure. [Online] retrieved from https://linfordco.com/blog/security- procedures/ [Accessed on 18th March2022]. Kcl, IT regulations. [Online] retrieved from https://www.kcl.ac.uk/governancezone/assets/informationpolicies/it-regulations- 201718.pdf [Accessed on 18th March2022]. I sight, benefits of IT risk assessment. [Online] retrieved from https://isight.com/resources/benefits-of-workplace-risk-assessments/ [Accessed on 18th March2022]. Iso, ISO 31000 risk management. [Online] retrieved from https://www.iso.org/iso-31000risk- management.html [Accessed on 18th March2022]. Search security, stages in ISO 31000. [Online] retrieved from https://searchsecurity.techtarget.com/tip/The-three-stages-of-the-ISO-31000- riskmanagement-process [Accessed on 18th March2022]. Technopedia, definition of network monitoring. [Online] retrieved from https://www.techopedia.com/definition/24149/network-monitoring [Accessed on 18th March2022]. Ramsac, benefits of network monitoring. [Online] retrieved from https://www.ramsac.com/5-key-benefits-of-network-monitoring/ [Accessed on 18th March2022]. Foss bytes, trusted network vs untrusted network. [Online] retrieved from https://fossbytes.com/types-of-networks-trusted-untrusted-and-unknown-networks/ [Accessed on 18th March2022].
39 Transcosmos, IT security audit process. [Online] retrieved from http://transcosmos.co.uk/blog/it-security-audit-business-process/ [Accessed on 18th March2022]. Search compliance, introduction of ISO 31000. [Online] retrieved from https://searchcompliance.techtarget.com/feature/FAQ-An-introduction-to-the-ISO- 31000risk-management-standard [Accessed on 18th March2022]. Rutter, how to treat IT risk.[Online] retrieved from https://www.rutter-net.com/blog/5ways- to-overcome-it-security-threats [Accessed on 18th March2022]. Bh consulting, how to treat IT risk. [Online] retrieved from http://bhconsulting.ie/computer- security-threats-solutions/ [Accessed on 18th March2022]. Technopedia, definition of NAT. [Online] retrieved from https://www.techopedia.com/definition/4028/network- address-translation-nat [Accessed on 18th March2022]. Cisco, NAT explanation. [Online] retrieved from https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation- nat/26704nat-faq-00.html [Accessed on 18th March2022]. Technopedia, definition of DMZ. [Online] retrieved from https://www.techopedia.com/definition/10266/demilitarized-zone-dmz [Accessed on 18th March2022]. Technopedia, definition of IP address. [Online] retrieved from https://www.techopedia.com/definition/2435/internet-protocol-address-ip-address [Accessed on 18th March2022]. IP location. Static vs dynamic address. [Online] retrieved from https://www.iplocation.net/static-vs-dynamic-ip-address [Accessed on 18th March2022]. Quora, definitions of untrusted network and trusted network. [Online] retrieved from https://www.quora.com/What-are-the-definitions-of-an-untrusted-network-and-a- trustednetwork [Accessed on 18th March2022]. Tech talk, network monitoring solutions. [Online] retrieved from https://techtalk.gfi.com/top-10-reasons-network-monitoring-solutions/ [Accessed on 18th March2022]. Study, trusted network explanation. [Online] retrieved from https://study.com/academy/lesson/trusted-network- solutions-environmenttechnologies.html [Accessed on 18th March2022]. Hart, policies. [Online] retrieved from https://www.hart.gov.uk/sites/default/files/4_The_Council/Policies_and_published_docu
40 ments/Corporate_policies/Office%20Security%20Policy%20and%20Procedure.pdf [Accessed on 18th March2022]. Blog, how to perform IT risk assessment. [Online] retrieved from https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ [Accessed on 18th March2022]. Firemon, incorrect firewall configuration. [Online] retrieved from https://www.firemon.com/misconfigurations-firewalls-greatest-threat/ [Accessed on 18th March2022]. Uni assignment, types of IT risk. [Online] retrieved from https://www.uniassignment.com/essay-samples/information-technology/types-of- securityrisks-to-an-organization-information-technology-essay.php [Accessed on 18th March2022]. Kodu, security policy. [Online] retrieved from http://kodu.ut.ee/~mroos/turve/turvapoliitika/secpolicy.html [Accessed on 18th March2022]. Get kisi, security policy. [Online] retrieved from https://www.getkisi.com/guides/workplace-security-policy [Accessed on 18th March2022]. Condor security, benefits of security audit. [Online] retrieved from https://www.condorsecurity.ca/security-audit/6-benefits-getting-security-audit/ [Accessed on 18th March2022]. Core security, tool used in organizational policy. [Online] retrieved from https://www.coresecurity.com/penetration-testing [Accessed on 18th March2022]. Blog, benefits of stable IT infrastructure. [Online] retrieved from https://blog.netapp.com/blogs/the-benefits-of-a-stable-it-infrastructure/amp/ [Accessed on 18th March2022]. Mind tree, efficiency in IT infrastructure. [Online] retrieved from https://www.mindtree.com/sites/default/files/2017-10/146_mindtree-success-storiesefficient- it-infrastructure-management-to-go-beyond-business-as-usual.pdf [Accessed on 18th March2022]. Course hero, importance of aligning security policies. [Online] retrieved from https://www.coursehero.com/file/p7i5m7e/What-is-the-importance-of-aligning- securitypolicies-controls-and-procedures/ [Accessed on 18th March2022]. The bay net, importance of IT audit. [Online] retrieved from http://www.thebaynet.com/articles/0215/importance-of-it-security-audit.html [Accessed on 18th March2022].
41 Avalution, ISO 31000. [Online]retrieved from https://avalution.com/the-basics-of-iso31000-risk- management/ [Accessed on 18th March2022]. IT still works, benefits of using firewall. [Online] retrieved from https://itstillworks.com/benefits- firewall-security-3806.html [Accessed on 18th March2022]. Tech sling, types and benefits of using firewall. [Online] retrieved from https://www.techsling.com/2012/01/types-and-benefits-of-firewall-protection/ [Accessed on 18th March2022]. IT still works, benefits of using firewall. [Online] retrieved from https://itstillworks.com/12758825/what-are-the-benefits-of-using-firewalls [Accessed on 18th March2022]. Techwalla, advantages vs disadvantage of static ip addresses. [Online] retrieved from https://www.techwalla.com/articles/the-advantages-disadvantages-to-a-static-ip-address [Accessed on 18th March2022]. https://bkmsh.com/advantages-of-an-it-audit/ [Accessed on 1st March 2019]. IT governance, regulations. [Online] retrieved from https://www.itgovernance.co.uk/standards [Accessed on 18th March2022]. Cheeky munkey, IT infrastructure. [Online] retrieved from https://cheekymunkey.co.uk/itinfrastructure-services/ [Accessed on 18th March2022]. Cheeky munkey, what is an IT auditing. [Online] retrieved from https://cheekymunkey.co.uk/what-is-an-it-security-audit/ [Accessed on 18th March2022]. Cheeky munkey, how to secure IT system. [Online] retrieved from https://cheekymunkey.co.uk/securing-your-it-system/ [Accessed on 318th March2022]. Trilogy technologies, benefits of IT infrastructure monitoring. [Online] retrieved from https://trilogytechnologies.com/5-benefits-of-effective-infrastructure-monitoring/ [Accessedon 18th March2022]. Help net security, benefits of IT auditing. [Online] retrieved from https://www.helpnetsecurity.com/2015/03/27/the-multiple-benefits-of-it-auditing/ [Accessed on 18th March2022]. Spamlaws, what is DMZ and how its work. [Online] retrieved from https://www.spamlaws.com/how-dmz-works.html [Accessed on 18th March2022]. Fed tech magazine, what is DMZ and how its work. [Online] retrieved from https://fedtechmagazine.com/article/2017/07/what-dmz-network-and-how-can-itimprove- your-security [Accessed on 18th March2022]. Demon, static ip addresses explanation. [Online] retrieved from https://demon.net/blog/why-is- a-static-ip-address-better/ [Accessed on 18th March2022].
42 Life wire, static ip addresses explanation. [Online] retrieved from https://www.lifewire.com/using-static-ip-address-on-private-computer-818404 [Accessed on 18th March2022]. Quora, advantages vs disadvantage of static ip addresses. [Online] retrieved from https://www.quora.com/What-are-the-advantages-of-a-static-IP-and-what-are- itsdisadvantages [Accessed on 18th March2022]. Learn abhi, NAT explanation. [Online] retrieved from http://www.learnabhi.com/natnetwork- address-translation/ [Accessed on 18th March2022]. Search networking, impact of third-party incorrect configuration. [Online] retrieved from https://searchnetworking.techtarget.com/answer/How-can-incorrectly-configuring-VPNclients- lead-to-a-security-breach [Accessed on 18th March2022]. Blog, how to perform risk assessment procedure. [Online] retrieved from https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/itinfrastructure [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/riskcontrol[Accessed on 18th March2022. [Online] retrieved from https://smallbusiness.chron.com/procedures-steps-network- security-2147.html [Accessed on 18th March2022]. Cloud google, impact of incorrect configuration of firewall policy. [Online] retrieved from https://cloud.google.com/security/data-loss-prevention/preventing-data-exfiltration [Accessed on 18th March2022]. Trusted network, firewall explanation for the trusted network. [Online] retrieved from http://trustednetworksolutions.com/network-security-overview/firewalls/ [Accessed on 18th March2022 Force point, firewall. [Online] retrieved from https://www.forcepoint.com/cyberedu/firewall [Accessed on 18th March2022]. Reference for business, role of stakeholders. [Online] retrieved from https://www.referenceforbusiness.com/management/Sc-Str/Stakeholders.html [Accessed on 18th March2022]. Business dictionary, role of stakeholders. [Online] retrieved from http://www.businessdictionary.com/article/601/the-role-of-stakeholders-in-your-business/ [Accessed on 18th March2022]. Jaxa auditor, role of stakeholders. [Online] retrieved from https://www.jaxaauditors.com/blog/how-does-audit-help-in-decision-making [Accessed on 18th March2022].
43 Academia, role of stakeholders. [Online] retrieved from https://www.academia.edu/8971546/MEMAHAMI_PERAN_AUDITING_DALAM_OR GANISASI [Accessed on 18th March2022]. Talentlms, tool used in organizational policy. [Online] retrieved from https://www.talentlms.com/solutions/employee-training-software [Accessed on 18th March2022]. Finances online, tool used in organizational policy. [Online] retrieved from [Onlinehttps://financesonline.com/benefits-using-online-learning-management-system/ [Accessed on 18th March2022]. Ip3, tool used in organizational policy. [Online] retrieved from https://lp3.com/tips/5benefits-of- penetration-testing/ [Accessed on 18th March2022]. Biz fluent, role of stakeholders. [Online] retrieved from https://bizfluent.com/info8154298-role- stakeholders-business.html[Accessed on 18th March2022]. Small business, role of stakeholders. [Online] retrieved from https://smallbusiness.chron.com/roles-stakeholders- planning-process32051.html[Accessed on 18th March2022]. Blog, impact of misalignment organizational policy. [Online] retrieved from https://blog.hrps.org/blogpost/9-Signs-Your-Organization-Is-Misaligned[Accessed on 18th March2022]. Computer weekly, how to align the IT security with organizational policy. [Online] retrieved from https://www.computerweekly.com/opinion/Seven-ways-to-align-securitywith-the-business [Accessed on 18th March2022]. IT stillworks, firewallbreach. [Online]retrieved from https://itstillworks.com/tellfirewall-breach- 12210516.html [Accessed on 18th March2022]. Info security, firewall breach. [Online] retrieved from https://www.infosecuritymagazine.com/opinions/to-err-is-human-to-automate-divine/ [Accessed on 18th March2022]. Technopedia, definition of firewall breach. [Online] retrieved from https://www.techopedia.com/definition/29060/security-breach [Accessed on 18th March2022]. Dflabs, how to align the IT security with organizational policy. [Online] retrieved from https://www.dflabs.com/blog/alignment-between-cyber-security-and-it-servicemanagement- processes/ [Accessed on 18th March2022].

Recommended

Information security policy
Information security policyInformation security policy
Information security policyBalachanderThilakar1
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage PreventionIRJET Journal
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Azstec cyber-security-workbook
Azstec cyber-security-workbookAzstec cyber-security-workbook
Azstec cyber-security-workbookYulia Dianova
 
Mis 1
Mis 1Mis 1
Mis 1Rohit Garg
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
AXENT-Everything-IDS
AXENT-Everything-IDSAXENT-Everything-IDS
AXENT-Everything-IDSCondition Zebra (CONZebra)
 
Computer security
Computer securityComputer security
Computer securityINGAMULE SIRAJI
 

Recommended

Information security policy
Information security policyInformation security policy
Information security policyBalachanderThilakar1
 
Strategies for Data Leakage Prevention
Strategies for Data Leakage PreventionStrategies for Data Leakage Prevention
Strategies for Data Leakage PreventionIRJET Journal
 
IT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsIT Audit - Shadow IT Systems
IT Audit - Shadow IT SystemsDam Frank
 
Azstec cyber-security-workbook
Azstec cyber-security-workbookAzstec cyber-security-workbook
Azstec cyber-security-workbookYulia Dianova
 
Mis 1
Mis 1Mis 1
Mis 1Rohit Garg
 
The 15 best cloud security practices
The 15 best cloud security practices The 15 best cloud security practices
The 15 best cloud security practices Cloudride LTD
 
AXENT-Everything-IDS
AXENT-Everything-IDSAXENT-Everything-IDS
AXENT-Everything-IDSCondition Zebra (CONZebra)
 
Computer security
Computer securityComputer security
Computer securityINGAMULE SIRAJI
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
University Security Policy and Usage Document
University Security Policy and Usage DocumentUniversity Security Policy and Usage Document
University Security Policy and Usage DocumentRyan Hughes
 
code of conduct
code of conductcode of conduct
code of conductDavid Waddell
 
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNPOLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNLuis Antonio Bustillos López
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Cyber security
Cyber securityCyber security
Cyber securityShaibal Ahmed
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Information security for health practitioners
Information security for health practitionersInformation security for health practitioners
Information security for health practitionersDanny Doobay
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in HealthcareQuick Heal Technologies Ltd.
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of CompromiseSecurityMetrics
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security Ioannis Aligizakis, M.Sc.
 
Information security
Information securityInformation security
Information securityfestus mwangi
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
 
In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 

More Related Content

What's hot

Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applicationsijtsrd
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesKristin Helgeson
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemCheapSSLsecurity
 
University Security Policy and Usage Document
University Security Policy and Usage DocumentUniversity Security Policy and Usage Document
University Security Policy and Usage DocumentRyan Hughes
 
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNPOLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNLuis Antonio Bustillos López
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET Journal
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Mohammed Jaseem Tp
 
Information security for health practitioners
Information security for health practitionersInformation security for health practitioners
Information security for health practitionersDanny Doobay
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays worldSibghatullah Khattak
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineeringSweta Kumari Barnwal
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITYAhmed Moussa
 
Information security
Information securityInformation security
Information securityfestus mwangi
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...FireEye, Inc.
 

What's hot (20)

Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
Honeypot Methods and Applications
Honeypot Methods and ApplicationsHoneypot Methods and Applications
Honeypot Methods and Applications
 
Designing Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree ModelingDesigning Security Assessment of Client Server System using Attack Tree Modeling
Designing Security Assessment of Client Server System using Attack Tree Modeling
 
GBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headachesGBS - 8 ways to knockout network headaches
GBS - 8 ways to knockout network headaches
 
Healthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend ThemHealthcare IT Security Threats & Ways to Defend Them
Healthcare IT Security Threats & Ways to Defend Them
 
University Security Policy and Usage Document
University Security Policy and Usage DocumentUniversity Security Policy and Usage Document
University Security Policy and Usage Document
 
code of conduct
code of conductcode of conduct
code of conduct
 
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓNPOLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
POLITICA DE USO ACEPTABLE DE ACTIVOS DE INFORMACIÓN
 
IRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical HackingIRJET- Study of Hacking and Ethical Hacking
IRJET- Study of Hacking and Ethical Hacking
 
Cyber security
Cyber securityCyber security
Cyber security
 
Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !Type of Malware and its different analysis and its types !
Type of Malware and its different analysis and its types !
 
Information security for health practitioners
Information security for health practitionersInformation security for health practitioners
Information security for health practitioners
 
Information security in todays world
Information security in todays worldInformation security in todays world
Information security in todays world
 
Data Security in Healthcare
Data Security in HealthcareData Security in Healthcare
Data Security in Healthcare
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
Ethical hacking and social engineering
Ethical hacking and social engineeringEthical hacking and social engineering
Ethical hacking and social engineering
 
INFORMATION SECURITY
INFORMATION SECURITYINFORMATION SECURITY
INFORMATION SECURITY
 
2016 Trends in Security
2016 Trends in Security 2016 Trends in Security
2016 Trends in Security
 
Information security
Information securityInformation security
Information security
 
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
[Industry Intelligence Brief] Cyber Threats to the Legal and Professional Ser...
 

Similar to COMPUTER SYSTEM SECURITY.docx

In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfanandanand521251
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkClearnetwork
 
Student NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxStudent NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxdeanmtaylor1545
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsMuhammadRobeel3
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacyeiramespi07
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxedgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxfathwaitewalter
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudNordic Backup
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and youArt Ocain
 
Malware removal tutorial
Malware removal tutorialMalware removal tutorial
Malware removal tutorialHarikaReddy115
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security ChecklistMobeen Khan
 
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inCYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inOllieShoresna
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyJan Wong
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1tafinley
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemAffine Analytics
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplaceSameerShaik43
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsAaron ND Sawmadal
 

Similar to COMPUTER SYSTEM SECURITY.docx (20)

In computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdfIn computer security, a vulnerability is a weakness which allows an .pdf
In computer security, a vulnerability is a weakness which allows an .pdf
 
Cybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by ClearnetworkCybersecurity: A Manufacturers Guide by Clearnetwork
Cybersecurity: A Manufacturers Guide by Clearnetwork
 
Student NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docxStudent NameCYB110Playbook Runbook Parts 1-3S.docx
Student NameCYB110Playbook Runbook Parts 1-3S.docx
 
Ch # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guardsCh # 10 computer security risks and safe guards
Ch # 10 computer security risks and safe guards
 
Computer security and privacy
Computer security and privacyComputer security and privacy
Computer security and privacy
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
How to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the CloudHow to Bulletproof Your Data Defenses Locally & In the Cloud
How to Bulletproof Your Data Defenses Locally & In the Cloud
 
Internet safety and you
Internet safety and youInternet safety and you
Internet safety and you
 
Malware removal tutorial
Malware removal tutorialMalware removal tutorial
Malware removal tutorial
 
SMB Network Security Checklist
SMB Network Security Checklist SMB Network Security Checklist
SMB Network Security Checklist
 
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief inCYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
CYBER SECURITY PRIMERCYBER SECURITY PRIMERA brief in
 
IS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and PrivacyIS L07 - Security, Ethics and Privacy
IS L07 - Security, Ethics and Privacy
 
Whitelist Tutorial 1
Whitelist Tutorial 1Whitelist Tutorial 1
Whitelist Tutorial 1
 
End-User Security Awareness
End-User Security AwarenessEnd-User Security Awareness
End-User Security Awareness
 
security By ZAK
security By ZAKsecurity By ZAK
security By ZAK
 
Deep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection systemDeep Learning based Threat / Intrusion detection system
Deep Learning based Threat / Intrusion detection system
 
5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace5 ways to strengthen cybersecurity in the workplace
5 ways to strengthen cybersecurity in the workplace
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft WindowsInvestigation of CryptoLocker Ransomware Trojans - Microsoft Windows
Investigation of CryptoLocker Ransomware Trojans - Microsoft Windows
 

Recently uploaded

(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordAsst.prof M.Gokilavani
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxupamatechverse
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Suman Mia
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVRajaP95
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSSIVASHANKAR N
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Call Girls in Nagpur High Profile
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130Suhani Kapoor
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxupamatechverse
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur High Profile
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCall Girls in Nagpur High Profile
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...ranjana rawat
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSKurinjimalarL3
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )Tsuyoshi Horigome
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxAsutosh Ranjan
 

Recently uploaded (20)

(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANJALI) Dange Chowk Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service NashikCall Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
Call Girls Service Nashik Vaishnavi 7001305949 Independent Escort Service Nashik
 
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur EscortsCall Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
Call Girls in Nagpur Suman Call 7001035870 Meet With Nagpur Escorts
 
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete RecordCCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
 
Introduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptxIntroduction and different types of Ethernet.pptx
Introduction and different types of Ethernet.pptx
 
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
Software Development Life Cycle By Team Orange (Dept. of Pharmacy)
 
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IVHARMONY IN THE NATURE AND EXISTENCE - Unit-IV
HARMONY IN THE NATURE AND EXISTENCE - Unit-IV
 
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLSMANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
MANUFACTURING PROCESS-II UNIT-5 NC MACHINE TOOLS
 
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
Booking open Available Pune Call Girls Koregaon Park 6297143586 Call Hot Ind...
 
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
VIP Call Girls Service Kondapur Hyderabad Call +91-8250192130
 
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur EscortsHigh Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
High Profile Call Girls Nagpur Meera Call 7001035870 Meet With Nagpur Escorts
 
Introduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptxIntroduction to IEEE STANDARDS and its different types.pptx
Introduction to IEEE STANDARDS and its different types.pptx
 
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Tanvi Call 7001035870 Meet With Nagpur Escorts
 
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service NashikCollege Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
College Call Girls Nashik Nehal 7001305949 Independent Escort Service Nashik
 
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(PRIYA) Rajgurunagar Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
(SHREYA) Chakan Call Girls Just Call 7001035870 [ Cash on Delivery ] Pune Esc...
 
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICSAPPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
APPLICATIONS-AC/DC DRIVES-OPERATING CHARACTERISTICS
 
SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )SPICE PARK APR2024 ( 6,793 SPICE Models )
SPICE PARK APR2024 ( 6,793 SPICE Models )
 
Coefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptxCoefficient of Thermal Expansion and their Importance.pptx
Coefficient of Thermal Expansion and their Importance.pptx
 
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINEDJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
DJARUM4D - SLOT GACOR ONLINE | SLOT DEMO ONLINE
 

COMPUTER SYSTEM SECURITY.docx

  • 1. 1 Contents INTRODUCTION.......................................................................................................................................2 ASSESSRISKSTO IT SECURITY..................................................................................................2 IDENTIFYTYPES OFSECURITY RISKSTO ORGANISATIONS........................................2 METHOD TO ASSESSANDTREAT IT SECURITY RISKS............................4 ORGANIZATIONALSECURITYPROCEDURES...............5 IT SECURITY SOLUTIONS.........................................................................................7 Potential impacttoIT securityof incorrectconfigurationof firewall policiesand Third-party VPNs...................................................................................................................................7 ImplementingaDMZ, staticIP andNAT ina network Can improve network security.............................................................................................................10 THREE BENEFITSTO IMPLEMENT NETWORK MONITORINGSYSTEMS WITH SUPPORTIG REASONS........................................................................................................13 MECHANISMS TO CONTROLORGANIZATIONALITSECURITY........................14 RISKASSESSMENT PROCEDURES......................................................................14 DATA PROTECTION PROCESSESAND REGULATIONSAS APPLICABLE TO AN ORGANIZATION..................................................................................................................17 THE ISO31000 RISKMANAGEMENT METHODOLOGY AND ITS APPLICATION IN ITSECURITY....................................................................................................18 POSSIBLEIMPACTSTO ORGANIZATIONALSECURITYRESULITNG FROM AN IT SECURITY AUDIT.................................................................................................................19
  • 2. 2 INTRODUCTION As the globe evolves, more connected via the internet, more businesses are revealing part of their system data to the public. As a result, it is critical to understand what data of the organization is being exposed to the public and who is accessing thatdata. While workers nowadaysareableto connect and sharedata basically from any location, this also necessitates the need for them to ensurethat the communication is safe. The security of an organization's data is very crucial. ASSESS RISKS TO IT SECURITY ORGANISATIONS'SECURITY RISKS The following are the most common sorts of security risks that may or may hurt your business: • HACKERS • VIRUSES • SPYWARE • ADWARE • WORMS • SPAM • TROJAN HORSE • ROOTKITS 1- Hackers- They are those who research ways to infiltrate a computer system or an entire network of computers. Mosthackers targetbusinesses in order to get
  • 3. 3 financialgain. Inorderto protectyourorganization'sdata,youmustmaintain a high level of alertness at all times. The prevention of hackers from assaulting enterprises requires caution and the implementation of a security strategy, which should include file sharing and data management, both of which should be safeguarded. To keep hackers out of the organization's resources, itis essential that they be protected. 2- Virus- This is a little softwarepackagethat is designed to causeharmto a computer or the files stored on a computer. This programme creates itself and also operates within the computer or its files at the sametime. Viruses may grab information away from the computer, duplicate the information, or destroy the information fromthe computer, and this can posea significantdanger to companies. 3- Spyware- Additionally, this is a piece of softwarethat grabs or even is responsiblefor monitoring data or information from servers; this may occur over the internet without the need of a special programme the involvement of specific employees. Ifspywareis puton a device used by an organization,the individual who installed it may monitor any activity on that device. 4- Adware- The term refers to when pop-ups appear on your computer, for example, advertisements. Many workersin businessesmakethemistakeof clicking on or downloading adware, which allows the company to gather information without anyone's knowledge.
  • 4. 4 5- Worms- The term "worm" refers to software that is installed in a network or that arrives squirming. Worms are distributed in order to self-replicate fromone computer to another; worms do not need the involvement of the user in order to propagate. This programme generates a large number of worms in a very short period of time. Worms may cause performance issues on your network as well as the introduction of harmful assaults into the organization's computer network. 6- Spam- A spam is a message that doesn't make sense and is sent to a lot of people who usethe internet. They can be illegal ads or spread malware. This usually comes in the formof emails that haveharmfullinks in them, which can make the mailserversofthe organizationveryfull. Thiscan also spreadmorespam. In the servers of the company 7- Trojan horse- To put it another way, Trojan horses aremalicious softwarethat is disguised as legitimate software. The Trojan horse is typically installed on a user's computer by cyber thieves or hackers in order for them to gain access to the organization'suser'ssystems.Oncea Trojan horseis executed and activated, it can be used to spy on the users, stealimportant information, or even gain access to backup data on the system. 8- Rootkits- A rootkit is a programme (or, more often, a set of programmes) that allows remote access and control of a computer or other system. There are many
  • 5. 5 different forms of rootkits that may be installed. When a rootkit is installed, it provides the user access to the operating systemand has complete control over it. METHOD TO ASSESS AND TREAT IT SECURITY RISKS Methods for evaluating information technology security risks Identify and arranging the belongings Among these assets are servers, client data, as well as the organization's most important and sensitive information and data. As a result, in this case, you will need to compile a list of all of the organization's highly sensitive assets. The following are really crucial for each and every belonging: • Software • Hardware • Data • Interface • Network topology Identify the threats- threats are anything that can harm the organizations or disrupt its security protocols. In today's environment, there are several tools for password cracking; some workers attach their login information on sticky notes on their monitors, which causes employees to communicate their login information with one another. While the changes required to accomplish this are costly, for example, installing fingerprint scanners in an organization can cost up to $200 per station. While not all departments require fingerprint scanners, some departments that handle sensitive information, such as the accounting department, may benefit from having them installed. Even if you implement multiple authentication methods in the organization, such as smart card readers, finger print readers, and so on. When a person steps away from their workstations, it is possible for someone else to make transactions or do something in their name instead of their own.
  • 6. 6 P2- DESCRIBE EXAMINATIONS ORGANIZATIONALSECURITY PROCEDURES These precise instructions are laid out step by step and illustrate how to implement security measures in accordance with the organization's policy. Security procedures are also known as security policies. In order to ensure that the security control is implemented reliably, these processes must be followed exactly as described. When there is a business-related security process in place, these processes must be followed at all times. The Common Procedures Everyone who works for the organisation should be provided with their own identification card, which should be documented in the organization's system. In the event that an employee is intended to join the organisation, a security guard should verify to see whether the workers match the organization's records by looking at their names, pictures, and identity numbers, among other things. The individual should only be permitted if their data matches that of the organization's records and if their visage matches that of their identification images. If a virus has been found in a network or if a virus is soon to be detected, Information Technology may decide to disconnect the organization's network from the internet if no further protection is provided by the equipment in question. Furthermore, if a portion of the network is contaminated with a virus, the IT system isolates both the virus-infested portion of the network and the virus-free portion of the network. Devices such as computers, phones, and other electronic devices that are infected with a virus will be unplugged from the organization's network if this occurs. Because of this, the device that was infected with the virus should be cleansed and properly examined to ensure that there is no further risk of infection, and the equipment should be checked by a professional technician before it is reconnected to the organization's network. The organisation should install anti-virus software on the device to prevent the infection from re-entering the device. If a file becomes infected, it should be thoroughly cleaned; if it cannot be cleaned and has been backed up, the infected file should be removed completely and the backed up file restored; if there is no backup and the file cannot be cleaned, the file should be removed from the network immediately. If there is no backup and the file cannot be cleaned, the file should be removed from the network immediately. Laptops, PCs, and other electronic devices belonging to the company should not be left unattended for the sake of their security. Individuals utilising the devices should be held accountable for the devices they are provided by the organisation, and all cash should be
  • 7. 7 stored in a vault protected by lock and key at the organization's office, with the key retained with the right staff. Any theft that occurs should be reported as soon as possible to the appropriate person, if possible to the authorities. Employees should be provided with a multi-layered security method, each employee should have a powerful firewall that protects their internet connection, and the organization's server should be protected by powerful antivirus software. On the other hand, let us say Email filters should be installed on all company servers, and these filters should check all emails that have been sent to the organisation, as well as any harmful attachments in the email. If a pop-up window indicates that the email contains harmful viruses or other harmful content, the employee should not be allowed to open the email. Employee protocols should be rigorously adhered to, and no employee should be permitted to leave the office after hours unless they have received permission from their managers. Employees who are required to work longer hours should speak with the building's administration about the possibility of having their automobiles or other vehicles stored until their duty is completed. IT SECURITY SOLUTIONS The possible effect on IT security of incorrectly configured firewall settings and third-party VPNs What is a firewall? To begin with, a firewall is a form of security technology that may be used to filter certain types of traffic that travels across a network such as the internet, such as email. This device further examines everything that comes into and leaves the network and makes a decision on whether to allow the item in question or to prevent it from coming into or leaving the network altogether. In addition to software and hardware, firewalls may also be accessed over the cloud. What are firewall policies? Network traffic that should enter and depart the network should be managed according to the firewall rules of a company. It also contains information on the settings that should be enabled and deactivated in a certain policy.
  • 8. 8 The impacts of incorrect configuration Firewalls that are set improperly not only pose a hazard to the business, but they also pose a threat to the individuals who use the network on behalf of the firm. If a firewall is penetrated, it indicates that either the relevant logs are missing or that the company's assessment will take a lengthy time. Firewalls are critical components of a company's security architecture, and they must be installed correctly and at the appropriate time. What are the leads to a security breach? A breach is defined as an occurrence that demonstrates illegal access to networks and services inside a network. This occurs as a result of gaining access to the network by breaching the company's security. A security breach occurs when an unauthorised piece of software, or even an application, gains access to an information technology system without authorization. Breach investigations are constantly monitored in many firms, and they are minimised by the use of software or firewalls.Ifa security breach happens and is noticed in the company, a firewallwould notify the network administrator; as a result, if there is no firewall in the organisation, a hacker may easily get access to the organization's computer system. The loss of the performance It is possible to have issues with firewalls even if they are present on the network if the settings are difficult to understand. A decrease in network speed may ensue, and the firewall may be unable to provide complete protection in this situation.. It is not recommended to allow for a dynamic change in a configuration that has been in place for some time since it may result in a loss of performance and hence a reduction in security. Testing and verifying are two approaches for detecting misconfigurations.
  • 9. 9 What is a VPN? VPNs (virtual private networks) are a kind of network that enables users to securely connect to another network via the internet. A virtual private network (VPN) may also be used to access websites that are blocked to certain geographical areas. Impacts in third party VPNs for wrong configuration VPNs are becoming more safe in today's world. However, although IPsec is the most secure VPN available, SSL VPNs have several difficulties to overcome, especially when using web browsers. The web browser that is used in conjunction with the SSL VPN is the most important component of the VPN network. Because web browsers make security claims, there is a risk of security breaches occurring when using them. Back to IPsec VPNs: they are divided into two parts: the VPN client and the VPN gateway, which are both connected to the same network. Suppose a client is using the AES128 encryption method and then switches to the DES encryption algorithm. This would result in a significant drop in security since the DES algorithm has a very low encryption strength and also has the disadvantage of being relatively simple to hack. How misconfiguration of VPN can be avoided VPN misconfiguration may be prevented by sharing a preconfigured VPN customer with a locked- down configuration, which reduces the likelihood of mistakes. Access will not be granted to anybody who is not permitted, in other words, it willprohibit any modifications from being made. It also gives the network administrator/s the ability to make changes to the VPN's settings. A management systemshould be implemented so that the controlling systemcan ensure that only legitimatesettings are accepted and then sent to VPN users,hence avoiding any misconfiguration with the VPN users. By incorporating a DMZ, static IP addresses, and NAT into a network, network security may be enhanced. DMZ-
  • 10. 10 A DMZ (also known as a Demilitarized Zone) is a computer security term that refers to a subnetwork that is used to provide a service to an organization's customers. Fundamentally, it serves as an open gateway to a network that is not trusted, which is often the internet. In the example above, two firewalls are used to create a DMZ. As indicated above, the DMZ network drives the two firewalls in this case.The perimieter wallis the first of two firewalls,while the internal wall is the second. In the DMZ, the perimeter firewall is set to let outside traffic through to the DMZ alone. In order for traffic from the DMZ to be able to travel into the internal network, the internal firewall must be set in a certain manner. The fact that two devices must work together before any attacker can get access to the network is well recognised as a safe practise. How implementing a DMZ would improve the security of a network A DMZ is a network segment that is used to offer an additional layer of protection to an organization's network. The DMZ provides additional protection by detecting security breaches before they reach the internal network where valuable files are stored. For example, if there are two servers; an application server and a database server, a connection should be established to the DMZ with the application server and the firewall, with the database server being the most secure behind the DMZ, as the application server is used by users but the database server is used by the database server. As a result, the DMZ provides a distinct edge.
  • 11. 11 Static IP address- In order to avoid having an IP address provided by a DHCP server, a static IP address may be established manually in a device. This IP address is referred to as a static IP address since it will not change over time, while a dynamic IP address will change. It is possible to set static IP addresses for devices such as routers, desktops, laptops, phones, and other devices that need an IP address. This is often accomplished via the use of an IP address, which may be provided by a router, or by manually entering the address into a web browser. An example of a static IP address is shown in the figure below. How implementing the Static IP address can improve the networks security By assigning a static IP address to the firm, the network of the company receives an additional layer of protection against any security concerns that may arise in the network. It is simple to maintain and to supply a static address when using a static IP address. It becomes easy for network administrators to monitor any internet activity and also provide access to any certain users at certain periods. The use of a static IP address provides enough protection against any security issues that may arise from the use of dynamic IP addresses. What is NAT (Network Address Translate)? This is a process where a network device gives an address but a public address to a PC in a network. The use of NAT is used to limit the number of public addresses.
  • 12. 12 Types of NAT • Static NAT- This is one IP address linked to another IP address.A private IP address is effectivelymade public. This NAT hosts websites. • Post address translation- This approach may convert several local (private) IP addresses to a single public IP address. Port numbers indicate which traffic belongs to which IP address. • Dynamic NAT- This kind of NAT maps private IP addresses to a pool of public IP addresses. How implementing a NAT can improve the network security Network Address Translation (NAT) increases security by allowing IP addresses to be reused. This router transforms traffic entering and departing the private network to and from the Internet. This point is shown in the graphic below.
  • 13. 13 THREE BENEFITS TO IMPLEMENT NETWORK MONITORING SYSTEMS WITH SUPPORTIG REASONS What is network monitoring? Network monitoring is the use of a system that continually monitors a computer network for problems and alerts the network administrator through email, phone call, SMS, or other means. Network monitoring is vital to every firm. Its main job is to monitor the company's computer network and how it is utilized. It also checks for systemfailures or poor performance. Three Benefits of network monitoring systems • Fixing problems faster – The use of network monitoring software may make troubleshooting difficulties much simpler. Whether you're dealing with a configuration mistake or a traffic surge, network monitoring software can assist you in resolving issues once and for all. Live network maps assist the user in locating the cause of problems, while status displays offer performance metrics throughout the course of time. • Saves money- • Network monitoring can save you both time and money in the long run. It would be necessary to spend a significant amount of time testing if this were not the case. Not only would it be more expensive in terms of labour due to the testing, but it would also have a negative impact on productivity. If you are able to quickly identify and resolve network difficulties, you will be able to enhance your revenue. When things move more smoothly, it gives you more time to handle your company, which is beneficial.When you understand how all of your devices are employed to achieve speedy and effective expansion in capacity, you can determine how much more disc space is required. • Equipment upgrades-
  • 14. 14 Convincing the vast majority of executives that a server needs to be upgraded is insufficient. However, it is much more difficult to provide historical information regarding the functioning of this gadget over the course of the past year or so. Using network monitoring technologies, you may get a historical picture of how devices have behaved over time. Trend analysis allows you to determine if your current technology is capableof meeting your company's needs or whether you need to invest in new equipment. MECHANISMS TO CONTROL ORGANIZATIONAL IT SECURITY RISK ASSESSMENT PROCEDURES Risk assessment This is the process of identifying hazards and dangers that might affect the organization and determining the best measures to prevent them from entering. The goal of this process is to ensure that consistent methods of dealing with the use of risk evaluation methodologies are applied across all administrations within the Trust. Creating and maintaining a threat consciousness culture inside the organisation, which is reflected in both business planning and the activities assigned to leaders, is another priority. Promote risk-aware associations via hazard assessment and proactive risk management across all levels of government, and make training and assistance available to representatives who are responsible for hazard evaluations, among other things. How to assess risks in a work place 1- If you are a small business owner who is confident in your ability to understand the job, you may do the evaluation yourself. You may enlist the assistance of a conscientious employee, security agent, or health and safety official if your organization is larger. When in doubt, seek advicefrom someone who knows what they are talking about. But it is your responsibility to ensure that everything is completed properly. If you are doing the appraisal yourself, stroll around your working environment and take a gander at what could sensibly be required to cause hurt. Ignore the trivial and concentrate just on major threats that might do actual harm or interfere with IT gear. Inquire with your employees
  • 15. 15 or their agents about their thoughts. They could have observed things that aren't immediately obvious. Datasheet instructions from manufacturers may also assist you in identifying risks and putting opportunities into context. 2- 2- Even after all insurances have been taken out, there is still a risk of anything going wrong. What you must decide for each important hazard is if the extra risk is high, medium, or low in relation to the critical hazard. To begin, determine whether or not you have completed each and every one of the tasks that the law requires you to do. For example, there are legal requirements for avoiding entry to potentially dangerous items of hardware or equipment. At that point, inquire as to whether or not generally recognised industry guidelines have been established. Your primary goal is to reduce the severity of all risks by increasing your insurance coverage if necessary. 3- If you discover that something should be done, ask yourself. • Can I dispose of the peril by and large? • If not, how might I control the dangers so that mischief is impossible? Possibly utilize individual defensive gear when there isn't anything else that you can sensibly do. 4- 4- If the nature of your work will vary significantly over time, or if you or your representatives will be moving from one site to another, identify the risks that you can reasonably anticipate and assesstherisks that may arise from them, and then identify any risks that may arisefrom them and assess therisks that may arisefrom them, and soforth. If you see any unusual hazard when you arrive at a place, get information from individuals who are already there and respond quickly if it looks to be needed. 5- If you share a working environment, tell different businesses and independently employed individuals there about any dangers your work could cause the IT assets, and what insurances you are taking.
  • 16. 16 6- There is no compelling reason to show how you did your evaluation, if you can show that: o An appropriate check was made o You asked what may be influenced o You managed every one of the conspicuous critical risks o Taking into account the quantity of individuals who could be included o The safety measures are sensible, and the leftover danger is low Evaluations should be reasonable and adequate, not great. The genuine focuses are: • Are the protections sensible? • Is there something to show that an appropriate check was made? 7- Keeping the written record for future reference or usage might be beneficial in the event that a monitor questions your safety precautions or in the event that you are involved in any activity. It may also serve as a reminder to keep an eye out for certain problems, and it can aid you in demonstrating that you have followed the law. 8- You will be introduced to new machinery, chemicals, and processes at some point, which may result in the introduction of new hazards. The evaluation should be updated to reflect any significant changes in order to evaluate the potential for new risks. However, it is acceptable practice to do an occasional survey of your assessment. You should avoid adjusting your appraisal for each insignificant change, or even more, for each new position; however, if a new position introduces significant new risks of its own, you will need to consider them on their own merits and take whatever steps are necessaryto keep the risks to a minimum.
  • 17. 17 DATA PROTECTION PROCESSES AND REGULATIONS AS APPLICABLE TO AN ORGANIZATION The Data Protection Act (DPA) was enacted in 1988. It was intended to regulate how the organization's administrative body utilized information. This legislation protects people's personal information and sets forth the standards for how it may be used properly. These are some of the important security tests that must be undertaken to guarantee your organization is ready for any potential GDPR (GDPR) • IAM (Identity and Access Management) – For commercial operations, IAM is a framework that makes it easierto manage electronic and digital identities, which is referred to as identity administration. Digital identities are administered by an organization's regulations, which are accompanied by the technology required to facilitate the administration of identities. When you have adequate IDAM controls in place, it is easier to restrict access to personal data of authorised personnel to everyone. Two of the most important concepts in IDAM are task separation and minimal privileges, which ensure that employees have access to information and systems that are relevant to their jobs and are not restricted to information and systems that are not. • Data loss prevention (DLP) – In terms of the General Data Protection Regulation, data loss prevention is critical to preventing personal data loss. Technical protection measures, such as DLP devices, will be critical in preventing infringement. General Data Protection Regulation (GDPR) defines a company's duty for lost or stolen personal data, regardless of who possesses or maintains it. Despite the fact that the flow of personal data to the network is limited to give additional security, DLP provides higher protection against threats for all personal and organizational information. • The policy management – The security checks stated before shall be held legally responsible for this policy, according to the policy. In a constantly changing network security environment, it must
  • 18. 18 be completely certified by the industry and implemented across the whole organisation in order to monitor and update security checks.. It is necessaryto recognize organizational policies and training policies in order to ensure that policies are communicated effectively and that policy substance is comprehended. Compliance with the GDPR is impossible without effective policy administration, which must be regulated and followed. • Third party risk management where does responsibility lie in the event of an infringement when an organisation delegated the processing of personal data to another department? THE ISO 31000 RISK MANAGEMENT METHODOLOGY AND ITS APPLICATION IN ITS SECURITY A well-known worldwide standard, ISO 31000 was developed to assist enterprises in efficiently managing their risks. Companies may use ISO 31000 as a practical document to develop their own risk management strategies since it gives fundamental rules, processes, and procedures for managing any kind of risk in a clear and systematic manner. In line with ISO 31000, "any commercial or public businesses, organizations, groups, or individual firms" may be employed. It is possible that risks to the organization's economic performance and reputation will be negatively affected by factors such as environmental performance and safety, as well as by the society. Therefore, risk management enables the organisation to operate effectively in an uncertain environment. Among the ideas, structures, and methods covered by ISO 31000 are suggestions for improvement. How does ISO 31000 help organizations? • Improves the organization’s financial reporting • Improves the identification of threats • It increases control • It improves organizational learning • Improves organizations resilience • it reduces loses • this increases the partners trust and also their confidence
  • 19. 19 • it is dynamic and responsive to change • it is reliable for making and planning any decisions • the health and safety performance is improved therefor environmental protection IMPACTS TO ORGANIZATIONAL SECURITY RESULITNG FROM AN IT SECURITY AUDIT What is an IT security audit? Organizations, including cybersecurity companies, may test and analyse their whole security posture using a security audit, which is an advanced description of how to do so. You may need to conduct more than one kind of security audit in order to get your expected results and achieve your business objectives. how often can IT security auditing be used? While the timing of a security audit is entirely up to the business, it is strongly suggested that they be conducted twice a year. The interval between audits is determined by the organization's size. There are other considerations to consider, such as the complexity of the organization's information technology systems. Impacts in security audits Reduce risks - An IT audit is a process that involves examining and detecting hazards associated with information technology in an organisation. Integrity, confidentiality, and availability of infrastructures and processes in information technology are all issues that are often included in an IT audit. Many more dangers are present in the areas of efficiency,efficiency, and IT reliability. It will be easy to understand clearly how the insurance risk may be conveyed if risks are well investigated.Risks may either be decreased viacontrols or simply accepted as part of the working environment if risks are thoroughly investigated. Flow of data in the organization – Information/data is one of your major assets requiring the highest level of protection. In- and out of your business and who has access to this information, your IT security auditors establish the sort of information you have. All technologies and
  • 20. 20 procedures for your anti-data infringement actions are examined to ensure no data is lost,stolen, abused or manipulated. Otherwise, your clients or other impacted parties are at danger of having legal arguments. Cyber defense - Effectively counter the threat of hackers and other criminals manipulating the information systems for their own goals. It is necessary to maintain your IT system to manage your company through the whole day. In order to ensure that every file produced is utilized in future, it must be safeguarded. All confidential information should be subject to continuous key. Security audits in IT are supported additional common files having a backup of an information mirror when anything goes wrong external or cloud hard disk ensures that all the fundamentals may still be accessed. Not just downtime it impacts your productivity; it eventually impacts your business. Contents
  • 21. 21 Organizational security Designing and implementing a security policy for an organization: It is the basis of every safe firm to have a workplace safety policy in place. Your firm will benefit from having a security strategy in place, regardless of the kind of business you run or the size of your organization. Occupational safety and health objectives are outlined in this policy. Many security hazards may be avoided if a strict security strategy is followed. It is essential that all policies and procedures describe fundamental principles, norms, and definitions that are uniform across the company. If you want to add regulations such as making sure the badge is worn all the time or telling workers about the laws of using the safety camera at work, you can do so. You may also include actions such as putting in place physical and digital security measures. This security method piqued AiTi's curiosity. The strategy includes security goals, objectives, basic security management strategies, and policy execution on key security mechanisms. Employers must be aware of and follow precise security procedures to safeguard assets. Security policy underpins all security-related operations including strategy, design, implementation, and administration. The rules and procedures for network and information security are detailed here. Goal of this policy is to ensure appropriate security of AiTi business information controlled by computers. This policy applies to everyone using the AiTi Company's computer network. We'll call them "users" throughout this policy. The AiTi business or one of its affiliates owns and manages computer communication networks and data. Final User Password • • Employees, partners, and any third parties providing AiTi Company with intellectual property or personal or financial information must be safeguarded. Using a difficult to guess password is the first step to efficiently fulfilling an obligation. • AiTirequires a password of at least8 characters,with at leastone uppercase and one number or special character, to access information. • Passwords will expire once per year, or 365 days. Passwords must be changed or generated when they expire. The new password must be distinct from the previous three. • Passwords stored electronically should not be stored in a readable form where unauthorized persons may find it. Passwords cannot be written and left in place where people are not allowed to find it. • Passwords cannot be shared or disclosed to anyone other than authorized users. • If the password is suspected to be disclosedor known to have been disclosedto anyone other than the authorized user, it shall be changed immediately.
  • 22. 22 Login process Users must be recognised by the systembefore they may access any computer or AiTi community. User IDs and passwords are used by AiTi networks of businesses to guarantee that only authorised users may access their internal networks of firms. Unprotected Internet or remote AiTi systemor network connections still need a user ID and password combination. Modems, wireless access points, routers, switches, and other devices placed on workstations connected to the AiTi company's network are forbidden unless they fulfil all technical criteria and have a user authentication method authorised by the Information Technology department It is easy to connect in to the networked AiTi corporate computer systemand follow the offered instructions. The user must input both a valid user ID and a valid password to access some internal systems. The systemshould clear the screen and end the session if no activity is taken for a period of time. Only when the user has submitted a valid password must the session be reconstructed No more than 30 minutes is recommended. Suppression of a teacher's ability to conclude a lesson if the systemis physically secured by locked doors or safe room badge readers. Exceptions to this regulation will be permitted for class teaching activities. Except for electronic bulletin boards and other systems where all regular users are anonymous, users are prohibited from joining the anonymous AiTi systemor network of companies, For certain privileges, users must first sign in with a user ID that clearly identifies them or their affiliation before they may utilise system rights that allow them to change their current user ID. Restrict System Access It is necessary to limit access to computers that may connect people to AiTi's network of firms via its computer and communications system. It is possible to impose these limits via the use of routers, gateways, firewalls, wireless access points, and other networking components. It is necessary to use these limits in order to, for example, restrict the user's ability to log into a certain computer and then transfer from that computer to another computer. Process for Granting System Privileges A year must pass before destroying any supporting documents. • Unauthorized users or access to AiTi computers or networks must have the written approval of a current employee who is fully responsible for their conduct. Use the Sponsorship Account Request form. • Non-AiTi employee rights must not exceed 180 days. Every 180 days, the sponsors department head must authorise the nominated users. • Only system administrators or security employees should have special permissions, such as writing to other user files. A commercial or academic requirement must be satisfied to get the truth through the exception approach. System administrators must configure and modify the OS. • Before allowing Internet access or access to the computer or AI company network, a system administrator must verify the third-party vendor's academic business/requirement. Allowing
  • 23. 23 remote maintenance, for example, needs this access for a limited time. If a continuous or long- term connection is required, an extension must be requested using advanced user verification. AiTi's internal networks or multi-user systems connected to AiTi's internal networks need all users to agree to any rules imposed by the network Process to Revoking System Access • All user IDs should have their privileges revoked after 180 days of inactivity. It should be simple to deny users rights if the computer's access control subsystemor communication system is broken. If the access control subsystemfails, the system should be inaccessible until it is repaired. |||||||||||||||||||||||| An attempt to hack into an untrusted system, guess passwords or decode files may be a crime. Customers can't circumvent AiTi's security systemunless the director of IT Infrastructure Services authorises it or AiTi is compelled to comply. System security pranks and practical jokes are absolutely forbidden. • Management should assess user credentials annually based on their role inside the firm. Any user-unused permissions should be promptly withdrawn. • If a worker's employment status changes, the department head or director must inform IT (for IT-managed systems). Terminating an employee entails contacting Information Technology and any systemadministrators responsible for systems where the dismissed employee may have a user ID. Computer Virus, Trojan Worm and Horse • Virus protection software must be activated on the PC. This programme must be used to scan all software from third parties or other AiTi divisions before it is run. • Users are accountable for the harm caused by viruses on the computer systems they manage. Any user who detects a virus should contact the IT department to prevent further infection and have the virus removed by an expert (817.531.4428). • Before using any computer programme, make a copy and save it safely. This master copy may be used to repair computer viruses, hard disc crashes, and other issues. This includes software from sources other than business/academic/business colleagues, well-known systemsecurity authorities, computer suppliers or networks, or commercial software providers. Software from untrusted sources, such as electronic bulletin boards, shareware, and public domain, must be tested and authorized by the IT Infrastructure Services Director. Data Backup and Programs • Computer users must back up their data. Backups of servers and multi-user communication systems must be performed routinely. It is the office computer user or multi-user computer system administrator's responsibility to backup multi-user PCs without end-user interaction and during downtime. A few blocks distant from the backup system, media should be housed in fireproof freezers. Documents must be preserved according to the Business Office's Retention Schedule. After two years, other data must be properly disposed away.
  • 24. 24 Plans to restore non-IT-run manufacturing and production systems are developed, tested, and updated departmentally. A network service contingency plan must be provided by the IT department. Encryption of critical data on backup media. Portable Computer Confidential information should be marked on discs or other storage media. When not in use, this material should be put in a safe or secured furniture. Handling Network Security Information • The IT Infrastructure Services Director may assign people to examine computer security rules and other networks. The IT director of Infrastructure Services or his designee must be notified promptly of any suspected network security concern including intrusion and outward compliance. • If a user reports a virus attack soon after being seen, even if carelessness is a contributing element, no disciplinary action will be taken. Notify the IT department or service provider of any network or system software issues. • Information concerning AiTi company security measures for computer systems and communications is proprietary and should not be disclosed without the authorization of the IT Infrastructure Service Director. Publication of system access information in directories is forbidden. Violation AiTi network users who intentionally and intentionally violate this policy will be subject to disciplinary action up to and including termination, expulsion from the university, and / or legal action. Main components of an organizational disaster recovery plan, justifying the reasons for inclusion: This strategy ensures that when business data is lost or IT systems and networks are down, businesses can be restored quickly. The official Disaster Recovery Plan (DRP) should document the disaster recovery process. This eliminates the need for decisions and ensures everyone knows what to do. For unanticipated catastrophes, the disaster recovery plan (DRP) is an organized strategy with directives. With this step-by-step method, companies can promptly resume mission-critical services and reduce the impact of catastrophes. It typically includes business process analysis and sustainability requirements. Many organization’s conduct BIA and risk analysis prior to developing detailed plans, and set RTO and TRP targets (RPO). Certain types of disaster recovery plans
  • 25. 25 The DR plan can be customized specifically for the given environment: • A virtual rehabilitation plan Virtualization facilitates catastrophe recovery. Virtual environments can quickly create new virtual machines (VMs) and ensure high availability. However, the strategy must allow for testing of apps in disaster recovery mode and return to regular operations within RPO and RTO. • DR network plan The intricacy of networks makes developing restoration strategies difficult. It's critical to document, test, and update recovery methods. This plan's statistics will be network-specific, including performance and employees. • Cloud backup strategy. Cloud-based disaster recovery may be as simple as file backups till replication. The DR cloud may save space, time, and money, but it must be managed properly. He must know the real and virtual server locations. Securing the cloud is a typical issue that may be mitigated via testing. • Recovery strategy for data centres This sort of package exclusively covers data centre infrastructure. Building locations, electrical systems and protection, security, and office space are all factors in operational risk assessment. This strategy must cover all eventualities. Components of the disaster recovery plan of the organization Create a disaster recovery team: The Disaster Recovery Plan is developed, implemented, and maintained by this team. Individual duties and contact information should be included in the Disaster Recovery Plan. For emergencies or anxieties, the Disaster Recovery Plan should specify who to call. A catastrophe recovery plan should be communicated to all personnel. Creating a team for disaster recovery is important because it helps the company prepare ahead. An office virus is perplexing and distressing in the case of a catastrophe. Nothing positive comes from all the confusion and confusion. No one knows who can switch it on or how to start it. The catastrophe recovery plan outlines who, how, when, and where. That is, your team will know precisely what to do and who to blame. A firm' professional image and client connections are more likely to survive a data catastrophe when it can respond precisely. • Determining responsibility: In the case of a catastrophe, your recovery plan should specify who is in charge of what. Create a clear picture of who is responsible for what. This helps everyone participating in the rehabilitation process communicate better and feel less stressed. So long as you and your third-party supplier are both aware of your responsibilities, you may work together effectively. A catastrophe recovery strategy must clearly demonstrate ownership. the team did not err in defining and assigning their respective duties when the disasters occurred. They know their roles before the calamity and can perform them when it happens. Document recovery: • Your company's critical records might be lost in an instant in a fire. When papers get wet, they start to deteriorate quickly. Document loss can be disastrous without proper preparation and recovery. Luckily, there's a solution: • Safes, inboxes, or folders are good places to save essential papers that might impair operations if they are lost.
  • 26. 26 Store essential papers in safe deposit boxes or other off-site locations. • Store all firm records in a cloud-based system accessible fromanywhere. Many organization’s provide secure scanning services and may automatically upload and save scanned documents. • Keep important papers above, not in the basement or street. • A list of companies that can recover damaged documents such as movies, books, pictures, etc. Polygon specializes in document cleaning and recovery utilizing cutting-edge methods. The safety of your personal data is ensured by our secure methods and facilities. • Employee communication and preparation: Your staff can help rebuild after a calamity. The strategy is pointless if staff cannot prepare or restore. Participation of at least one person from each department, including senior management, is an excellent method to start worker training on disaster recovery plans. It is strongly advised to form a committee to address the numerous concerns. Additionally, committee members may instruct their departments' workers on how to prepare for and recover from disasters. When including your staff in emergency preparedness, ensure sure many people are aware of the critical steps. So clever strategies won't fail because you can't get the most familiar people's information. • Assets inventory: Your company will not fully recover if you do not know its assets. In the recovery plan, identify the company's assets and their values (e.g. make, model, serial number, date of purchase and purchase price). Examples of daily-used assets on the list include laptops and tablets as well as phones and scanners. Include workplace images before, during, and after emergency readiness (to show the firm is diligent in obtaining equipment in response to the warning). The company recovery effort is only the groundwork for the long-term strategy. Test the training after creating a catastrophe recovery plan. Review the strategy at least once a year to verify it is current. • Documentation: Your disaster recovery plan should include all major IT infrastructure components (hardware and software), a responsible team, and the measures followed to restore business operations. To keep up with changes in your IT infrastructure, documentation must be maintained updated. They encompass numerous disciplines and components. These components may be released or terrified, causing further loss. In the case of a calamity, all you need to do is follow a series of planned procedures. Data backup: • Every day, businesses create vast volumes of data. Malware and hacking may cause data loss, damage, or compromise. Data loss or corruption may cause major issues. In a company continuity and IT disaster recovery strategy, data backup is essential. A data backup includes creating hardware and software backups, scheduling them, and monitoring their
  • 27. 27 effectiveness. Lost or corrupted data due to technical failure, human mistake, hacking, or malicious software requires prompt action. • Normal test: Developing a strategy without testing it periodically requires some work. Your disaster recovery strategy will evolve as your company expands. Catastrophe recovery plans must be evaluated periodically to ensure they are kept up to date and work optimally when disaster occurs. Every year, a new risk emerges, and your strategy should address it. • Recovery time: To guarantee the essential system is restored as fast as possible, every second counts in business. The maximum time that the catastrophe must be addressed is determined an acceptable data recovery time. Because if the deadline isn't fulfilled, then there's a major issue. In addition, doing a business impact study can assist you identify critical IT infrastructure aspects. So you can plan your business's comeback. • Setting up RTOs and RPOs: Recovery objectives are recovery measures. Essentially, the RTO defines how long your company can function without one of its systems or applications. The RPO establishes how much company data may be lost without affecting operations. An ideal RTO/RPO would be 0. But for many companies, this is an unnecessary expense. The good news is that you may specify multiple RTOs and RPOs for each VM, limiting the most restrictive goals to the most essential business requirements. To prevent data loss, applications used by VM residential customers must be configured to zero objectives; programs used by VM administrative customers may suffer some data loss. Plan continuity system: A disaster recovery strategy should address your company's specific requirements. Operational, financial, supply, and communication requirements must be understood. For proposals, business continuity, and a thorough grasp of the demands and logistics, major business users should record their needs.
  • 28. 28 Roles of stakeholders in the organization to implement security audit recommendations • Stakeholders are those who are influenced by and influence an organization's decisions and actions. Parties to a contract are called stakeholders. A small firm's success requires the efforts of many stakeholders. It is a significant corporation's ethical obligation to assess the effect of its activities on stakeholders. Positive public view of small businesses will help to their long-term success if they are built on mutually beneficial relationships. Stakeholders are an essential part of every organization that actively or passively develops its goals. Decisions making: Commonly, high-ranking executives and outsiders who own significant shares in a firm form a board of directors. Has the ability to change the company's performance or concepts. In order to make better judgments, they may give a 360-degree picture of the organization. Identifying the issue permits the administration to think about the business's vulnerabilities and degeneration. This will assist clarify the business's difficulties and secure the business's long-term future. The issue will be better understood if all data is collected in one location. The availability of all vital data in one location will help us swiftly identify answers to our difficulties. It is also possible to design a range of alternate solutions, allowing for more choice and flexibility. This way, management may take actions to prevent fraudulent behaviors’ from occurring. • Conflict resolution and minimize errors: Stakeholders may need to intervene in commercial conflicts to prevent further escalation. A company must determine whether or not to fire a CEO who is suspected of breaking the law by engaging in unethical business activities. If the management is unable to achieve consensus, the stakeholders must vote to decide. Stakeholders should be prepared to act as mediators in any important corporate disagreements. In other words, if anything goes wrong in IT or a risk arises, the stakeholders can address the issue, take action to mitigate the risk, and ensure the business stays on track. • Idea and solution sharing: Participants in the decision-making process may assist generate solutions and ideas. Diverse viewpoints are a result of diverse stakeholder backgrounds. This enables for debate and discussion of opposing viewpoints. Demon support implies stakeholders may spread ideas beyond the original concept. • Management: Shareholders may have significant managerial roles reporting directly to the president, CEO, or CFO. Management may be responsible for recruiting, training, and advising the department of updates or changes in corporate rules and processes. • Investing:
  • 29. 29 Stakeholders are usually responsible for maintaining or achieving return on investment. Sometimes, investments can be made consistently over time. For example, consistently investing in stocks through one company is an example of a stakeholder that continues to increase its interest in the company. The stakeholders are responsible for reviewing the company's financial data to ensure that the business works well and they do not lose their investment. They may also be responsible for voting on certain funding provisions. • Social responsibility and environment: Stakeholders must guarantee that their decisions do not negatively harm society or the environment. It is possible that they will use other sources if they are aware of the existing resource constraints. In certain cases,board members may choose to lessenresource scarcity or employee exploitation in order to help needy countries (such as third world countries). That the public interest always comes first and takes priority over profit maximization aims is guaranteed. Suitability of the tools used in an organizational policy: Online software to train and update staff Keep your staff happy by giving them the chance to acquire and use new abilities. Employees who have the abilities and confidence to accomplish a good job are rewarded with happiness, which leads to increased workplace engagement and loyalty The advantages of online software to train and update staff are: • Work performance improvement: Good training makes employees want to go above and beyond. Employees who keep up with industry trends and learn more about safety measures perform better work more effectively. • Training perseverance: Your staff will have the same experience, prior knowledge, and core understanding if you centralise all of their training. To better understand what people want from you, make information easily available. • Steps on the effectiveness of exercise effectiveness: In order to bridge the gap between employee training and performance, you must first identify the most effective courses for your team. Analyze student data, develop reports, and get learning insights to better align monitoring tactics with company goals. Types of online software training:
  • 30. 30 The finest employee development programmes address staffing needs throughout the employee life cycle, including: Compliance training is designed to help employees grasp all of the laws, regulations, and policies that affect their everyday activities and responsibilities. Lifelong training keeps workers abreast of new skills and practices in their areas. Lifelong training also protects high-potential individuals and businesses by encouraging continuous employee development. New employees get onboarding training to acquaint them with their jobs and responsibilities, as well as the company's mission and culture. Induction events help staff integrate and get to work faster. Why worker training is important to the organization? Staff training retains high performers and reduces attrition. Employee safety rules reduce risks and save money. Training improves customer service and income. Employee development produces a creative workforce that produces new ideas, strategies, and products. The benefits of online software to train and update staff are: • The starting cost is lower: Buying software is optional. You also save time and money on software installation, troubleshooting, and distribution. This system appeals to small and medium-sized businesses due to its simplicity and online accessibility. Others allow firms to test free solutions before paying. • Enhanced data security: However, many companies still use social media to communicate with their clients. Regrettably, many of these sites are undefended. Course developers who share information and ideas remotely through the learning system do not have to worry about data theft or loss. Modern LMSs secure user data. They secure the site's transactions, connections, and
  • 31. 31 interactions. They also allow businesses to assess user demographics without compromising online transaction security. • Easier to maintain: In general, vendors of online learning management systems already have IT employees on standby to handle any interruptions and other operational issues that waste your time and resources. Also, new features and improved functionality are accessible without having to look for them or pay extra. Penetration testing Testing the IT infrastructure's security by securely exploiting vulnerabilities. Operating system flaws, service and application vulnerabilities, incorrect setup, and end-user risk behavior may all be culprits. Assessing defensive mechanisms and end-user compliance with security regulations also helps validate the evaluation. In order to avoid ocular exposures, perforation examinations are frequently done manually or automatically. With expanded credentials, testers may get access to more assets and electronic information. Types of Penetration Tests: • Comprehensive penetration test Comprehensive penetration testing service imitates attackers who want to access sensitive assets by exploiting security vulnerabilities that exist in various systems. • Application assignment test Application penetration tests your custom web apps as well as standard apps such as antivirus, embedded applications, games and other system apps. • Wireless penetration test Wireless penetration services that involve standard corporate Wi-Fi network security tests to evaluate specific wireless solutions. Why Do Penetration testing: • Security breach and service interruption are expensive. If a security breach occurs, or if any harassment occurs in connection with the performance of the service or application, the organization may suffer direct financial loss as well as reputational damage and customer loyalty, as well as negative press coverage and the imposition of significant fines and penalties.
  • 32. 32 • It is impossible to protect all the information, all the time. Companies have traditionally attempted to avoid infractions by implementing layers of protection such as user access control, encryption, IPS, IDS, and firewalls. It is now more difficult to identify and eradicate all organizational flaws and to guard against various forms of possible security events due to the use of new technology. • The penetration test identifies and prioritizes security risks. Analyses the organization's capacity to safeguard networks, apps, endpoints, and users against illegal access or privileges to protected assets. The advantages of penetration test: • Sincerely manage weaknesses Penetration testing provides detailed information on real-world security threats. Penetration testing may discover critical, non-critical, and false positives. So your company can better priorities recovery efforts, implement key security patches, and allocate security resources so they are available when and where they are required. • Avoid network downtime costs IT recovery operations, consumer protection and retention initiatives, legal actions, and other costs associated with recovering from a security breach may cost firms millions of dollars. • Fulfill regulatory requirements and avoid fines Organizations may use penetration tests to aid with general audits and compliance. Auditor due diligence may be shown by detailed reports generated by Penetration Testing. • Preserve corporate image and customer loyalty Every breach of customer data might be expensive, both in terms of lost revenue and damage to the company's public image. No one wants to lose the loyal customers they've fought so hard to get, and data breaches are more likely than ever to drive away potential customers in this day and age of higher client retention costs. The penetration test helps you prevent data breaches that might compromise your company's brand and client trust. The benefits of penetration test: • Detects and manages security threats: Privileged or unauthorized access to protected assets is assessed by a penetration test. After the pen test, IT management and security specialists may plan recovery measures. A full penetration test may help organizations anticipate future security dangers and prevent unauthorized access to vital information and systems.
  • 33. 33 • Meet the requirements of monitoring and avoiding penalties: HIPAA, SARBANES-OXLEY, and GLBA are addressed by the IT department, as are the recognized test requirements in the NIST/FISMA and PCI-DSS commands federation. A thorough report from penetration testing may help firms avoid substantial fines for non- compliance and show the auditors the appropriate security safeguards. • Remove the network downtime: A safety flaw remedy is pricey. Legal action, decreased income, reduced labour productivity, and unproductive trade affiliates may all be part of the recovery approach. The penetration test helps the firm prevent financial loss by monitoring and mitigating risks before a breach or security attack occurs. • Protect customer loyalty and company image: Even a single instance of leaked customer data may do irreparable damage to a company's reputation and have a negative influence on it. The penetration test assists enterprises in avoiding data incidents that might jeopardize the company's image and dependability. • Service interruption and security breach are expensive: Financial losses, brand harm, consumer dissatisfaction, bad news, and unanticipated fines and penalties may all result from security breaches and disruptions. Permanent payroll penetration saves money. Your company's IT infrastructure is protected by the penetration test. Your company's brand value and financial soundness must be protected proproactively. To ensure that an attacker cannot compromise your network's confidentiality, availability, or integrity, a professional should conduct a penetration test. Security audits Qualified security experts must inspect and analye your home to find places where your security isn't as strong as it should be. It is best to use security audits on commercial buildings, office buildings, and schools. Assuring that employees' property is safe helps to avoid theft and damage to property. The benefits of security audit are: • Security assessment: First, learn about your property before installing a security system. Securing your property is a security audit. So you know where vandalism, theft and other crimes are most likely to
  • 34. 34 occur. They inspect your property and recommend any further security measures. Security guard services may be adjusted or changed based on your property's need. • Improve your safety system: Your security system may be upgraded after you've identified high-risk regions and their shortcomings. Insuring that any unpleasant occurrence is captured on tape by installing bespoke cameras in strategic locations throughout your home. It is possible to record and examine videos afterwards, assisting in the prosecution of criminals. We will work with you to ensure you understand how to maintain your security systemso that it is always operating correctly, avoiding problems like as false alarm calls to the police, and we will work with you to guarantee your property is always safe. • Crime prevention: Some security systems, such as video cameras and alarms, can keep burglars away from your home. They can help you keep your home safe. If you want to keep troublemakers, thieves, and other criminals away from your home, you might set up the camera in a visible, open, and bright place. During a break-in, we can keep your valuables safe and make sure that any criminal acts are recorded on video. Detailed security audits can help you figure out what your home needs in terms of security. On the other hand, we may look for areas that need to be fixed, as well as places where your current security systemisn't strong enough. Then, we'll work with you to come up with a security plan that fits your needs and includes monitoring. References Cybersecurity Assessment Checklist (no date). Available at: https://www.netwrix.com/information_security_risk_assessment_checklist.html (Accessed: March 17, 2022). Common Types of Security Threats to Organizations - Cyber Threat & Security Portal (no date). Available at: https://cyberthreatportal.com/types-of-security-threats-to-organizations/ (Accessed: March 17, 2022).
  • 35. 35 Chapter 4-Security Management, from Safeguarding Your Technology, NCES Publication 98- 297 (National Center for Education Statistics) (no date). Available at: https://nces.ed.gov/pubs98/safetech/chapter4.asp (Accessed: March 17, 2022). Chapter 4-Security Management, from Safeguarding Your Technology, NCES Publication 98- 297 (National Center for Education Statistics) (no date). Available at: https://nces.ed.gov/pubs98/safetech/chapter4.asp (Accessed: March 17, 2022). (no date). Available at: https://oaktrust.library.tamu.edu/bitstream/handle/1969.1/195007/Module%2012%20Ope rational%20and%20Organizational%20Security.pdf?sequence=13&isAllowed=y (Accessed: March 17, 2022). Impact to it security of incorrect configuration of firewall policies… (no date). Available at: https://www.slideshare.net/usmanbutt54/impact-to-it-security-of-incorrect-configuration- of-firewall-policies-and-third-party-vp-ns (Accessed: March 17, 2022). What Is a DMZ and Why Would You Use It? | Fortinet (no date). Available at: https://www.fortinet.com/resources/cyberglossary/what-is-dmz (Accessed: March 17, 2022).
  • 36. 36 [Solved] Discuss possible impacts to organizational security resulting from an IT security audit. | Course Hero (no date). Available at: https://www.coursehero.com/tutors - problems/Information-Security/22324077-Discuss-possible-impacts-to-organizational- security-resulting-from-an/ (Accessed: March 17, 2022). Security Risk Management & ISO 31000 - Athena Risk (no date). Available at: https://www.athenarisk.com/security-risk-management-iso-31000/ (Accessed: March 17, 2022). Blog, risk assessment procedures. [Online] retrieved from https://blog.netwrix.com/2018/01/16/how-to- perform-it-risk-assessment/ [Accessed on 18th March2022]. Citizens information, data protection regulation. [Online] retrieved from http://www.citizensinformation.ie/en/employment/employment_rights_and_conditions/d a ta_protection_at_work/data_protection_in_the_workplace.html [Accessed on 18th March2022 ]. Technopedia, data protection process. [Online] retrieved from https://www.techopedia.com/definition/29406/data-protection [Accessed on 18th March2022]. Search data backup, data protection process. [Online] retrieved from https://searchdatabackup.techtarget.com/definition/data-protection [Accessed on 18th March2022]. Linfordo, organizational security procedures. [Online] retrieved from https://linfordco.com/blog/security-procedures/ [Accessed on 18th March2022]. Archive industry, treat the IT risk (avoidance). [Online] retrieved from https://archive.industry.gov.au/resource/Programs/LPSD/Risk-management/Riskanalysis- and-control/Pages/Treat-risks.aspx [Accessed on 18th March2022].
  • 37. 37 Search compliance, treat the IT risk (reduction). [Online] retrieved from https://searchcompliance.techtarget.com/definition/risk-avoidance [Accessed on 18th March2022]. Strong hold data, DRP components. [Online] retrieved from https://www.strongholddata.com/3- important-reasons-business-needs-disaster-recoveryplan/ [Accessed on 18th March2022]. Mksh, DRP components. [Online] retrieved from https://mksh.com/5-elements-of-adisaster- recovery-plan-is-your-business-prepared/ [Accessed on 18th March2022]. Polygon group, DRP components. [Online] retrieved from https://www.polygongroup.com/en-US/blog/top-5- components-of-the-best-businessdisaster-recovery-plans/ [Accessed on 18th March2022]. Ni business info, types of IT risk. [Online] retrieved from https://www.nibusinessinfo.co.uk/content/different-types-it-risk [Accessed on 18th March2022. Technopedia, static IP addresses. [Online] retrieved from https://www.techopedia.com/definition/9544/static- internet-protocol-ip-address-static-ipaddress [Accessed on 18th March2022]. Technopedia, NAT definition. [Online] retrieved from https://www.techopedia.com/definition/4028/network-address- translation-nat [Accessed on 18th March2022]. Tfe connect, disaster recovery plan component. [Online] retrieved from https://www.tfeconnect.com/3-things-disaster-recovery-plan-include/ [Accessed on 18th March2022]. Ready, DMZ implementation. [Online] retrieved from https://www.ready.gov/business/implementation/IT [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/riskacceptance [Accessed on 18th March2022]. Search compliance, how treat IT risk. [Online] retrieved from https://searchcompliance.techtarget.com/definition/risk-avoidance [Accessed on 18th March2022]. What is, what is an IT asset? how treat IT risk. [Online] retrieved from https://whatis.techtarget.com/definition/IT-asset [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/riskreduction-examples [Accessed on 18th March2022]. Omnisecu, organizational policy. [Online] retrieved from http://www.omnisecu.com/ccnasecurity/organizational-policies-procedures-standards-and- guidelines.php [Accessed on 18th March2022].
  • 38. 38 Policy, sample of organizational policy. [Online] retrieved from https://policy.vu.edu.au/download.php?id=287&version=1 [Accessed on 18th March2022]. Nics, router and switch procedure. [Online] retrieved from https://nics.appstate.edu/support/router-and-switch-security-procedure [Accessed 18th March2022]. Linked in, data theft. [Online] retrieved from https://www.linkedin.com/pulse/20141008131337-109191746-data-theft-legal- remedy [Accessed on 18th March2022]. Ccsinet, types of IT risk. [Online] retrieved from https://www.ccsinet.com/blog/commonsecurity-risks-workplace/ [Accessed on 18th March2022]. Meta compliance, types of IT risk. [Online] retrieved from https://www.metacompliance.com/blog/10- it-security-risks-your-employees-bring-toyour-organization/ [Accessed on 18th March2022]. Linfordco, security procedure. [Online] retrieved from https://linfordco.com/blog/security- procedures/ [Accessed on 18th March2022]. Kcl, IT regulations. [Online] retrieved from https://www.kcl.ac.uk/governancezone/assets/informationpolicies/it-regulations- 201718.pdf [Accessed on 18th March2022]. I sight, benefits of IT risk assessment. [Online] retrieved from https://isight.com/resources/benefits-of-workplace-risk-assessments/ [Accessed on 18th March2022]. Iso, ISO 31000 risk management. [Online] retrieved from https://www.iso.org/iso-31000risk- management.html [Accessed on 18th March2022]. Search security, stages in ISO 31000. [Online] retrieved from https://searchsecurity.techtarget.com/tip/The-three-stages-of-the-ISO-31000- riskmanagement-process [Accessed on 18th March2022]. Technopedia, definition of network monitoring. [Online] retrieved from https://www.techopedia.com/definition/24149/network-monitoring [Accessed on 18th March2022]. Ramsac, benefits of network monitoring. [Online] retrieved from https://www.ramsac.com/5-key-benefits-of-network-monitoring/ [Accessed on 18th March2022]. Foss bytes, trusted network vs untrusted network. [Online] retrieved from https://fossbytes.com/types-of-networks-trusted-untrusted-and-unknown-networks/ [Accessed on 18th March2022].
  • 39. 39 Transcosmos, IT security audit process. [Online] retrieved from http://transcosmos.co.uk/blog/it-security-audit-business-process/ [Accessed on 18th March2022]. Search compliance, introduction of ISO 31000. [Online] retrieved from https://searchcompliance.techtarget.com/feature/FAQ-An-introduction-to-the-ISO- 31000risk-management-standard [Accessed on 18th March2022]. Rutter, how to treat IT risk.[Online] retrieved from https://www.rutter-net.com/blog/5ways- to-overcome-it-security-threats [Accessed on 18th March2022]. Bh consulting, how to treat IT risk. [Online] retrieved from http://bhconsulting.ie/computer- security-threats-solutions/ [Accessed on 18th March2022]. Technopedia, definition of NAT. [Online] retrieved from https://www.techopedia.com/definition/4028/network- address-translation-nat [Accessed on 18th March2022]. Cisco, NAT explanation. [Online] retrieved from https://www.cisco.com/c/en/us/support/docs/ip/network-address-translation- nat/26704nat-faq-00.html [Accessed on 18th March2022]. Technopedia, definition of DMZ. [Online] retrieved from https://www.techopedia.com/definition/10266/demilitarized-zone-dmz [Accessed on 18th March2022]. Technopedia, definition of IP address. [Online] retrieved from https://www.techopedia.com/definition/2435/internet-protocol-address-ip-address [Accessed on 18th March2022]. IP location. Static vs dynamic address. [Online] retrieved from https://www.iplocation.net/static-vs-dynamic-ip-address [Accessed on 18th March2022]. Quora, definitions of untrusted network and trusted network. [Online] retrieved from https://www.quora.com/What-are-the-definitions-of-an-untrusted-network-and-a- trustednetwork [Accessed on 18th March2022]. Tech talk, network monitoring solutions. [Online] retrieved from https://techtalk.gfi.com/top-10-reasons-network-monitoring-solutions/ [Accessed on 18th March2022]. Study, trusted network explanation. [Online] retrieved from https://study.com/academy/lesson/trusted-network- solutions-environmenttechnologies.html [Accessed on 18th March2022]. Hart, policies. [Online] retrieved from https://www.hart.gov.uk/sites/default/files/4_The_Council/Policies_and_published_docu
  • 40. 40 ments/Corporate_policies/Office%20Security%20Policy%20and%20Procedure.pdf [Accessed on 18th March2022]. Blog, how to perform IT risk assessment. [Online] retrieved from https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ [Accessed on 18th March2022]. Firemon, incorrect firewall configuration. [Online] retrieved from https://www.firemon.com/misconfigurations-firewalls-greatest-threat/ [Accessed on 18th March2022]. Uni assignment, types of IT risk. [Online] retrieved from https://www.uniassignment.com/essay-samples/information-technology/types-of- securityrisks-to-an-organization-information-technology-essay.php [Accessed on 18th March2022]. Kodu, security policy. [Online] retrieved from http://kodu.ut.ee/~mroos/turve/turvapoliitika/secpolicy.html [Accessed on 18th March2022]. Get kisi, security policy. [Online] retrieved from https://www.getkisi.com/guides/workplace-security-policy [Accessed on 18th March2022]. Condor security, benefits of security audit. [Online] retrieved from https://www.condorsecurity.ca/security-audit/6-benefits-getting-security-audit/ [Accessed on 18th March2022]. Core security, tool used in organizational policy. [Online] retrieved from https://www.coresecurity.com/penetration-testing [Accessed on 18th March2022]. Blog, benefits of stable IT infrastructure. [Online] retrieved from https://blog.netapp.com/blogs/the-benefits-of-a-stable-it-infrastructure/amp/ [Accessed on 18th March2022]. Mind tree, efficiency in IT infrastructure. [Online] retrieved from https://www.mindtree.com/sites/default/files/2017-10/146_mindtree-success-storiesefficient- it-infrastructure-management-to-go-beyond-business-as-usual.pdf [Accessed on 18th March2022]. Course hero, importance of aligning security policies. [Online] retrieved from https://www.coursehero.com/file/p7i5m7e/What-is-the-importance-of-aligning- securitypolicies-controls-and-procedures/ [Accessed on 18th March2022]. The bay net, importance of IT audit. [Online] retrieved from http://www.thebaynet.com/articles/0215/importance-of-it-security-audit.html [Accessed on 18th March2022].
  • 41. 41 Avalution, ISO 31000. [Online]retrieved from https://avalution.com/the-basics-of-iso31000-risk- management/ [Accessed on 18th March2022]. IT still works, benefits of using firewall. [Online] retrieved from https://itstillworks.com/benefits- firewall-security-3806.html [Accessed on 18th March2022]. Tech sling, types and benefits of using firewall. [Online] retrieved from https://www.techsling.com/2012/01/types-and-benefits-of-firewall-protection/ [Accessed on 18th March2022]. IT still works, benefits of using firewall. [Online] retrieved from https://itstillworks.com/12758825/what-are-the-benefits-of-using-firewalls [Accessed on 18th March2022]. Techwalla, advantages vs disadvantage of static ip addresses. [Online] retrieved from https://www.techwalla.com/articles/the-advantages-disadvantages-to-a-static-ip-address [Accessed on 18th March2022]. https://bkmsh.com/advantages-of-an-it-audit/ [Accessed on 1st March 2019]. IT governance, regulations. [Online] retrieved from https://www.itgovernance.co.uk/standards [Accessed on 18th March2022]. Cheeky munkey, IT infrastructure. [Online] retrieved from https://cheekymunkey.co.uk/itinfrastructure-services/ [Accessed on 18th March2022]. Cheeky munkey, what is an IT auditing. [Online] retrieved from https://cheekymunkey.co.uk/what-is-an-it-security-audit/ [Accessed on 18th March2022]. Cheeky munkey, how to secure IT system. [Online] retrieved from https://cheekymunkey.co.uk/securing-your-it-system/ [Accessed on 318th March2022]. Trilogy technologies, benefits of IT infrastructure monitoring. [Online] retrieved from https://trilogytechnologies.com/5-benefits-of-effective-infrastructure-monitoring/ [Accessedon 18th March2022]. Help net security, benefits of IT auditing. [Online] retrieved from https://www.helpnetsecurity.com/2015/03/27/the-multiple-benefits-of-it-auditing/ [Accessed on 18th March2022]. Spamlaws, what is DMZ and how its work. [Online] retrieved from https://www.spamlaws.com/how-dmz-works.html [Accessed on 18th March2022]. Fed tech magazine, what is DMZ and how its work. [Online] retrieved from https://fedtechmagazine.com/article/2017/07/what-dmz-network-and-how-can-itimprove- your-security [Accessed on 18th March2022]. Demon, static ip addresses explanation. [Online] retrieved from https://demon.net/blog/why-is- a-static-ip-address-better/ [Accessed on 18th March2022].
  • 42. 42 Life wire, static ip addresses explanation. [Online] retrieved from https://www.lifewire.com/using-static-ip-address-on-private-computer-818404 [Accessed on 18th March2022]. Quora, advantages vs disadvantage of static ip addresses. [Online] retrieved from https://www.quora.com/What-are-the-advantages-of-a-static-IP-and-what-are- itsdisadvantages [Accessed on 18th March2022]. Learn abhi, NAT explanation. [Online] retrieved from http://www.learnabhi.com/natnetwork- address-translation/ [Accessed on 18th March2022]. Search networking, impact of third-party incorrect configuration. [Online] retrieved from https://searchnetworking.techtarget.com/answer/How-can-incorrectly-configuring-VPNclients- lead-to-a-security-breach [Accessed on 18th March2022]. Blog, how to perform risk assessment procedure. [Online] retrieved from https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/ [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/itinfrastructure [Accessed on 18th March2022]. Simplicable, how treat IT risk. [Online] retrieved from https://simplicable.com/new/riskcontrol[Accessed on 18th March2022. [Online] retrieved from https://smallbusiness.chron.com/procedures-steps-network- security-2147.html [Accessed on 18th March2022]. Cloud google, impact of incorrect configuration of firewall policy. [Online] retrieved from https://cloud.google.com/security/data-loss-prevention/preventing-data-exfiltration [Accessed on 18th March2022]. Trusted network, firewall explanation for the trusted network. [Online] retrieved from http://trustednetworksolutions.com/network-security-overview/firewalls/ [Accessed on 18th March2022 Force point, firewall. [Online] retrieved from https://www.forcepoint.com/cyberedu/firewall [Accessed on 18th March2022]. Reference for business, role of stakeholders. [Online] retrieved from https://www.referenceforbusiness.com/management/Sc-Str/Stakeholders.html [Accessed on 18th March2022]. Business dictionary, role of stakeholders. [Online] retrieved from http://www.businessdictionary.com/article/601/the-role-of-stakeholders-in-your-business/ [Accessed on 18th March2022]. Jaxa auditor, role of stakeholders. [Online] retrieved from https://www.jaxaauditors.com/blog/how-does-audit-help-in-decision-making [Accessed on 18th March2022].
  • 43. 43 Academia, role of stakeholders. [Online] retrieved from https://www.academia.edu/8971546/MEMAHAMI_PERAN_AUDITING_DALAM_OR GANISASI [Accessed on 18th March2022]. Talentlms, tool used in organizational policy. [Online] retrieved from https://www.talentlms.com/solutions/employee-training-software [Accessed on 18th March2022]. Finances online, tool used in organizational policy. [Online] retrieved from [Onlinehttps://financesonline.com/benefits-using-online-learning-management-system/ [Accessed on 18th March2022]. Ip3, tool used in organizational policy. [Online] retrieved from https://lp3.com/tips/5benefits-of- penetration-testing/ [Accessed on 18th March2022]. Biz fluent, role of stakeholders. [Online] retrieved from https://bizfluent.com/info8154298-role- stakeholders-business.html[Accessed on 18th March2022]. Small business, role of stakeholders. [Online] retrieved from https://smallbusiness.chron.com/roles-stakeholders- planning-process32051.html[Accessed on 18th March2022]. Blog, impact of misalignment organizational policy. [Online] retrieved from https://blog.hrps.org/blogpost/9-Signs-Your-Organization-Is-Misaligned[Accessed on 18th March2022]. Computer weekly, how to align the IT security with organizational policy. [Online] retrieved from https://www.computerweekly.com/opinion/Seven-ways-to-align-securitywith-the-business [Accessed on 18th March2022]. IT stillworks, firewallbreach. [Online]retrieved from https://itstillworks.com/tellfirewall-breach- 12210516.html [Accessed on 18th March2022]. Info security, firewall breach. [Online] retrieved from https://www.infosecuritymagazine.com/opinions/to-err-is-human-to-automate-divine/ [Accessed on 18th March2022]. Technopedia, definition of firewall breach. [Online] retrieved from https://www.techopedia.com/definition/29060/security-breach [Accessed on 18th March2022]. Dflabs, how to align the IT security with organizational policy. [Online] retrieved from https://www.dflabs.com/blog/alignment-between-cyber-security-and-it-servicemanagement- processes/ [Accessed on 18th March2022].