SlideShare a Scribd company logo

Enterprise Se.docx

Download as DOCX, PDF
A
adkinspaige22

Enterprise Security Plan Strategic CMGT 430 Enterprise Security Plan Strategic This enterprise security plan is being created to discuss core principles that can improve the overall enterprise system. Data loss prevention Data damage is a risk that Auburn Regional does not have the luxury of overlooking. Patient data is sensitive and needs to be secured in the most efficient manner possible. Staff members themselves pose the biggest vulnerability because of their access to patient data. There is a plethora of information that is obtained when a person visits a hospital, and staff members have access to the information. Having all the specifics in a patient record not only gives the staff members access to medical data but typically they will also have entrance to social security, contact information, home addresses, employer information. With all this information, staff members can also steal one's identity. Abuse of power is a very huge threat, and the only mitigation is to hire qualified individuals who pass their background checks and are provided policies and procedures to maintain data safety. Access controls Understanding who has access to what locations is mandatory when trying to ensure that a system is secure. Controls like key cards are great tools for access control. Key cards let the company let the employees have access to the building and sometimes different parts of the building. This gives certain people access to different things that way you can have a more secure building. Then also you can monitor who is where within the building, then also who is on what computer too. All of those are to improved security around the projects being work on. Physical access to computers, visitors, and patient records are another vulnerability identified. Physical security is important to the safety of our employees, our data, and has even been shown to improve productivity. With security monitoring data systems and their various entrances, we increase the physical security of our systems and the data that the house. Employees will feel more safe and secure as they enter and exit the building daily and as they move from department to department. There has also been some research that shows that campus-wide surveillance systems increase productivity because when the employees know that their actions may be scrutinized throughout the day then they tend to work harder and more efficiently. Data management 3rd party software has become a common usage today and this may interfere with existing configurations within the organization's systems. The probability and threat are media, and the mitigation strategy can easily be to test software on controlled systems for compliance prior to allowing users to download or use the software. Preventing the use of 3rd party software is another means, but if the software is needed, then the approach to testing prior to allowing the usage is the best mitigation strategy. Risk management .

Education
1 of 17
Enterprise Security Plan Strategic CMGT 430 Enterprise Security Plan Strategic This enterprise security plan is being created to discuss core principles that can improve the overall enterprise system. Data loss prevention Data damage is a risk that Auburn Regional does not have the luxury of overlooking. Patient data is sensitive and needs to be secured in the most efficient manner possible. Staff members themselves pose the biggest vulnerability because of their access to patient data. There is a plethora of information that is obtained when a person visits a hospital, and staff members
have access to the information. Having all the specifics in a patient record not only gives the staff members access to medical data but typically they will also have entrance to social security, contact information, home addresses, employer information. With all this information, staff members can also steal one's identity. Abuse of power is a very huge threat, and the only mitigation is to hire qualified individuals who pass their background checks and are provided policies and procedures to maintain data safety. Access controls Understanding who has access to what locations is mandatory when trying to ensure that a system is secure. Controls like key cards are great tools for access control. Key cards let the company let the employees have access to the building and sometimes different parts of the building. This gives certain people access to different things that way you can have a more secure building. Then also you can monitor who is where within the building, then also who is on what computer too. All of those are to improved security around the projects being work on. Physical access to computers, visitors, and patient records are another vulnerability identified. Physical security is important to the safety of our employees, our data, and has even been shown to improve productivity. With security monitoring data systems and their various entrances, we increase the physical security of our systems and the data that the house. Employees will feel more safe and secure as they enter and exit the building daily and as they move from department to department. There has also been some research that shows that campus-wide surveillance systems increase productivity because when the employees know that their actions may be scrutinized throughout the day then they tend to work harder and more efficiently. Data management 3rd party software has become a common usage today and this
may interfere with existing configurations within the organization's systems. The probability and threat are media, and the mitigation strategy can easily be to test software on controlled systems for compliance prior to allowing users to download or use the software. Preventing the use of 3rd party software is another means, but if the software is needed, then the approach to testing prior to allowing the usage is the best mitigation strategy. Risk management The ransomware attack on neighboring systems has led this author to review aspects of potential threats to the Auburn Regional system. The threats that were noticed by the author dealt with one or more of the following attributes, authorization, authentication or roles of certain members of the business. Changes to the authorization and authentication procedures and/or protocols are mandatory for the integrity of the business. Unauthorized users having access to patient data can result in patient distrust and lawsuits. Increased authorization procedures can include but not limited to additional password protection to specific applications. Authorization changes can also include physical deterrents such as key cards. Authentication upgrades can be touchy depending on the size of the business. In a smaller business, authentication updates can mean new picture identification. For a system as large as Auburn Regional, authentication needs to be more detailed. Biometric technology can be implemented for sensitive areas that need access control. Biometrics can also be applied to certain software applications utilized by the staff. Most potential threats within a system are caused by not properly securing access points, whether a desktop or device being left unlocked or weak password protection for those desktops and devices. In smaller businesses, roles may be increased to ensure that all facets are covered to ensure no loss of integrity. In a larger business, roles can be reduced or redefined to remedy any localized issues. Verification is key to keep potential threats at the lowest levels
a possible. As stated earlier in the document, biometrics would be the technology that can be implemented to save time, resources and unnecessary data storage. Having all staff members on file in the biometrics system mean that all employees can be assigned or issued a security level. Security levels help to separate sensitive data from restricted users. All recommendations within this document can help with active threats and deter potential threats. There is no way to prepare for all threats but having competent staff can cut risk almost in half. Cloud technology` The cloud allows the company flexibility to have access to data from any location no matter the time or place. Cloud storage requires little to no maintenance while increasing the security of all data that will be stored. Depending on which storage plan that is being offered, the cost for the service of using the cloud will be low. The only drawback to the cloud is the assurance of confidentiality and security. Finally, any software that needs to be implemented within the company can be easily deployed from the cloud with a click of a button. Auburn regional is a small, rural hospital that is part of the College of Georgia (CGA) Medical System. My team and I were asked to review the enterprise security environment at Auburn Regional and make suggestions as to how the hospital system can be better prepared to respond to recent threats that have had an impact on other similar-sized hospitals. Our primary goal is to protect the confidentiality, discretion, reassure, and the integrity and availability of organizational data. Data loss restriction is an approach for securing that end users don't transfer critical or sensitive information outside the enterprise network. · Why is this topic important to Auburn Regional? Data loss prevention is an important topic at Auburn regional because patient data is sensitive and needs to be secured. The Patients' rights act and HIPAA both state-specific protections of Patient
information and a breach in the hospital's systems will lead to a violation of these rights. · What is the desired outcome to this effort? We hope to put a plan in place that will protect the hospital's security against intrusion and/or hackers. · What is the specific strategic objective? Hiring qualified security personnel and conducting thorough background checks on all employees. · What will be the benefits of this effort? The benefits of data loss prevention are preventing data loss. Simply put! · What will be done to meet this objective? My team will identify the weak points in our security and implement ways to prevent breaches. Background checks, heightened security, audits, and quarterly security training courses for all employees. Access controls validate and allow individuals to obtain the information they are permitted to inspect and use. There are 3 sorts of access controls. Mandatory, Discretionary, and Role- based. According to (Martin, 2018), Discretionary Access Control is a kind of access control method that handles the company owner accountable for determining which people are permitted in digitally or physically and special location. Mandatory Access Control is regularly employed in an enterprise that demands a high accent on the classification and confidentiality of data. Role-based AC path is designated by the framework controller and is strictly supported on the subject's part within the organization or household and most possibilities are based on the controls determined by their position obligations. · Why is this topic important to Auburn Regional? Access controls are important to Auburn regional because it helps dictate the level of access an employee can get. Access controls also help effectively protect the company's data. The controls make sure users are who they say they are and are not given more access than required to do their job
· What is the desired outcome to this effort? With the implementation of access controls. Auburn regional should be able to manage the level of access given to employees and ultimately make the company more secure! · What is the specific strategic objective? Implementing one of the 3 access control methods where required. · What will be the benefits of this effort? A more secure infrastructure. · What will be done to meet this objective? Our team will implement a role-based or team-based access model on a small focus group of employees from various departments. We will then deploy this model to all employees once testing is deemed successful. Avoidance, mitigation, transfer, and acceptance are among the common types of risk management techniques. According to info-entrepreneurs, Risk control is the method of using techniques, tools, and processes, for handling certain hazards. Risk management is important to Auburn regional is important because it explains strategies of managing risks. · What is the desired outcome to this effort? Managing risks at Auburn Regional. · What is the specific strategic objective? Identifying, quantifying, and decreasing any uncertainty that concerns or is integrated into a company's establishment, objectives, and tactics accomplishment. · What will be the benefits of this effort? Identifying potential issues before they arise · What will be done to meet this objective? Create a risk management plan, analyzing and identifying risks. Cloud technology is the distribution of computing databases, co-operation—servers, storehouse, software, networking, analytics, knowledge and further—over the Internet ("the cloud") to offer high-speed variation, economies of range and manageable resources. What Is Cloud Computing? Cloud technology is important to Auburn regional. The
implementation of cloud computing will increase net income while decreasing the charges. Charges will decrease because equipment and personnel needs will decrease. This will alleviate some of the pressure on the small IT team and allow enable to the opportunity to work on other time-intensive IT related issues like software upgrades. · What is the desired outcome to this effort? To have all data stored in the cloud with a reputable, economically priced CSP. We also hope to see profit increases within the company. · What is the specific strategic objective? Scalability is the first strategic objective. The short-term cost benefits are appealing as Auburn regional currently wastes revenue due to lack of efficiency and resources. · What will be done to meet this objective? Auburn regional will use Azure services as their cloud provider. According to Microsoft Azura, you normally pay only for cloud services you use, maintaining moderate your operating expenses, run your foundation more efficiently, and scale as your enterprise requires change. Recommendations: · Install antivirus and keep computer software patched. · Create a change management Plan. · Move data to the cloud · Create a Security Enterprise system · Require Token and VPN access for all external vendors · Hire a Security guard to monitor the building and especially around the data center. · Require badge entry as well a 4 digit pin requirements to enter the data center · Require key card as well as 4 digit pin to access terminals and utilize the network on the terminals. In summary, once a security plan has been developed, the key to its effectiveness falls to enforcement and upkeep. Regular training and educating the staff, as well as requiring compliance reviews regularly helps greatly with the overall organization understanding best practices that have been implemented.
Regularly reviewing the health of the organization allows for new vulnerabilities to be discovered to prevent issues from arising in the future. Having specific people assigned responsibilities also takes the burden off a single department preventing a single facet from becoming overworked and thus not able to operate at maximum efficiency, as well as be a starting point when investigating any potential incident that needs reviewing. References: Information Retrieved from Martin, J. A. (2018). What is access control? A key component of data security. What is cloud computing?(n.d.). Retrieved from https://azure.microsoft.com/en-us/overview/what-is-cloud- computing/ 3 Strategic Goals for your Cloud Migration(n.d.). Retrieved from https://www.nexustek.com/blog/3-strategic-goals-for-your- cloud-migration/ Swanson, D. (2006, June 06). Auditing Ethics And Compliance Programs. Retrieved from https://www.complianceweek.com/blogs/dan-swanson/auditing- ethics-and-compliance-programs#.W5HUOehKhPY Srivastava, S. B. (2015). Threat, opportunity, and network interaction in organizations. Social Psychology Quarterly, 78(3), 246-262. doi:10.1177/0190272515596176 Waldo, B. H. (1999). Managing data security: Developing a plan to protect patient data.Nursing Economic, 17(1), 49. https://continuingprofessionaldevelopment.org/risk- management-steps-in-risk-management-process/ https://www.getkisi.com/access-control https://www.sas.com/en_us/insights/data-management/data-
management.html Manage risk Information Retrieved from https://www.infoentrepreneurs.org/en/guides/manage-risk/ Running Head: MESSAGE AUTHENTICATION 1 MESSAGE AUTHENTICATION 5 New England College Vamsi Marimganti Network Security Discussion Robert pizani 3.1 List three approaches to message authentication Message authentication can be referred to as data origin authentication, which entails data integrity. Data integrity requires the fact that there isn't a tempering or alteration of the message. The most commonly used technique to ensuring data integrity is the application of hash function where there is a combination of all the bytes available in the message with the use of a secret key enhancing production of a message digest that is almost impossible to reverse. Message authentication entails a property that there is no modification of message during transit; hence the receiving party can be able to conduct verification of the message source although message authentication doesn't necessitate the inclusion of non- repudiation property. Several functions can be applied in the production of an authenticator which include, hash function, message encryption, and message authentication code (MAC) (National Institute of Standards and Technology, 2017). The approaches are the application of conventional encryption, the use of public-key encryption, and the implementation of a secret value. Conventional encryption entails the transformation of plaintext messages into ciphertext form, which is to undergo decryption by the intended receiver only. Here the message sender and message receiver come to an agreement regarding a
secrete key to be used for the encryption and decryption whereby the secrete key is transmitted generally through public- key methods of encryption. Public key encryption refers to a technique that applies a paired private and public algorithm in securing data communication. Secret values are applied during encryption and decryption (Cramer, 2008). What is a message authentication code? This refers to a short information piece that is applied for message authentication and integrity provision regarding message authenticity assurances. This is also referred to as an authentication technique that entails the application of secret keys in the generation of a small data block, which is consequently applied to the message (National Institute of Standards and Technology, 2017). What properties must a hash function have to be useful for message authentication? A hash function should comprise of various properties to be considered useful for message authentication. These properties include the fact that H application can be to a data block that is of any size, the H function should be able to bring out a fixed length of the projected output, the H(x) should be relatively easy in conducting computation for any established x that comprises both the software and hardware. The application of hash functions should entail implementations practical with an outline h value whereby there is a computational infeasibility in establishing x in that H(x) = h (one-way property). For any established block x, there is a computational infeasibility in developing y≠ x whereby H(y) is equivalent to H(x), which represents a weak resistant collision. There is a computational infeasibility in establishing any (x, y) pair in that H(x) is equivalent H(y) representing a robust, resistant collision (Cramer, 2008). In the context of a hash function, what is a compression function? The compression function based on hash function refers to a single block function for bits available in a hash function
(Aumasson et al., 2014). What are the principal ingredients of a public-key cryptosystem? The primary public-key cryptosystem ingredients include plaintext, which entails information that I unencrypted whose input is on the hold into cryptographic algorithms, which usually is encryption algorithms. Secondly, the encryption algorithm, which is a smart way of ensuring the privacy and security of data. The sender applies Public-keys during encryption while the sender employs private keys during decryption. Ciphertext comprises information that is encrypted and encoded, and lastly, the decryption algorithm which is applied in data specification and critical encryption algorithms used in decryption of the SOAP message (Aumasson et al., 2014). List and briefly define three uses of a public-key cryptosystem. Various uses exist for public-key cryptosystems that include encryption and decryption whereby there is message encryption by the sender basing on the public-key of the recipient. Secondly, digital signature whereby there essential signing of the message by the sender by the application of their private- key. Lastly, key exchange, whereby the two are in collaboration for the exchanging of a session key through, for instance, exchanging private-key for both or one party (National Institute of Standards and Technology, 2017). What is the difference between a private key and a secret key? Various distinctions exist between private and secret keys. The secret key is entirely applied in conventional encryption while they're two keys that are utilized for encryption of public key, which is referred to as a public and private key. Private-key is used in asymmetric encryption, while the secrete key is applied in symmetric encryption (Aumasson et al., 2014). What is a digital signature? This refers to a mechanism technique whereby there is authentication of the message, which ensures that the message originated from the source that it claims to have originated
from. This ensures that the original information content of the intended message isn't changed or altered (Cramer, 2008). References Aumasson, J., Meier, W., Phan, R. C., & Henzen, L. (2014). The hash function BLAKE. Springer.
Cramer, R. (2008). Public key cryptography – PKC 2008: 11th international workshop on practice and theory in public-key cryptography, Barcelona, Spain, March 9-12, 2008, proceedings. Springer Science & Business Media. National Institute of Standards and Technology. (2017). The keyed-hash message authentication code (HMAC). Enterprise Security Plan Running head: ENTERPRISE SECURITY PLAN 1 ENTERPRISE SECURITY PLAN 6 Enterprise Security Plan Enterprise security is a strategy for reducing the risk of unauthorized access to information technology systems and data. It is one the cornerstones of operation and success for our organization, it allows for high availability and reliability of our people, facilities, and information systems. This security plan is to assure that the three information security tenets: availability, integrity and confidentiality (CIA triad) are properly evaluated and implemented. The CIA triad is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.
The goal of this security plan is to ensure that Auburn Regional not only meets regulatory requirements but exceeds them while at the same time ensuring that our organization does not fall victim to vulnerabilities that can be exploited by malicious code or acts of behavior by employees. This enterprise security plan will be the foundation of policy development throughout our organization to be enforced throughout of its entirety. With that being said it should be reviewed and updated on a yearly basis to ensure that Auburn Regional stays current with newly developed and recognized practices Risk Management Of all of the key components that will be covered in this security plan the topic of risk management is the foundation in which we must build upon. Risk management is the forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact. We will apply the risk management plan in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 Managing Information Security Risk. This voluntary Framework consists of standards, guidelines, and best practices to manage cyber security-related risk. The Cyber security framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. It is important that we evaluate what the top 25 risks to the organization that we feel will impact the organization the most and work at identifying a plan of action and milestone program to track the mitigations of all the risks. Our focus will be risk centered on internal, external, theft, cloud computing, social medial and mobile devices. In 2012 a Data Breach Investigations report states: 97% of breaches were avoidable through intermediate controls; 96% of attacks were not highly difficult; and 94% of all data compromised involved servers. Data Management Data management is an administrative process that includes
acquiring, validating, storing, protecting, and processing required data to ensure the accessibility, reliability, and timeliness of the data for its users. Data is the foundation of a business’ information, knowledge, and ultimately the wisdom for correct decisions and actions. If this data is relevant, complete, accurate, meaningful, and actionable, it will help in the growth of the organization. If not, it can prove to be a useless and even harmful asset. By properly managing Auburn Regional’s data we can assure the safety of our customers’ data from internal and external sources. This leads to the next topic for our plan. Data Loss Prevention Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure data and comply with regulations. The DLP term refers to defending organizations against both data loss and data leakage prevention. Data loss refers to an event in which important data is lost to the enterprise, such as in a ransomware attack. Data loss prevention focuses on preventing illicit transfer of data outside organizational boundaries. Many tools can be used to prevent data loss such as firewalls, intrusion detection systems, antivirus software, and security operation systems tooling. Access Controls Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data, access control is a selective restriction of access to data. Authentication and authorization are the two main components of access control. Authentication is a technique used to verify that someone is who they claim to be, authentication isn’t sufficient by itself to protect data. Authorization is whether a user should be allowed to access the data or make the transaction they’re attempting. By properly deploying and managing access controls we can add yet another
layer protection to our information systems further insulating our data. Cloud Technology Cloud computing is a general term for anything that involves delivering hosted services over the Internet. A cloud service has three distinct characteristics that differentiate it from traditional web hosting. It is sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider. Security remains a primary concern for any organization contemplating cloud adoption and even more so with public cloud adoption. Access to public cloud storage and compute resources is guarded by account login credentials and the addition of data encryption and various identity and access management tools has improved security within the public cloud.
References Martin, J. A. (2018, February 05). What is access control? A key component of data security. Retrieved July 8, 2019, from https://www.csoonline.com/article/3251714/what-is-access- control-a-key-component-of-data-security.html The Importance Of Data Management In Companies. (2019, March 12). Retrieved July 8, 2019, from https://www.ringlead.com/blog/the-importance-of-data- management-in-companies/ What is cloud computing? - Definition from WhatIs.com. (n.d.). Retrieved July 8, 2019, from https://searchcloudcomputing.techtarget.com/definition/cloud- computing What is Data Loss Prevention (DLP): Data Leakage Mitigation: Imperva. (n.d.). Retrieved July 8, 2019, from https://www.imperva.com/learn/data-security/data-loss- prevention-dlp/

Recommended

The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Importance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityImportance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityNexlar Security
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 
Employee management-security-controls
Employee management-security-controlsEmployee management-security-controls
Employee management-security-controlsRebecca Jones
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Implementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdf
Implementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdfImplementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdf
Implementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdfBahaa Abdul Hussein
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 

Recommended

The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Importance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityImportance of Access Control System for Your Organization Security
Importance of Access Control System for Your Organization SecurityNexlar Security
 
7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!7 Practices To Safeguard Your Business From Security Breaches!
7 Practices To Safeguard Your Business From Security Breaches!Caroline Johnson
 
Employee management-security-controls
Employee management-security-controlsEmployee management-security-controls
Employee management-security-controlsRebecca Jones
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...abhichowdary16
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practicesamiable_indian
 
Implementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdf
Implementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdfImplementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdf
Implementing Cyber Security for Digital Finance - Bahaa Abdul Hussein .pdfBahaa Abdul Hussein
 
Enterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftEnterprise GRC for PEoplesoft
Enterprise GRC for PEoplesoftAppsian
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Importance of Access Control Systems for Business Security.pdf
Importance of Access Control Systems for Business Security.pdfImportance of Access Control Systems for Business Security.pdf
Importance of Access Control Systems for Business Security.pdfLaurajonath
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptxKinetic Potential
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2ShubhraGoyal4
 
ERP System Security Data Privacy and Governance
ERP System Security Data Privacy and GovernanceERP System Security Data Privacy and Governance
ERP System Security Data Privacy and GovernanceSean Badiru
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdfAliAhmed675993
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityMichael Xevgenis
 
Atha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxAtha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxjaggernaoma
 
Information Security
Information SecurityInformation Security
Information Securitydivyeshkharade
 
. Review the three articles about Inflation that are found below thi.docx
. Review the three articles about Inflation that are found below thi.docx. Review the three articles about Inflation that are found below thi.docx
. Review the three articles about Inflation that are found below thi.docxadkinspaige22
 
.         Find an invertebrate that is endemic to Florida. Endem.docx
.         Find an invertebrate that is endemic to Florida. Endem.docx.         Find an invertebrate that is endemic to Florida. Endem.docx
.         Find an invertebrate that is endemic to Florida. Endem.docxadkinspaige22
 

More Related Content

Similar to Enterprise Se.docx

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxjoellemurphey
 
Importance of Access Control Systems for Business Security.pdf
Importance of Access Control Systems for Business Security.pdfImportance of Access Control Systems for Business Security.pdf
Importance of Access Control Systems for Business Security.pdfLaurajonath
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptxKinetic Potential
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured WorldJennifer Mary
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docxvickeryr87
 
ERP System Security Data Privacy and Governance
ERP System Security Data Privacy and GovernanceERP System Security Data Privacy and Governance
ERP System Security Data Privacy and GovernanceSean Badiru
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael Priyanka Aash
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdfAliAhmed675993
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk ManagementDMIMarketing
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityMichael Xevgenis
 
Atha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxAtha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxjaggernaoma
 

Similar to Enterprise Se.docx (20)

Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
 
Importance of Access Control Systems for Business Security.pdf
Importance of Access Control Systems for Business Security.pdfImportance of Access Control Systems for Business Security.pdf
Importance of Access Control Systems for Business Security.pdf
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
Access Control and Maintenance.pptx
Access Control and Maintenance.pptxAccess Control and Maintenance.pptx
Access Control and Maintenance.pptx
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Security Testing In The Secured World
Security Testing In The Secured WorldSecurity Testing In The Secured World
Security Testing In The Secured World
 
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
1Running Header ORGANIZATIONAL SECURITY 4ORGANIZATIONAL SEC.docx
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
ERP System Security Data Privacy and Governance
ERP System Security Data Privacy and GovernanceERP System Security Data Privacy and Governance
ERP System Security Data Privacy and Governance
 
Proactive information security michael
Proactive information security michael Proactive information security michael
Proactive information security michael
 
Cyber_Management_Issues.pdf
Cyber_Management_Issues.pdfCyber_Management_Issues.pdf
Cyber_Management_Issues.pdf
 
5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management5 Steps to Mobile Risk Management
5 Steps to Mobile Risk Management
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security Background
 
Information security background
Information security backgroundInformation security background
Information security background
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information Security
 
Atha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docxAtha Corporation[Type text]To All EmployeesCC Exec.docx
Atha Corporation[Type text]To All EmployeesCC Exec.docx
 
Information Security
Information SecurityInformation Security
Information Security
 

More from adkinspaige22

. Review the three articles about Inflation that are found below thi.docx
. Review the three articles about Inflation that are found below thi.docx. Review the three articles about Inflation that are found below thi.docx
. Review the three articles about Inflation that are found below thi.docxadkinspaige22
 
.         Find an invertebrate that is endemic to Florida. Endem.docx
.         Find an invertebrate that is endemic to Florida. Endem.docx.         Find an invertebrate that is endemic to Florida. Endem.docx
.         Find an invertebrate that is endemic to Florida. Endem.docxadkinspaige22
 
. Read the Harvard Business Review article  Link3. View this ve.docx
. Read the Harvard Business Review article  Link3. View this ve.docx. Read the Harvard Business Review article  Link3. View this ve.docx
. Read the Harvard Business Review article  Link3. View this ve.docxadkinspaige22
 
. Go to a news site and look at the headlines of several articles. A.docx
. Go to a news site and look at the headlines of several articles. A.docx. Go to a news site and look at the headlines of several articles. A.docx
. Go to a news site and look at the headlines of several articles. A.docxadkinspaige22
 
-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx
-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx
-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docxadkinspaige22
 
-Do the schedule with Activity on Node and also draw the schedule.docx
-Do the schedule with Activity on Node and also draw the schedule.docx-Do the schedule with Activity on Node and also draw the schedule.docx
-Do the schedule with Activity on Node and also draw the schedule.docxadkinspaige22
 
.  Record your initial reaction to the work (suggested length of 1.docx
.  Record your initial reaction to the work (suggested length of 1.docx.  Record your initial reaction to the work (suggested length of 1.docx
.  Record your initial reaction to the work (suggested length of 1.docxadkinspaige22
 
-Describe the existing needs for cost information in healthcare firm.docx
-Describe the existing needs for cost information in healthcare firm.docx-Describe the existing needs for cost information in healthcare firm.docx
-Describe the existing needs for cost information in healthcare firm.docxadkinspaige22
 
--------250 words---------Chapter 18 – According to literatu.docx
--------250 words---------Chapter 18 – According to literatu.docx--------250 words---------Chapter 18 – According to literatu.docx
--------250 words---------Chapter 18 – According to literatu.docxadkinspaige22
 
-Please name the functions of the skeletal system.2-Where are lo.docx
-Please name the functions of the skeletal system.2-Where are lo.docx-Please name the functions of the skeletal system.2-Where are lo.docx
-Please name the functions of the skeletal system.2-Where are lo.docxadkinspaige22
 
-TOPIC= Civil Right Movement and Black Power Movement#St.docx
-TOPIC= Civil Right Movement and Black Power Movement#St.docx-TOPIC= Civil Right Movement and Black Power Movement#St.docx
-TOPIC= Civil Right Movement and Black Power Movement#St.docxadkinspaige22
 
- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx
- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx
- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docxadkinspaige22
 
-What benefits can a diverse workforce provide to an organization.docx
-What benefits can a diverse workforce provide to an organization.docx-What benefits can a diverse workforce provide to an organization.docx
-What benefits can a diverse workforce provide to an organization.docxadkinspaige22
 
-How would you define or describe the American Great Migration m.docx
-How would you define or describe the American Great Migration m.docx-How would you define or describe the American Great Migration m.docx
-How would you define or describe the American Great Migration m.docxadkinspaige22
 
- We learned from our readings that the use of mobile devices in our.docx
- We learned from our readings that the use of mobile devices in our.docx- We learned from our readings that the use of mobile devices in our.docx
- We learned from our readings that the use of mobile devices in our.docxadkinspaige22
 
- Goals (short and long term) and how you developed them; experience.docx
- Goals (short and long term) and how you developed them; experience.docx- Goals (short and long term) and how you developed them; experience.docx
- Goals (short and long term) and how you developed them; experience.docxadkinspaige22
 
- Pick ONE Theme for the 5 short stories (ex setting, character.docx
- Pick ONE Theme for the 5 short stories (ex setting, character.docx- Pick ONE Theme for the 5 short stories (ex setting, character.docx
- Pick ONE Theme for the 5 short stories (ex setting, character.docxadkinspaige22
 
- Briefly summarize the Modernization Theory (discuss all four stage.docx
- Briefly summarize the Modernization Theory (discuss all four stage.docx- Briefly summarize the Modernization Theory (discuss all four stage.docx
- Briefly summarize the Modernization Theory (discuss all four stage.docxadkinspaige22
 
+16159390825Whats app the test online on time .docx
+16159390825Whats app the test online on time .docx+16159390825Whats app the test online on time .docx
+16159390825Whats app the test online on time .docxadkinspaige22
 
(philosophy1. why is mills philosophy closely identified with.docx
(philosophy1. why is mills philosophy closely identified with.docx(philosophy1. why is mills philosophy closely identified with.docx
(philosophy1. why is mills philosophy closely identified with.docxadkinspaige22
 

More from adkinspaige22 (20)

. Review the three articles about Inflation that are found below thi.docx
. Review the three articles about Inflation that are found below thi.docx. Review the three articles about Inflation that are found below thi.docx
. Review the three articles about Inflation that are found below thi.docx
 
.         Find an invertebrate that is endemic to Florida. Endem.docx
.         Find an invertebrate that is endemic to Florida. Endem.docx.         Find an invertebrate that is endemic to Florida. Endem.docx
.         Find an invertebrate that is endemic to Florida. Endem.docx
 
. Read the Harvard Business Review article  Link3. View this ve.docx
. Read the Harvard Business Review article  Link3. View this ve.docx. Read the Harvard Business Review article  Link3. View this ve.docx
. Read the Harvard Business Review article  Link3. View this ve.docx
 
. Go to a news site and look at the headlines of several articles. A.docx
. Go to a news site and look at the headlines of several articles. A.docx. Go to a news site and look at the headlines of several articles. A.docx
. Go to a news site and look at the headlines of several articles. A.docx
 
-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx
-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx
-Describe the Plessy v. Ferguson Supreme Court Case of 1896; how was.docx
 
-Do the schedule with Activity on Node and also draw the schedule.docx
-Do the schedule with Activity on Node and also draw the schedule.docx-Do the schedule with Activity on Node and also draw the schedule.docx
-Do the schedule with Activity on Node and also draw the schedule.docx
 
.  Record your initial reaction to the work (suggested length of 1.docx
.  Record your initial reaction to the work (suggested length of 1.docx.  Record your initial reaction to the work (suggested length of 1.docx
.  Record your initial reaction to the work (suggested length of 1.docx
 
-Describe the existing needs for cost information in healthcare firm.docx
-Describe the existing needs for cost information in healthcare firm.docx-Describe the existing needs for cost information in healthcare firm.docx
-Describe the existing needs for cost information in healthcare firm.docx
 
--------250 words---------Chapter 18 – According to literatu.docx
--------250 words---------Chapter 18 – According to literatu.docx--------250 words---------Chapter 18 – According to literatu.docx
--------250 words---------Chapter 18 – According to literatu.docx
 
-Please name the functions of the skeletal system.2-Where are lo.docx
-Please name the functions of the skeletal system.2-Where are lo.docx-Please name the functions of the skeletal system.2-Where are lo.docx
-Please name the functions of the skeletal system.2-Where are lo.docx
 
-TOPIC= Civil Right Movement and Black Power Movement#St.docx
-TOPIC= Civil Right Movement and Black Power Movement#St.docx-TOPIC= Civil Right Movement and Black Power Movement#St.docx
-TOPIC= Civil Right Movement and Black Power Movement#St.docx
 
- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx
- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx
- Wordcount 500 to 1000 words- Structure Cover, Table of Conte.docx
 
-What benefits can a diverse workforce provide to an organization.docx
-What benefits can a diverse workforce provide to an organization.docx-What benefits can a diverse workforce provide to an organization.docx
-What benefits can a diverse workforce provide to an organization.docx
 
-How would you define or describe the American Great Migration m.docx
-How would you define or describe the American Great Migration m.docx-How would you define or describe the American Great Migration m.docx
-How would you define or describe the American Great Migration m.docx
 
- We learned from our readings that the use of mobile devices in our.docx
- We learned from our readings that the use of mobile devices in our.docx- We learned from our readings that the use of mobile devices in our.docx
- We learned from our readings that the use of mobile devices in our.docx
 
- Goals (short and long term) and how you developed them; experience.docx
- Goals (short and long term) and how you developed them; experience.docx- Goals (short and long term) and how you developed them; experience.docx
- Goals (short and long term) and how you developed them; experience.docx
 
- Pick ONE Theme for the 5 short stories (ex setting, character.docx
- Pick ONE Theme for the 5 short stories (ex setting, character.docx- Pick ONE Theme for the 5 short stories (ex setting, character.docx
- Pick ONE Theme for the 5 short stories (ex setting, character.docx
 
- Briefly summarize the Modernization Theory (discuss all four stage.docx
- Briefly summarize the Modernization Theory (discuss all four stage.docx- Briefly summarize the Modernization Theory (discuss all four stage.docx
- Briefly summarize the Modernization Theory (discuss all four stage.docx
 
+16159390825Whats app the test online on time .docx
+16159390825Whats app the test online on time .docx+16159390825Whats app the test online on time .docx
+16159390825Whats app the test online on time .docx
 
(philosophy1. why is mills philosophy closely identified with.docx
(philosophy1. why is mills philosophy closely identified with.docx(philosophy1. why is mills philosophy closely identified with.docx
(philosophy1. why is mills philosophy closely identified with.docx
 

Recently uploaded

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonJericReyAuditor
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfMahmoud M. Sallam
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 

Recently uploaded (20)

“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Science lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lessonScience lesson Moon for 4th quarter lesson
Science lesson Moon for 4th quarter lesson
 
How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
Pharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdfPharmacognosy Flower 3. Compositae 2023.pdf
Pharmacognosy Flower 3. Compositae 2023.pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 

Enterprise Se.docx

  • 1. Enterprise Security Plan Strategic CMGT 430 Enterprise Security Plan Strategic This enterprise security plan is being created to discuss core principles that can improve the overall enterprise system. Data loss prevention Data damage is a risk that Auburn Regional does not have the luxury of overlooking. Patient data is sensitive and needs to be secured in the most efficient manner possible. Staff members themselves pose the biggest vulnerability because of their access to patient data. There is a plethora of information that is obtained when a person visits a hospital, and staff members
  • 2. have access to the information. Having all the specifics in a patient record not only gives the staff members access to medical data but typically they will also have entrance to social security, contact information, home addresses, employer information. With all this information, staff members can also steal one's identity. Abuse of power is a very huge threat, and the only mitigation is to hire qualified individuals who pass their background checks and are provided policies and procedures to maintain data safety. Access controls Understanding who has access to what locations is mandatory when trying to ensure that a system is secure. Controls like key cards are great tools for access control. Key cards let the company let the employees have access to the building and sometimes different parts of the building. This gives certain people access to different things that way you can have a more secure building. Then also you can monitor who is where within the building, then also who is on what computer too. All of those are to improved security around the projects being work on. Physical access to computers, visitors, and patient records are another vulnerability identified. Physical security is important to the safety of our employees, our data, and has even been shown to improve productivity. With security monitoring data systems and their various entrances, we increase the physical security of our systems and the data that the house. Employees will feel more safe and secure as they enter and exit the building daily and as they move from department to department. There has also been some research that shows that campus-wide surveillance systems increase productivity because when the employees know that their actions may be scrutinized throughout the day then they tend to work harder and more efficiently. Data management 3rd party software has become a common usage today and this
  • 3. may interfere with existing configurations within the organization's systems. The probability and threat are media, and the mitigation strategy can easily be to test software on controlled systems for compliance prior to allowing users to download or use the software. Preventing the use of 3rd party software is another means, but if the software is needed, then the approach to testing prior to allowing the usage is the best mitigation strategy. Risk management The ransomware attack on neighboring systems has led this author to review aspects of potential threats to the Auburn Regional system. The threats that were noticed by the author dealt with one or more of the following attributes, authorization, authentication or roles of certain members of the business. Changes to the authorization and authentication procedures and/or protocols are mandatory for the integrity of the business. Unauthorized users having access to patient data can result in patient distrust and lawsuits. Increased authorization procedures can include but not limited to additional password protection to specific applications. Authorization changes can also include physical deterrents such as key cards. Authentication upgrades can be touchy depending on the size of the business. In a smaller business, authentication updates can mean new picture identification. For a system as large as Auburn Regional, authentication needs to be more detailed. Biometric technology can be implemented for sensitive areas that need access control. Biometrics can also be applied to certain software applications utilized by the staff. Most potential threats within a system are caused by not properly securing access points, whether a desktop or device being left unlocked or weak password protection for those desktops and devices. In smaller businesses, roles may be increased to ensure that all facets are covered to ensure no loss of integrity. In a larger business, roles can be reduced or redefined to remedy any localized issues. Verification is key to keep potential threats at the lowest levels
  • 4. a possible. As stated earlier in the document, biometrics would be the technology that can be implemented to save time, resources and unnecessary data storage. Having all staff members on file in the biometrics system mean that all employees can be assigned or issued a security level. Security levels help to separate sensitive data from restricted users. All recommendations within this document can help with active threats and deter potential threats. There is no way to prepare for all threats but having competent staff can cut risk almost in half. Cloud technology` The cloud allows the company flexibility to have access to data from any location no matter the time or place. Cloud storage requires little to no maintenance while increasing the security of all data that will be stored. Depending on which storage plan that is being offered, the cost for the service of using the cloud will be low. The only drawback to the cloud is the assurance of confidentiality and security. Finally, any software that needs to be implemented within the company can be easily deployed from the cloud with a click of a button. Auburn regional is a small, rural hospital that is part of the College of Georgia (CGA) Medical System. My team and I were asked to review the enterprise security environment at Auburn Regional and make suggestions as to how the hospital system can be better prepared to respond to recent threats that have had an impact on other similar-sized hospitals. Our primary goal is to protect the confidentiality, discretion, reassure, and the integrity and availability of organizational data. Data loss restriction is an approach for securing that end users don't transfer critical or sensitive information outside the enterprise network. · Why is this topic important to Auburn Regional? Data loss prevention is an important topic at Auburn regional because patient data is sensitive and needs to be secured. The Patients' rights act and HIPAA both state-specific protections of Patient
  • 5. information and a breach in the hospital's systems will lead to a violation of these rights. · What is the desired outcome to this effort? We hope to put a plan in place that will protect the hospital's security against intrusion and/or hackers. · What is the specific strategic objective? Hiring qualified security personnel and conducting thorough background checks on all employees. · What will be the benefits of this effort? The benefits of data loss prevention are preventing data loss. Simply put! · What will be done to meet this objective? My team will identify the weak points in our security and implement ways to prevent breaches. Background checks, heightened security, audits, and quarterly security training courses for all employees. Access controls validate and allow individuals to obtain the information they are permitted to inspect and use. There are 3 sorts of access controls. Mandatory, Discretionary, and Role- based. According to (Martin, 2018), Discretionary Access Control is a kind of access control method that handles the company owner accountable for determining which people are permitted in digitally or physically and special location. Mandatory Access Control is regularly employed in an enterprise that demands a high accent on the classification and confidentiality of data. Role-based AC path is designated by the framework controller and is strictly supported on the subject's part within the organization or household and most possibilities are based on the controls determined by their position obligations. · Why is this topic important to Auburn Regional? Access controls are important to Auburn regional because it helps dictate the level of access an employee can get. Access controls also help effectively protect the company's data. The controls make sure users are who they say they are and are not given more access than required to do their job
  • 6. · What is the desired outcome to this effort? With the implementation of access controls. Auburn regional should be able to manage the level of access given to employees and ultimately make the company more secure! · What is the specific strategic objective? Implementing one of the 3 access control methods where required. · What will be the benefits of this effort? A more secure infrastructure. · What will be done to meet this objective? Our team will implement a role-based or team-based access model on a small focus group of employees from various departments. We will then deploy this model to all employees once testing is deemed successful. Avoidance, mitigation, transfer, and acceptance are among the common types of risk management techniques. According to info-entrepreneurs, Risk control is the method of using techniques, tools, and processes, for handling certain hazards. Risk management is important to Auburn regional is important because it explains strategies of managing risks. · What is the desired outcome to this effort? Managing risks at Auburn Regional. · What is the specific strategic objective? Identifying, quantifying, and decreasing any uncertainty that concerns or is integrated into a company's establishment, objectives, and tactics accomplishment. · What will be the benefits of this effort? Identifying potential issues before they arise · What will be done to meet this objective? Create a risk management plan, analyzing and identifying risks. Cloud technology is the distribution of computing databases, co-operation—servers, storehouse, software, networking, analytics, knowledge and further—over the Internet ("the cloud") to offer high-speed variation, economies of range and manageable resources. What Is Cloud Computing? Cloud technology is important to Auburn regional. The
  • 7. implementation of cloud computing will increase net income while decreasing the charges. Charges will decrease because equipment and personnel needs will decrease. This will alleviate some of the pressure on the small IT team and allow enable to the opportunity to work on other time-intensive IT related issues like software upgrades. · What is the desired outcome to this effort? To have all data stored in the cloud with a reputable, economically priced CSP. We also hope to see profit increases within the company. · What is the specific strategic objective? Scalability is the first strategic objective. The short-term cost benefits are appealing as Auburn regional currently wastes revenue due to lack of efficiency and resources. · What will be done to meet this objective? Auburn regional will use Azure services as their cloud provider. According to Microsoft Azura, you normally pay only for cloud services you use, maintaining moderate your operating expenses, run your foundation more efficiently, and scale as your enterprise requires change. Recommendations: · Install antivirus and keep computer software patched. · Create a change management Plan. · Move data to the cloud · Create a Security Enterprise system · Require Token and VPN access for all external vendors · Hire a Security guard to monitor the building and especially around the data center. · Require badge entry as well a 4 digit pin requirements to enter the data center · Require key card as well as 4 digit pin to access terminals and utilize the network on the terminals. In summary, once a security plan has been developed, the key to its effectiveness falls to enforcement and upkeep. Regular training and educating the staff, as well as requiring compliance reviews regularly helps greatly with the overall organization understanding best practices that have been implemented.
  • 8. Regularly reviewing the health of the organization allows for new vulnerabilities to be discovered to prevent issues from arising in the future. Having specific people assigned responsibilities also takes the burden off a single department preventing a single facet from becoming overworked and thus not able to operate at maximum efficiency, as well as be a starting point when investigating any potential incident that needs reviewing. References: Information Retrieved from Martin, J. A. (2018). What is access control? A key component of data security. What is cloud computing?(n.d.). Retrieved from https://azure.microsoft.com/en-us/overview/what-is-cloud- computing/ 3 Strategic Goals for your Cloud Migration(n.d.). Retrieved from https://www.nexustek.com/blog/3-strategic-goals-for-your- cloud-migration/ Swanson, D. (2006, June 06). Auditing Ethics And Compliance Programs. Retrieved from https://www.complianceweek.com/blogs/dan-swanson/auditing- ethics-and-compliance-programs#.W5HUOehKhPY Srivastava, S. B. (2015). Threat, opportunity, and network interaction in organizations. Social Psychology Quarterly, 78(3), 246-262. doi:10.1177/0190272515596176 Waldo, B. H. (1999). Managing data security: Developing a plan to protect patient data.Nursing Economic, 17(1), 49. https://continuingprofessionaldevelopment.org/risk- management-steps-in-risk-management-process/ https://www.getkisi.com/access-control https://www.sas.com/en_us/insights/data-management/data-
  • 9. management.html Manage risk Information Retrieved from https://www.infoentrepreneurs.org/en/guides/manage-risk/ Running Head: MESSAGE AUTHENTICATION 1 MESSAGE AUTHENTICATION 5 New England College Vamsi Marimganti Network Security Discussion Robert pizani 3.1 List three approaches to message authentication Message authentication can be referred to as data origin authentication, which entails data integrity. Data integrity requires the fact that there isn't a tempering or alteration of the message. The most commonly used technique to ensuring data integrity is the application of hash function where there is a combination of all the bytes available in the message with the use of a secret key enhancing production of a message digest that is almost impossible to reverse. Message authentication entails a property that there is no modification of message during transit; hence the receiving party can be able to conduct verification of the message source although message authentication doesn't necessitate the inclusion of non- repudiation property. Several functions can be applied in the production of an authenticator which include, hash function, message encryption, and message authentication code (MAC) (National Institute of Standards and Technology, 2017). The approaches are the application of conventional encryption, the use of public-key encryption, and the implementation of a secret value. Conventional encryption entails the transformation of plaintext messages into ciphertext form, which is to undergo decryption by the intended receiver only. Here the message sender and message receiver come to an agreement regarding a
  • 10. secrete key to be used for the encryption and decryption whereby the secrete key is transmitted generally through public- key methods of encryption. Public key encryption refers to a technique that applies a paired private and public algorithm in securing data communication. Secret values are applied during encryption and decryption (Cramer, 2008). What is a message authentication code? This refers to a short information piece that is applied for message authentication and integrity provision regarding message authenticity assurances. This is also referred to as an authentication technique that entails the application of secret keys in the generation of a small data block, which is consequently applied to the message (National Institute of Standards and Technology, 2017). What properties must a hash function have to be useful for message authentication? A hash function should comprise of various properties to be considered useful for message authentication. These properties include the fact that H application can be to a data block that is of any size, the H function should be able to bring out a fixed length of the projected output, the H(x) should be relatively easy in conducting computation for any established x that comprises both the software and hardware. The application of hash functions should entail implementations practical with an outline h value whereby there is a computational infeasibility in establishing x in that H(x) = h (one-way property). For any established block x, there is a computational infeasibility in developing y≠ x whereby H(y) is equivalent to H(x), which represents a weak resistant collision. There is a computational infeasibility in establishing any (x, y) pair in that H(x) is equivalent H(y) representing a robust, resistant collision (Cramer, 2008). In the context of a hash function, what is a compression function? The compression function based on hash function refers to a single block function for bits available in a hash function
  • 11. (Aumasson et al., 2014). What are the principal ingredients of a public-key cryptosystem? The primary public-key cryptosystem ingredients include plaintext, which entails information that I unencrypted whose input is on the hold into cryptographic algorithms, which usually is encryption algorithms. Secondly, the encryption algorithm, which is a smart way of ensuring the privacy and security of data. The sender applies Public-keys during encryption while the sender employs private keys during decryption. Ciphertext comprises information that is encrypted and encoded, and lastly, the decryption algorithm which is applied in data specification and critical encryption algorithms used in decryption of the SOAP message (Aumasson et al., 2014). List and briefly define three uses of a public-key cryptosystem. Various uses exist for public-key cryptosystems that include encryption and decryption whereby there is message encryption by the sender basing on the public-key of the recipient. Secondly, digital signature whereby there essential signing of the message by the sender by the application of their private- key. Lastly, key exchange, whereby the two are in collaboration for the exchanging of a session key through, for instance, exchanging private-key for both or one party (National Institute of Standards and Technology, 2017). What is the difference between a private key and a secret key? Various distinctions exist between private and secret keys. The secret key is entirely applied in conventional encryption while they're two keys that are utilized for encryption of public key, which is referred to as a public and private key. Private-key is used in asymmetric encryption, while the secrete key is applied in symmetric encryption (Aumasson et al., 2014). What is a digital signature? This refers to a mechanism technique whereby there is authentication of the message, which ensures that the message originated from the source that it claims to have originated
  • 12. from. This ensures that the original information content of the intended message isn't changed or altered (Cramer, 2008). References Aumasson, J., Meier, W., Phan, R. C., & Henzen, L. (2014). The hash function BLAKE. Springer.
  • 13. Cramer, R. (2008). Public key cryptography – PKC 2008: 11th international workshop on practice and theory in public-key cryptography, Barcelona, Spain, March 9-12, 2008, proceedings. Springer Science & Business Media. National Institute of Standards and Technology. (2017). The keyed-hash message authentication code (HMAC). Enterprise Security Plan Running head: ENTERPRISE SECURITY PLAN 1 ENTERPRISE SECURITY PLAN 6 Enterprise Security Plan Enterprise security is a strategy for reducing the risk of unauthorized access to information technology systems and data. It is one the cornerstones of operation and success for our organization, it allows for high availability and reliability of our people, facilities, and information systems. This security plan is to assure that the three information security tenets: availability, integrity and confidentiality (CIA triad) are properly evaluated and implemented. The CIA triad is a model designed to guide policies for information security within an organization. The elements of the triad are considered the three most crucial components of security.
  • 14. The goal of this security plan is to ensure that Auburn Regional not only meets regulatory requirements but exceeds them while at the same time ensuring that our organization does not fall victim to vulnerabilities that can be exploited by malicious code or acts of behavior by employees. This enterprise security plan will be the foundation of policy development throughout our organization to be enforced throughout of its entirety. With that being said it should be reviewed and updated on a yearly basis to ensure that Auburn Regional stays current with newly developed and recognized practices Risk Management Of all of the key components that will be covered in this security plan the topic of risk management is the foundation in which we must build upon. Risk management is the forecasting and evaluation of financial risks together with the identification of procedures to avoid or minimize their impact. We will apply the risk management plan in accordance with National Institute of Standards and Technology (NIST) Special Publication (SP) 800-39 Managing Information Security Risk. This voluntary Framework consists of standards, guidelines, and best practices to manage cyber security-related risk. The Cyber security framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security. It is important that we evaluate what the top 25 risks to the organization that we feel will impact the organization the most and work at identifying a plan of action and milestone program to track the mitigations of all the risks. Our focus will be risk centered on internal, external, theft, cloud computing, social medial and mobile devices. In 2012 a Data Breach Investigations report states: 97% of breaches were avoidable through intermediate controls; 96% of attacks were not highly difficult; and 94% of all data compromised involved servers. Data Management Data management is an administrative process that includes
  • 15. acquiring, validating, storing, protecting, and processing required data to ensure the accessibility, reliability, and timeliness of the data for its users. Data is the foundation of a business’ information, knowledge, and ultimately the wisdom for correct decisions and actions. If this data is relevant, complete, accurate, meaningful, and actionable, it will help in the growth of the organization. If not, it can prove to be a useless and even harmful asset. By properly managing Auburn Regional’s data we can assure the safety of our customers’ data from internal and external sources. This leads to the next topic for our plan. Data Loss Prevention Data Loss Prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data. Organizations use DLP to protect and secure data and comply with regulations. The DLP term refers to defending organizations against both data loss and data leakage prevention. Data loss refers to an event in which important data is lost to the enterprise, such as in a ransomware attack. Data loss prevention focuses on preventing illicit transfer of data outside organizational boundaries. Many tools can be used to prevent data loss such as firewalls, intrusion detection systems, antivirus software, and security operation systems tooling. Access Controls Access control is a method of guaranteeing that users are who they say they are and that they have the appropriate access to company data, access control is a selective restriction of access to data. Authentication and authorization are the two main components of access control. Authentication is a technique used to verify that someone is who they claim to be, authentication isn’t sufficient by itself to protect data. Authorization is whether a user should be allowed to access the data or make the transaction they’re attempting. By properly deploying and managing access controls we can add yet another
  • 16. layer protection to our information systems further insulating our data. Cloud Technology Cloud computing is a general term for anything that involves delivering hosted services over the Internet. A cloud service has three distinct characteristics that differentiate it from traditional web hosting. It is sold on demand, typically by the minute or the hour; it is elastic -- a user can have as much or as little of a service as they want at any given time; and the service is fully managed by the provider. Security remains a primary concern for any organization contemplating cloud adoption and even more so with public cloud adoption. Access to public cloud storage and compute resources is guarded by account login credentials and the addition of data encryption and various identity and access management tools has improved security within the public cloud.
  • 17. References Martin, J. A. (2018, February 05). What is access control? A key component of data security. Retrieved July 8, 2019, from https://www.csoonline.com/article/3251714/what-is-access- control-a-key-component-of-data-security.html The Importance Of Data Management In Companies. (2019, March 12). Retrieved July 8, 2019, from https://www.ringlead.com/blog/the-importance-of-data- management-in-companies/ What is cloud computing? - Definition from WhatIs.com. (n.d.). Retrieved July 8, 2019, from https://searchcloudcomputing.techtarget.com/definition/cloud- computing What is Data Loss Prevention (DLP): Data Leakage Mitigation: Imperva. (n.d.). Retrieved July 8, 2019, from https://www.imperva.com/learn/data-security/data-loss- prevention-dlp/