SlideShare a Scribd company logo

Describe two methods for communicating the material in an Informatio.pdf

A
archgeetsenterprises

Describe two methods for communicating the material in an Information Security policy to the staff of an organization. What are the strengths and weaknesses of each? Solution Information security means protecting information (data) and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Information Security management is a process of defining the security controls in order to protect the information assets. Security Program The first action of a management program to implement information security is to have a security program in place. Though some argue the first act would be to gain some real \"proof of concept\" and \"explainable thru display on the monitor screen\" security knowledge. Start with maybe understanding where OS passwords are stored within the code inside a file within a directory. If you don\'t understand Operating Systems at the root directory level maybe you should seek out advice from somebody who does before even beginning to implement security program management and objectives. Security Program Objectives · Protect the company and its assets. · Manage Risks by Identifying assets, discovering threats and estimating the risk · Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines · Information Classification · Security Organization and · Security Education Security Management Responsibilities · Determining objectives, scope, policies,re expected to be accomplished from a security program · Evaluate business objectives, security risks, user productivity, and functionality requirements. · Define steps to ensure that all the above are accounted for and properly addressed Approaches to Build a Security Program · Top-Down Approach · The initiation, support, and direction comes from the top management and work their way through middle management and then to staff members. · Treated as the best approach but seems to based on the I get paid more therefor I must know more about everything type of mentality. · Ensures that the senior management who are ultimately responsible for protecting the company assets is driving the program. · Bottom-Up Approach · The lower-end team comes up with a security control or a program without proper management support and direction. · It is oft considered less effective and doomed to fail for the same flaw in thinking as above; I get paid more therefor I must know more about everything. Since advancement is directly tied to how well you can convince others, who often fall outside of your of job duties and department, as to your higher value to the company as stated by your own effective written communication this leads to amazing resume writers and take no blame style of email responses that seems to definitely lead to the eventual failure of company\'s standards and actual knowledge. It is often covered up by relationships which form at the power levels within any gr.

Education
1 of 11
Download to read offline
Describe two methods for communicating the material in an Information Security policy to the staff of an organization. What are the strengths and weaknesses of each? Solution Information security means protecting information (data) and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Information Security management is a process of defining the security controls in order to protect the information assets. Security Program The first action of a management program to implement information security is to have a security program in place. Though some argue the first act would be to gain some real "proof of concept" and "explainable thru display on the monitor screen" security knowledge. Start with maybe understanding where OS passwords are stored within the code inside a file within a directory. If you don't understand Operating Systems at the root directory level maybe you should seek out advice from somebody who does before even beginning to implement security program management and objectives. Security Program Objectives · Protect the company and its assets. · Manage Risks by Identifying assets, discovering threats and estimating the risk · Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines · Information Classification · Security Organization and · Security Education Security Management Responsibilities · Determining objectives, scope, policies,re expected to be accomplished from a security program · Evaluate business objectives, security risks, user productivity, and functionality requirements. · Define steps to ensure that all the above are accounted for and properly addressed Approaches to Build a Security Program · Top-Down Approach · The initiation, support, and direction comes from the top management and work their way through middle management and then to staff members.
· Treated as the best approach but seems to based on the I get paid more therefor I must know more about everything type of mentality. · Ensures that the senior management who are ultimately responsible for protecting the company assets is driving the program. · Bottom-Up Approach · The lower-end team comes up with a security control or a program without proper management support and direction. · It is oft considered less effective and doomed to fail for the same flaw in thinking as above; I get paid more therefor I must know more about everything. Since advancement is directly tied to how well you can convince others, who often fall outside of your of job duties and department, as to your higher value to the company as stated by your own effective written communication this leads to amazing resume writers and take no blame style of email responses that seems to definitely lead to the eventual failure of company's standards and actual knowledge. It is often covered up by relationships which form at the power levels within any group of people and those who are considered so-called experts having no real idea what is really involved under the hood of the reports/applications they use and no proof presented in emails written when self declared claims of their expertise is made or blame is to be put on another. Security Controls Security Controls can be classified into three categories Administrative Controls which include · Developing and publishing of policies, standards, procedures, and guidelines. · Screening of personnel. · Conducting security-awareness training and · Implementing change control procedures. Technical or Logical Controls which include · Implementing and maintaining access control mechanisms. · Password and resource management. · Identification and authentication methods · Security devices and · Configuration of the infrastructure. Physical Controls which include · Controlling individual access into the facility and different departments · Locking systems and removing unnecessary floppy or CD-ROM drives · Protecting the perimeter of the facility · Monitoring for intrusion and
· Environmental controls. Security Note: It is the responsibility of the information owner (usually a Sr. executive within the management group or head of a specific dept) to protect the data and is the due care (liable by the court of law) for any kind of negligence The Elements of Security Vulnerability · It is a software, hardware, or procedural weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment. · Vulnerability characterizes the absence or weakness of a safeguard that could be exploited. · E.g.: a service running on a server, unpatched applications or operating system software, unrestricted modem dial-in access, an open port on a firewall, lack of physical security etc. Threat · Any potential danger to information or systems. · A threat is a possibility that someone (person, s/w) would identify and exploit the vulnerability. · The entity that takes advantage of vulnerability is referred to as a threat agent. E.g.: A threat agent could be an intruder accessing the network through a port on the firewall Risk · Risk is the likelihood of a threat agent taking advantage of vulnerability and the corresponding business impact. · Reducing vulnerability and/or threat reduces the risk. · E.g.: If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method. Exposure · An exposure is an instance of being exposed to losses from a threat agent. · Vulnerability exposes an organization to possible damages. · E.g.:If password management is weak and password rules are not enforced, the company is exposed to the possibility of having users' passwords captured and used in an unauthorized manner. Countermeasure or Safeguard · It is an application or a s/w configuration or h/w or a procedure that mitigates the risk. · E.g.: strong password management, a security guard, access control mechanisms within an operating system, the implementation of basic input/output system (BIOS) passwords, and security-awareness training.
The Relation Between the Security Elements · Example: If a company has antivirus software but does not keep the virus signatures up- to-date, this is vulnerability. The company is vulnerable to virus attacks. · The threat is that a virus will show up in the environment and disrupt productivity. · The likelihood of a virus showing up in the environment and causing damage is the risk. · If a virus infiltrates the company's environment, then vulnerability has been exploited and the company is exposed to loss. · The countermeasures in this situation are to update the signatures and install the antivirus software on all computers Threat Agent gives rise to Threat exploits Vulnerability leads to Risk can damage Assets and causes an Exposure can be counter measured by Safeguard directly effects Threat Agent Alternative Description: A threat agent causes the realisation of a threat by exploiting a vulnerability. The measurement of the extent that this exploitation causes damage is the exposure. The organisational loss created within the exposure is the impact. Risk is the probability that a threat event will generate loss and be realised within the organisation. Example: · Target: A bank contains money. · Threat: There are individuals who want, or need, additional money. · Vulnerability: The bank uses software that has a security flaw. · Exposure: 20% of the bank's assets are affected by this flaw. · Exploit: By running a small snippet of code (malware), the software can be accessed illegally. · Threat Agent: There are hackers who have learned how to use this malware to control the bank's software. · Exploitation: The hackers access the software using the malware and steal money. · Impact: The bank loses monetary assets, reputation, and future business. · Risk: The likelihood that a hacker will exploit the bank's software vulnerability and impact the bank's reputation and monetary resources. Core Information Security Principles The three fundamental principles of security are availability, integrity, and confidentiality and are commonly referred to as CIA or AIC triad which also form the main objective of any security program. The level of security required to accomplish these principles differs per company, because each has its own unique combination of business and security goals and requirements.
All security controls, mechanisms, and safeguards are implemented to provide one or more of these principles. All risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the AIC principles Confidentiality · Ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted and once it reaches its destination. · Threat sources · Network Monitoring · Shoulder Surfing- monitoring key strokes or screen · Stealing password files · Social Engineering- one person posing as the actual · Countermeasures · Encrypting data as it is stored and transmitted. · By using network padding · Implementing strict access control mechanisms and data classification · Training personnel on proper procedures. Integrity · Integrity of data is protected when the assurance of accuracy and reliability of information and system is provided, and unauthorized modification is prevented. · Threat sources · Viruses · Logic Bombs · Backdoors · Countermeasures · Strict Access Control · Intrusion Detection · Hashing Availability · Availability ensures reliability and timely access to data and resources to authorized individuals. · Threat sources · Device or software failure. · Environmental issues like heat, cold, humidity, static electricity, and contaminants can
also affect system availability. · Denial-of-service (DoS) attacks · Countermeasures · Maintaining backups to replace the failed system · IDS to monitor the network traffic and host system activities · Use of certain firewall and router configurations Information Security Management Governance Security Governance Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly. Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management. Security Policies, Procedures, Standards, Guidelines, and Baselines Policies A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A well designed policy addresses: 1. . What is being secured? - Typically an asset. 2. . Who is expected to comply with the policy? - Typically employees. 3. . Where is the vulnerability, threat or risk? - Typically an issue of integrity or responsibility. Types of Policies · Regulatory: This type of policy ensures that the organization is following standards set by specific industry regulations. This policy type is very detailed and specific to a type of industry. This is used in financial institutions, health care facilities, public utilities, and other government- regulated industries. E.g.: TRAI. · Advisory: This type of policy strongly advises employees regarding which types of behaviors and activities should and should not take place within the organization. It also outlines possible ramifications if employees do not comply with the established behaviors and activities. This policy type can be used, for example, to describe how to handle medical information, handle financial transactions, or process confidential information. · Informative: This type of policy informs employees of certain topics. It is not an enforceable policy, but rather one to teach individuals about specific issues relevant to the company. It could explain how the company interacts with partners, the company's goals and mission, and a general reporting structure in different situations.
Types of Security Policies · Organizational · Management establishes how a security program will be set up, lays out the program's goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out. · Provides scope and direction for all future security activities within the organization. · This policy must address relative laws, regulations, and liability issues and how they are to be satisfied. · It also describes the amount of risk senior management is willing to accept. · Characteristics · Business objectives should drive the policy's creation, implementation, and enforcement. The policy should not dictate business objectives. · It should be an easily understood document that is used as a reference point for all employees and management. · It should be developed and used to integrate security into all business functions and processes. · It should be derived from and support all legislation and regulation applicable to the company. · It should be reviewed and modified as a company changes, such as through adoption of a new business model, merger with another company, or change of ownership. · Each iteration of the policy should be dated and under version control. · The units and individuals who are governed by the policy must have access to the applicable portions and not be expected to have to read all policy material to find direction and answers · Issue-specific · Addresses specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply with these security issues · E.g.: An e-mail policy might state that management can read any employee's e-mail messages that reside on the mail server, but not when they reside on the user's workstation · System-specific · Presents the management's decisions that are specific to the actual computers, networks, applications, and data. · This type of policy may provide an approved software list, which contains a list of applications that may be installed on individual workstations. · E.g.: This policy may describe how databases are to be used and protected, how
computers are to be locked down, and how firewalls, IDSs, and scanners are to be employed. Standards · Standards refer to mandatory activities, actions, rules, or regulations. · Standards can give a policy its support and reinforcement in direction. · Standards could be internal, or externally mandated (government laws and regulations). Procedures · Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. · E.g.: we can write procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more. · Procedures are considered the lowest level in the policy chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues. · Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. · If a policy states that all individuals who access confidential information must be properly authenticated, the supporting procedures will explain the steps for this to happen by defining the access criteria for authorization, how access control mechanisms are implemented and configured, and how access activities are audited Baselines · A baseline can refer to a point in time that is used as a comparison for future changes. Once risks have been mitigated, and security put in place, a baseline is formally reviewed and agreed upon, after which all further comparisons and development are measured against it. · A baseline results in a consistent reference point. · Baselines are also used to define the minimum level of protection that is required. · In security, specific baselines can be defined per system type, which indicates the necessary settings and the level of protection that is being provided. For example, a company may stipulate that all accounting systems must meet an Evaluation Assurance Level (EAL) 4 baseline. Security Note : Baselines that are not technology-oriented should be created and enforced within organizations as well. For example, a company can mandate that all employees must have a badge with a picture ID in view while in the facility at all times. It can also state that visitors must sign in at a front desk and be escorted while in the facility.
If these are followed, then this creates a baseline of protection. Guidelines · Guidelines are recommended actions and operational guides to users, IT staff, operations staff, and others when a specific standard does not apply. · Guidelines can deal with the methodologies of technology, personnel, or physical security. Putting It All Together · A policy might state that access to confidential data must be audited. A supporting guideline could further explain that audits should contain sufficient information to allow for reconciliation with prior reviews. Supporting procedures would outline the necessary steps to configure, implement, and maintain this type of auditing. · policies are strategical(long term) while standards, guidelines and procedures are tactical(medium term). Organizational Security Models Some of the best practices that facilitate the implementation of security controls include Control Objectives for Information and Related Technology (COBIT), ISO/IEC 17799/BS 7799, Information Technology Infrastructure Library (ITIL), and Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE). COSO Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. Its major objective is to identify the factors that cause fraudulent financial reporting and to make recommendations to reduce its incidence. COSO has established a common definition of internal controls, standards, and criteria against which companies and organizations can assess their control systems. Key concepts of the COSO framework · Internal control is a process. It is a means to an end, not an end in itself. · Internal control is affected by people. It’s not merely policy manuals and forms, but people at every level of an organization. · Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and board. · Internal control is geared to the achievement of objectives in one or more separate but overlapping categories. The COSO framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: · Effectiveness and efficiency of operations
· Reliability of financial reporting · Compliance with applicable laws and regulations. COSO Internal Control Framework: the five components According to the COSO framework, internal control consists of five interrelated components. These components provide an effective framework for describing and analyzing the internal control system implemented in an organization. The five components are the following: · Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization. · Risk assessment: Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives and thus risk assessment is the identification and analysis of relevant risks to achievement of assigned objectives. Risk assessment is a prerequisite for determining how the risks should be managed. · Control activities: Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and Separation of duties/segregation of duties. · Information and communication: Information systems play a key role in internal control systems as they produce reports, including operational, financial and compliance-related information, that make it possible to run and control the business. In a broader sense, effective communication must ensure information flows down, across and up the organization. Effective communication should also be ensured with external parties, such as customers, suppliers, regulators and shareholders. · Monitoring: Internal control systems need to be monitored--a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities or separate evaluations. Internal control deficiencies detected through these monitoring activities should be reported upstream and corrective actions should be taken to ensure continuous improvement of the system. ITIL The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations. ITIL is published in a series of books, each of which cover an IT management topic
Overview and Benefits ITIL provides a systematic and professional approach to the management of IT service provision. Adopting its guidance offers users a huge range of benefits that include: · reduced costs; · improved IT services through the use of proven best practice processes; · improved customer satisfaction through a more professional approach to service delivery; · standards and guidance; · improved productivity; · improved use of skills and experience; and · improved delivery of third party services through the specification of IT

Recommended

Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfkelyn Technology
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxSameenafathima4
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 

Recommended

Protecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfProtecting the Portals - Strengthening Data Security.pdf
Protecting the Portals - Strengthening Data Security.pdfkelyn Technology
 
Information Security Background
Information Security BackgroundInformation Security Background
Information Security BackgroundNicholas Davis
 
Information security background
Information security backgroundInformation security background
Information security backgroundNicholas Davis
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
CLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxCLOUD COMPUTING.pptx
CLOUD COMPUTING.pptxSameenafathima4
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxdotco
 
Security & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxSecurity & Risk Mgmt_WK1.pptx
Security & Risk Mgmt_WK1.pptxTechnocracy2
 
Cyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxCyber-Security-Unit-1.pptx
Cyber-Security-Unit-1.pptxTikdiPatel
 
Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Presentation1 A.pptx
Presentation1 A.pptxPresentation1 A.pptx
Presentation1 A.pptxRabinBidari
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Website security
Website securityWebsite security
Website securityRIPPER95
 
Network Security
Network SecurityNetwork Security
Network SecurityUnited Nations Development Program
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
The Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfThe Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfuzair
 
introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)Scode Network Institute
 
introduction of ethical hacking. ppt
introduction of ethical hacking. pptintroduction of ethical hacking. ppt
introduction of ethical hacking. pptScode Network Institute
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docxyoroflowproduct
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 
Need to revise working code below,A good design means the applicat.pdf
Need to revise working code below,A good design means the applicat.pdfNeed to revise working code below,A good design means the applicat.pdf
Need to revise working code below,A good design means the applicat.pdfarchgeetsenterprises
 
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdfMolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdfarchgeetsenterprises
 

More Related Content

Similar to Describe two methods for communicating the material in an Informatio.pdf

Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentationAlan Holyoke
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptxPiyush Jain
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...Precise Testing Solution
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security madunix
 
Presentation1 A.pptx
Presentation1 A.pptxPresentation1 A.pptx
Presentation1 A.pptxRabinBidari
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxwkyra78
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Richard Lawson
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
Website security
Website securityWebsite security
Website securityRIPPER95
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operationsPiyush Jain
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4Rodrigo Piovesana
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoMark John Lado, MIT
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills
 
The Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfThe Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfuzair
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docxyoroflowproduct
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Riskphanleson
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROLshinydey
 

Similar to Describe two methods for communicating the material in an Informatio.pdf (20)

Phi 235 social media security users guide presentation
Phi 235 social media security users guide presentationPhi 235 social media security users guide presentation
Phi 235 social media security users guide presentation
 
Understanding security operation.pptx
Understanding security operation.pptxUnderstanding security operation.pptx
Understanding security operation.pptx
 
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
The Three Major Goals of Cybersecurity for Business Organizations-precise tes...
 
Fundamentals of-information-security
Fundamentals of-information-security Fundamentals of-information-security
Fundamentals of-information-security
 
Presentation1 A.pptx
Presentation1 A.pptxPresentation1 A.pptx
Presentation1 A.pptx
 
Project Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docxProject Quality-SIPOCSelect a process of your choice and creat.docx
Project Quality-SIPOCSelect a process of your choice and creat.docx
 
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
Empowering Employees for Cyber Resilience: A Guide to Strengthening Your Orga...
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security Basics
 
Website security
Website securityWebsite security
Website security
 
Network Security
Network SecurityNetwork Security
Network Security
 
Security architecture, engineering and operations
Security architecture, engineering and operationsSecurity architecture, engineering and operations
Security architecture, engineering and operations
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
IT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John LadoIT Security and Management - Semi Finals by Mark John Lado
IT Security and Management - Semi Finals by Mark John Lado
 
Vskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample MaterialVskills Certified Network Security Professional Sample Material
Vskills Certified Network Security Professional Sample Material
 
The Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdfThe Risks of Horizontal Privilege Escalation.pdf
The Risks of Horizontal Privilege Escalation.pdf
 
introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)introduction of ethical hacking. (ppt)
introduction of ethical hacking. (ppt)
 
introduction of ethical hacking. ppt
introduction of ethical hacking. pptintroduction of ethical hacking. ppt
introduction of ethical hacking. ppt
 
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
10 Ways For Mitigating Cybersecurity Risks In Project Management.docx
 
Ch07 Managing Risk
Ch07 Managing RiskCh07 Managing Risk
Ch07 Managing Risk
 
SECURITY AND CONTROL
SECURITY AND CONTROLSECURITY AND CONTROL
SECURITY AND CONTROL
 

More from archgeetsenterprises

Need to revise working code below,A good design means the applicat.pdf
Need to revise working code below,A good design means the applicat.pdfNeed to revise working code below,A good design means the applicat.pdf
Need to revise working code below,A good design means the applicat.pdfarchgeetsenterprises
 
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdfMolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdfarchgeetsenterprises
 
Match the directional term with its Correct ipsilateral media in.pdf
Match the directional term with its Correct ipsilateral media in.pdfMatch the directional term with its Correct ipsilateral media in.pdf
Match the directional term with its Correct ipsilateral media in.pdfarchgeetsenterprises
 
LithiumA. has a very narrow therapeutic range.B. completely cro.pdf
LithiumA. has a very narrow therapeutic range.B. completely cro.pdfLithiumA. has a very narrow therapeutic range.B. completely cro.pdf
LithiumA. has a very narrow therapeutic range.B. completely cro.pdfarchgeetsenterprises
 
Let Z be the group of all integers under the operation of addition. E.pdf
Let Z be the group of all integers under the operation of addition. E.pdfLet Z be the group of all integers under the operation of addition. E.pdf
Let Z be the group of all integers under the operation of addition. E.pdfarchgeetsenterprises
 
In the United States today, nearly all of our electricity isproduc.pdf
In the United States today, nearly all of our electricity isproduc.pdfIn the United States today, nearly all of our electricity isproduc.pdf
In the United States today, nearly all of our electricity isproduc.pdfarchgeetsenterprises
 
In a radio link is required to send digital voice at 4800bps,but can.pdf
In a radio link is required to send digital voice at 4800bps,but can.pdfIn a radio link is required to send digital voice at 4800bps,but can.pdf
In a radio link is required to send digital voice at 4800bps,but can.pdfarchgeetsenterprises
 
hi i have to write a java program involving link lists. i have a pro.pdf
hi i have to write a java program involving link lists. i have a pro.pdfhi i have to write a java program involving link lists. i have a pro.pdf
hi i have to write a java program involving link lists. i have a pro.pdfarchgeetsenterprises
 
Glial cells were originally thought to play a very minor role in the .pdf
Glial cells were originally thought to play a very minor role in the .pdfGlial cells were originally thought to play a very minor role in the .pdf
Glial cells were originally thought to play a very minor role in the .pdfarchgeetsenterprises
 
Fungal reproductive cycle. Place the appropriate label in the correct.pdf
Fungal reproductive cycle. Place the appropriate label in the correct.pdfFungal reproductive cycle. Place the appropriate label in the correct.pdf
Fungal reproductive cycle. Place the appropriate label in the correct.pdfarchgeetsenterprises
 
Explain the concept of distributive justiceSolutiondistributiv.pdf
Explain the concept of distributive justiceSolutiondistributiv.pdfExplain the concept of distributive justiceSolutiondistributiv.pdf
Explain the concept of distributive justiceSolutiondistributiv.pdfarchgeetsenterprises
 
Fecal-oral infections are often a result of _____ droplet transmissi.pdf
Fecal-oral infections are often a result of _____ droplet transmissi.pdfFecal-oral infections are often a result of _____ droplet transmissi.pdf
Fecal-oral infections are often a result of _____ droplet transmissi.pdfarchgeetsenterprises
 
Dr. Z conducts a study examining the effect of socioeconomic status .pdf
Dr. Z conducts a study examining the effect of socioeconomic status .pdfDr. Z conducts a study examining the effect of socioeconomic status .pdf
Dr. Z conducts a study examining the effect of socioeconomic status .pdfarchgeetsenterprises
 
Double branded DNA viruses (select only one answer) all insert their.pdf
Double branded DNA viruses (select only one answer) all insert their.pdfDouble branded DNA viruses (select only one answer) all insert their.pdf
Double branded DNA viruses (select only one answer) all insert their.pdfarchgeetsenterprises
 
Discuss the mechanisms by which antibiotic resistance genes can be h.pdf
Discuss the mechanisms by which antibiotic resistance genes can be h.pdfDiscuss the mechanisms by which antibiotic resistance genes can be h.pdf
Discuss the mechanisms by which antibiotic resistance genes can be h.pdfarchgeetsenterprises
 
Develop two biologically relevant and researchable questions comparin.pdf
Develop two biologically relevant and researchable questions comparin.pdfDevelop two biologically relevant and researchable questions comparin.pdf
Develop two biologically relevant and researchable questions comparin.pdfarchgeetsenterprises
 
Describe the following structuresfunctions or cells Dermal, vascul.pdf
Describe the following structuresfunctions or cells Dermal, vascul.pdfDescribe the following structuresfunctions or cells Dermal, vascul.pdf
Describe the following structuresfunctions or cells Dermal, vascul.pdfarchgeetsenterprises
 
Describe the accounting and finance structure in an organization..pdf
Describe the accounting and finance structure in an organization..pdfDescribe the accounting and finance structure in an organization..pdf
Describe the accounting and finance structure in an organization..pdfarchgeetsenterprises
 
Consider an assembly of thousands of people, all screaming, yelling,.pdf
Consider an assembly of thousands of people, all screaming, yelling,.pdfConsider an assembly of thousands of people, all screaming, yelling,.pdf
Consider an assembly of thousands of people, all screaming, yelling,.pdfarchgeetsenterprises
 
Concrete and cementI) Give an example of non-calcium silicate cem.pdf
Concrete and cementI) Give an example of non-calcium silicate cem.pdfConcrete and cementI) Give an example of non-calcium silicate cem.pdf
Concrete and cementI) Give an example of non-calcium silicate cem.pdfarchgeetsenterprises
 

More from archgeetsenterprises (20)

Need to revise working code below,A good design means the applicat.pdf
Need to revise working code below,A good design means the applicat.pdfNeed to revise working code below,A good design means the applicat.pdf
Need to revise working code below,A good design means the applicat.pdf
 
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdfMolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
MolluscaIdentify the distinguishing characteristics of Phylum Moll.pdf
 
Match the directional term with its Correct ipsilateral media in.pdf
Match the directional term with its Correct ipsilateral media in.pdfMatch the directional term with its Correct ipsilateral media in.pdf
Match the directional term with its Correct ipsilateral media in.pdf
 
LithiumA. has a very narrow therapeutic range.B. completely cro.pdf
LithiumA. has a very narrow therapeutic range.B. completely cro.pdfLithiumA. has a very narrow therapeutic range.B. completely cro.pdf
LithiumA. has a very narrow therapeutic range.B. completely cro.pdf
 
Let Z be the group of all integers under the operation of addition. E.pdf
Let Z be the group of all integers under the operation of addition. E.pdfLet Z be the group of all integers under the operation of addition. E.pdf
Let Z be the group of all integers under the operation of addition. E.pdf
 
In the United States today, nearly all of our electricity isproduc.pdf
In the United States today, nearly all of our electricity isproduc.pdfIn the United States today, nearly all of our electricity isproduc.pdf
In the United States today, nearly all of our electricity isproduc.pdf
 
In a radio link is required to send digital voice at 4800bps,but can.pdf
In a radio link is required to send digital voice at 4800bps,but can.pdfIn a radio link is required to send digital voice at 4800bps,but can.pdf
In a radio link is required to send digital voice at 4800bps,but can.pdf
 
hi i have to write a java program involving link lists. i have a pro.pdf
hi i have to write a java program involving link lists. i have a pro.pdfhi i have to write a java program involving link lists. i have a pro.pdf
hi i have to write a java program involving link lists. i have a pro.pdf
 
Glial cells were originally thought to play a very minor role in the .pdf
Glial cells were originally thought to play a very minor role in the .pdfGlial cells were originally thought to play a very minor role in the .pdf
Glial cells were originally thought to play a very minor role in the .pdf
 
Fungal reproductive cycle. Place the appropriate label in the correct.pdf
Fungal reproductive cycle. Place the appropriate label in the correct.pdfFungal reproductive cycle. Place the appropriate label in the correct.pdf
Fungal reproductive cycle. Place the appropriate label in the correct.pdf
 
Explain the concept of distributive justiceSolutiondistributiv.pdf
Explain the concept of distributive justiceSolutiondistributiv.pdfExplain the concept of distributive justiceSolutiondistributiv.pdf
Explain the concept of distributive justiceSolutiondistributiv.pdf
 
Fecal-oral infections are often a result of _____ droplet transmissi.pdf
Fecal-oral infections are often a result of _____ droplet transmissi.pdfFecal-oral infections are often a result of _____ droplet transmissi.pdf
Fecal-oral infections are often a result of _____ droplet transmissi.pdf
 
Dr. Z conducts a study examining the effect of socioeconomic status .pdf
Dr. Z conducts a study examining the effect of socioeconomic status .pdfDr. Z conducts a study examining the effect of socioeconomic status .pdf
Dr. Z conducts a study examining the effect of socioeconomic status .pdf
 
Double branded DNA viruses (select only one answer) all insert their.pdf
Double branded DNA viruses (select only one answer) all insert their.pdfDouble branded DNA viruses (select only one answer) all insert their.pdf
Double branded DNA viruses (select only one answer) all insert their.pdf
 
Discuss the mechanisms by which antibiotic resistance genes can be h.pdf
Discuss the mechanisms by which antibiotic resistance genes can be h.pdfDiscuss the mechanisms by which antibiotic resistance genes can be h.pdf
Discuss the mechanisms by which antibiotic resistance genes can be h.pdf
 
Develop two biologically relevant and researchable questions comparin.pdf
Develop two biologically relevant and researchable questions comparin.pdfDevelop two biologically relevant and researchable questions comparin.pdf
Develop two biologically relevant and researchable questions comparin.pdf
 
Describe the following structuresfunctions or cells Dermal, vascul.pdf
Describe the following structuresfunctions or cells Dermal, vascul.pdfDescribe the following structuresfunctions or cells Dermal, vascul.pdf
Describe the following structuresfunctions or cells Dermal, vascul.pdf
 
Describe the accounting and finance structure in an organization..pdf
Describe the accounting and finance structure in an organization..pdfDescribe the accounting and finance structure in an organization..pdf
Describe the accounting and finance structure in an organization..pdf
 
Consider an assembly of thousands of people, all screaming, yelling,.pdf
Consider an assembly of thousands of people, all screaming, yelling,.pdfConsider an assembly of thousands of people, all screaming, yelling,.pdf
Consider an assembly of thousands of people, all screaming, yelling,.pdf
 
Concrete and cementI) Give an example of non-calcium silicate cem.pdf
Concrete and cementI) Give an example of non-calcium silicate cem.pdfConcrete and cementI) Give an example of non-calcium silicate cem.pdf
Concrete and cementI) Give an example of non-calcium silicate cem.pdf
 

Recently uploaded

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Sakshi Ghasle
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 

Recently uploaded (20)

Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application ) Hybridoma Technology ( Production , Purification , and Application )
Hybridoma Technology ( Production , Purification , and Application )
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 

Describe two methods for communicating the material in an Informatio.pdf

  • 1. Describe two methods for communicating the material in an Information Security policy to the staff of an organization. What are the strengths and weaknesses of each? Solution Information security means protecting information (data) and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. Information Security management is a process of defining the security controls in order to protect the information assets. Security Program The first action of a management program to implement information security is to have a security program in place. Though some argue the first act would be to gain some real "proof of concept" and "explainable thru display on the monitor screen" security knowledge. Start with maybe understanding where OS passwords are stored within the code inside a file within a directory. If you don't understand Operating Systems at the root directory level maybe you should seek out advice from somebody who does before even beginning to implement security program management and objectives. Security Program Objectives · Protect the company and its assets. · Manage Risks by Identifying assets, discovering threats and estimating the risk · Provide direction for security activities by framing of information security policies, procedures, standards, guidelines and baselines · Information Classification · Security Organization and · Security Education Security Management Responsibilities · Determining objectives, scope, policies,re expected to be accomplished from a security program · Evaluate business objectives, security risks, user productivity, and functionality requirements. · Define steps to ensure that all the above are accounted for and properly addressed Approaches to Build a Security Program · Top-Down Approach · The initiation, support, and direction comes from the top management and work their way through middle management and then to staff members.
  • 2. · Treated as the best approach but seems to based on the I get paid more therefor I must know more about everything type of mentality. · Ensures that the senior management who are ultimately responsible for protecting the company assets is driving the program. · Bottom-Up Approach · The lower-end team comes up with a security control or a program without proper management support and direction. · It is oft considered less effective and doomed to fail for the same flaw in thinking as above; I get paid more therefor I must know more about everything. Since advancement is directly tied to how well you can convince others, who often fall outside of your of job duties and department, as to your higher value to the company as stated by your own effective written communication this leads to amazing resume writers and take no blame style of email responses that seems to definitely lead to the eventual failure of company's standards and actual knowledge. It is often covered up by relationships which form at the power levels within any group of people and those who are considered so-called experts having no real idea what is really involved under the hood of the reports/applications they use and no proof presented in emails written when self declared claims of their expertise is made or blame is to be put on another. Security Controls Security Controls can be classified into three categories Administrative Controls which include · Developing and publishing of policies, standards, procedures, and guidelines. · Screening of personnel. · Conducting security-awareness training and · Implementing change control procedures. Technical or Logical Controls which include · Implementing and maintaining access control mechanisms. · Password and resource management. · Identification and authentication methods · Security devices and · Configuration of the infrastructure. Physical Controls which include · Controlling individual access into the facility and different departments · Locking systems and removing unnecessary floppy or CD-ROM drives · Protecting the perimeter of the facility · Monitoring for intrusion and
  • 3. · Environmental controls. Security Note: It is the responsibility of the information owner (usually a Sr. executive within the management group or head of a specific dept) to protect the data and is the due care (liable by the court of law) for any kind of negligence The Elements of Security Vulnerability · It is a software, hardware, or procedural weakness that may provide an attacker the open door he is looking for to enter a computer or network and have unauthorized access to resources within the environment. · Vulnerability characterizes the absence or weakness of a safeguard that could be exploited. · E.g.: a service running on a server, unpatched applications or operating system software, unrestricted modem dial-in access, an open port on a firewall, lack of physical security etc. Threat · Any potential danger to information or systems. · A threat is a possibility that someone (person, s/w) would identify and exploit the vulnerability. · The entity that takes advantage of vulnerability is referred to as a threat agent. E.g.: A threat agent could be an intruder accessing the network through a port on the firewall Risk · Risk is the likelihood of a threat agent taking advantage of vulnerability and the corresponding business impact. · Reducing vulnerability and/or threat reduces the risk. · E.g.: If a firewall has several ports open, there is a higher likelihood that an intruder will use one to access the network in an unauthorized method. Exposure · An exposure is an instance of being exposed to losses from a threat agent. · Vulnerability exposes an organization to possible damages. · E.g.:If password management is weak and password rules are not enforced, the company is exposed to the possibility of having users' passwords captured and used in an unauthorized manner. Countermeasure or Safeguard · It is an application or a s/w configuration or h/w or a procedure that mitigates the risk. · E.g.: strong password management, a security guard, access control mechanisms within an operating system, the implementation of basic input/output system (BIOS) passwords, and security-awareness training.
  • 4. The Relation Between the Security Elements · Example: If a company has antivirus software but does not keep the virus signatures up- to-date, this is vulnerability. The company is vulnerable to virus attacks. · The threat is that a virus will show up in the environment and disrupt productivity. · The likelihood of a virus showing up in the environment and causing damage is the risk. · If a virus infiltrates the company's environment, then vulnerability has been exploited and the company is exposed to loss. · The countermeasures in this situation are to update the signatures and install the antivirus software on all computers Threat Agent gives rise to Threat exploits Vulnerability leads to Risk can damage Assets and causes an Exposure can be counter measured by Safeguard directly effects Threat Agent Alternative Description: A threat agent causes the realisation of a threat by exploiting a vulnerability. The measurement of the extent that this exploitation causes damage is the exposure. The organisational loss created within the exposure is the impact. Risk is the probability that a threat event will generate loss and be realised within the organisation. Example: · Target: A bank contains money. · Threat: There are individuals who want, or need, additional money. · Vulnerability: The bank uses software that has a security flaw. · Exposure: 20% of the bank's assets are affected by this flaw. · Exploit: By running a small snippet of code (malware), the software can be accessed illegally. · Threat Agent: There are hackers who have learned how to use this malware to control the bank's software. · Exploitation: The hackers access the software using the malware and steal money. · Impact: The bank loses monetary assets, reputation, and future business. · Risk: The likelihood that a hacker will exploit the bank's software vulnerability and impact the bank's reputation and monetary resources. Core Information Security Principles The three fundamental principles of security are availability, integrity, and confidentiality and are commonly referred to as CIA or AIC triad which also form the main objective of any security program. The level of security required to accomplish these principles differs per company, because each has its own unique combination of business and security goals and requirements.
  • 5. All security controls, mechanisms, and safeguards are implemented to provide one or more of these principles. All risks, threats, and vulnerabilities are measured for their potential capability to compromise one or all of the AIC principles Confidentiality · Ensures that the necessary level of secrecy is enforced at each junction of data processing and prevents unauthorized disclosure. This level of confidentiality should prevail while data resides on systems and devices within the network, as it is transmitted and once it reaches its destination. · Threat sources · Network Monitoring · Shoulder Surfing- monitoring key strokes or screen · Stealing password files · Social Engineering- one person posing as the actual · Countermeasures · Encrypting data as it is stored and transmitted. · By using network padding · Implementing strict access control mechanisms and data classification · Training personnel on proper procedures. Integrity · Integrity of data is protected when the assurance of accuracy and reliability of information and system is provided, and unauthorized modification is prevented. · Threat sources · Viruses · Logic Bombs · Backdoors · Countermeasures · Strict Access Control · Intrusion Detection · Hashing Availability · Availability ensures reliability and timely access to data and resources to authorized individuals. · Threat sources · Device or software failure. · Environmental issues like heat, cold, humidity, static electricity, and contaminants can
  • 6. also affect system availability. · Denial-of-service (DoS) attacks · Countermeasures · Maintaining backups to replace the failed system · IDS to monitor the network traffic and host system activities · Use of certain firewall and router configurations Information Security Management Governance Security Governance Governance is the set of responsibilities and practices exercised by the board and executive management with the goal of providing strategic direction, ensuring that objectives are achieved, ascertaining that risks are managed appropriately and verifying that the enterprise's resources are used responsibly. Information Security Governance or ISG, is a subset discipline of Corporate Governance focused on information Security systems and their performance and risk management. Security Policies, Procedures, Standards, Guidelines, and Baselines Policies A security policy is an overall general statement produced by senior management (or a selected policy board or committee) that dictates what role security plays within the organization. A well designed policy addresses: 1. . What is being secured? - Typically an asset. 2. . Who is expected to comply with the policy? - Typically employees. 3. . Where is the vulnerability, threat or risk? - Typically an issue of integrity or responsibility. Types of Policies · Regulatory: This type of policy ensures that the organization is following standards set by specific industry regulations. This policy type is very detailed and specific to a type of industry. This is used in financial institutions, health care facilities, public utilities, and other government- regulated industries. E.g.: TRAI. · Advisory: This type of policy strongly advises employees regarding which types of behaviors and activities should and should not take place within the organization. It also outlines possible ramifications if employees do not comply with the established behaviors and activities. This policy type can be used, for example, to describe how to handle medical information, handle financial transactions, or process confidential information. · Informative: This type of policy informs employees of certain topics. It is not an enforceable policy, but rather one to teach individuals about specific issues relevant to the company. It could explain how the company interacts with partners, the company's goals and mission, and a general reporting structure in different situations.
  • 7. Types of Security Policies · Organizational · Management establishes how a security program will be set up, lays out the program's goals, assigns responsibilities, shows the strategic and tactical value of security, and outlines how enforcement should be carried out. · Provides scope and direction for all future security activities within the organization. · This policy must address relative laws, regulations, and liability issues and how they are to be satisfied. · It also describes the amount of risk senior management is willing to accept. · Characteristics · Business objectives should drive the policy's creation, implementation, and enforcement. The policy should not dictate business objectives. · It should be an easily understood document that is used as a reference point for all employees and management. · It should be developed and used to integrate security into all business functions and processes. · It should be derived from and support all legislation and regulation applicable to the company. · It should be reviewed and modified as a company changes, such as through adoption of a new business model, merger with another company, or change of ownership. · Each iteration of the policy should be dated and under version control. · The units and individuals who are governed by the policy must have access to the applicable portions and not be expected to have to read all policy material to find direction and answers · Issue-specific · Addresses specific security issues that management feels need more detailed explanation and attention to make sure a comprehensive structure is built and all employees understand how they are to comply with these security issues · E.g.: An e-mail policy might state that management can read any employee's e-mail messages that reside on the mail server, but not when they reside on the user's workstation · System-specific · Presents the management's decisions that are specific to the actual computers, networks, applications, and data. · This type of policy may provide an approved software list, which contains a list of applications that may be installed on individual workstations. · E.g.: This policy may describe how databases are to be used and protected, how
  • 8. computers are to be locked down, and how firewalls, IDSs, and scanners are to be employed. Standards · Standards refer to mandatory activities, actions, rules, or regulations. · Standards can give a policy its support and reinforcement in direction. · Standards could be internal, or externally mandated (government laws and regulations). Procedures · Procedures are detailed step-by-step tasks that should be performed to achieve a certain goal. · E.g.: we can write procedures on how to install operating systems, configure security mechanisms, implement access control lists, set up new user accounts, assign computer privileges, audit activities, destroy material, report incidents, and much more. · Procedures are considered the lowest level in the policy chain because they are closest to the computers and users (compared to policies) and provide detailed steps for configuration and installation issues. · Procedures spell out how the policy, standards, and guidelines will actually be implemented in an operating environment. · If a policy states that all individuals who access confidential information must be properly authenticated, the supporting procedures will explain the steps for this to happen by defining the access criteria for authorization, how access control mechanisms are implemented and configured, and how access activities are audited Baselines · A baseline can refer to a point in time that is used as a comparison for future changes. Once risks have been mitigated, and security put in place, a baseline is formally reviewed and agreed upon, after which all further comparisons and development are measured against it. · A baseline results in a consistent reference point. · Baselines are also used to define the minimum level of protection that is required. · In security, specific baselines can be defined per system type, which indicates the necessary settings and the level of protection that is being provided. For example, a company may stipulate that all accounting systems must meet an Evaluation Assurance Level (EAL) 4 baseline. Security Note : Baselines that are not technology-oriented should be created and enforced within organizations as well. For example, a company can mandate that all employees must have a badge with a picture ID in view while in the facility at all times. It can also state that visitors must sign in at a front desk and be escorted while in the facility.
  • 9. If these are followed, then this creates a baseline of protection. Guidelines · Guidelines are recommended actions and operational guides to users, IT staff, operations staff, and others when a specific standard does not apply. · Guidelines can deal with the methodologies of technology, personnel, or physical security. Putting It All Together · A policy might state that access to confidential data must be audited. A supporting guideline could further explain that audits should contain sufficient information to allow for reconciliation with prior reviews. Supporting procedures would outline the necessary steps to configure, implement, and maintain this type of auditing. · policies are strategical(long term) while standards, guidelines and procedures are tactical(medium term). Organizational Security Models Some of the best practices that facilitate the implementation of security controls include Control Objectives for Information and Related Technology (COBIT), ISO/IEC 17799/BS 7799, Information Technology Infrastructure Library (ITIL), and Operationally Critical Threat, Asset and Vulnerability Evaluation (OCTAVE). COSO Committee of Sponsoring Organizations of the Treadway Commission (COSO), is a U.S. private-sector initiative, formed in 1985. Its major objective is to identify the factors that cause fraudulent financial reporting and to make recommendations to reduce its incidence. COSO has established a common definition of internal controls, standards, and criteria against which companies and organizations can assess their control systems. Key concepts of the COSO framework · Internal control is a process. It is a means to an end, not an end in itself. · Internal control is affected by people. It’s not merely policy manuals and forms, but people at every level of an organization. · Internal control can be expected to provide only reasonable assurance, not absolute assurance, to an entity's management and board. · Internal control is geared to the achievement of objectives in one or more separate but overlapping categories. The COSO framework defines internal control as a process, effected by an entity's board of directors, management and other personnel, designed to provide reasonable assurance regarding the achievement of objectives in the following categories: · Effectiveness and efficiency of operations
  • 10. · Reliability of financial reporting · Compliance with applicable laws and regulations. COSO Internal Control Framework: the five components According to the COSO framework, internal control consists of five interrelated components. These components provide an effective framework for describing and analyzing the internal control system implemented in an organization. The five components are the following: · Control Environment: The control environment sets the tone of an organization, influencing the control consciousness of its people. It is the foundation for all other components of internal control, providing discipline and structure. Control environment factors include the integrity, ethical values, management's operating style, delegation of authority systems, as well as the processes for managing and developing people in the organization. · Risk assessment: Every entity faces a variety of risks from external and internal sources that must be assessed. A precondition to risk assessment is establishment of objectives and thus risk assessment is the identification and analysis of relevant risks to achievement of assigned objectives. Risk assessment is a prerequisite for determining how the risks should be managed. · Control activities: Control activities are the policies and procedures that help ensure management directives are carried out. They help ensure that necessary actions are taken to address risks to achievement of the entity's objectives. Control activities occur throughout the organization, at all levels and in all functions. They include a range of activities as diverse as approvals, authorizations, verifications, reconciliations, reviews of operating performance, security of assets and Separation of duties/segregation of duties. · Information and communication: Information systems play a key role in internal control systems as they produce reports, including operational, financial and compliance-related information, that make it possible to run and control the business. In a broader sense, effective communication must ensure information flows down, across and up the organization. Effective communication should also be ensured with external parties, such as customers, suppliers, regulators and shareholders. · Monitoring: Internal control systems need to be monitored--a process that assesses the quality of the system's performance over time. This is accomplished through ongoing monitoring activities or separate evaluations. Internal control deficiencies detected through these monitoring activities should be reported upstream and corrective actions should be taken to ensure continuous improvement of the system. ITIL The Information Technology Infrastructure Library (ITIL) is a set of concepts and techniques for managing information technology (IT) infrastructure, development, and operations. ITIL is published in a series of books, each of which cover an IT management topic
  • 11. Overview and Benefits ITIL provides a systematic and professional approach to the management of IT service provision. Adopting its guidance offers users a huge range of benefits that include: · reduced costs; · improved IT services through the use of proven best practice processes; · improved customer satisfaction through a more professional approach to service delivery; · standards and guidance; · improved productivity; · improved use of skills and experience; and · improved delivery of third party services through the specification of IT