SlideShare a Scribd company logo

REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx

Download as DOCX, PDF
D
danas19

REAL-TIME INTEGRATION SYSTEMS Computer Systems Security Foundations Week 4: Software and Database Security <name> [Pick the date] This document contains information and typical analyses that Real-Time Integration Systems must conduct to ensure compliance with recent initial public offering (IPO) requirements and to ensure the security of the company infrastructure. In addition to ensuring compliance to the Sarbanes-Oxley requirements, the company is also considering expanding the network infrastructure to allow employee flexibility (yet sound security) in the area of network connectivity through the introduction of a wireless network. The company will evaluate the risks and the current and future network infrastructure and enterprise systems, as well as the access control policies currently in use. Within the analysis of the technical review, Real-Time Integration Systems will ensure a proper security program is in place and that policies and procedures are updated and accurate. Table of Contents Project Outline and Requirements (Week 1) ................................................................................................ 1 Organization Description .......................................................................................................................... 1 Project Requirements ............................................................................................................................... 1 Introduction to Information Security (Week 1) ............................................................................................ 3 The Need for Information Security ........................................................................................................... 3 Potential Issues and Risks for Wi-Fi Environments ................................................................................... 3 Security Challenges of Allowing Consultants to Work On-Site ................................................................. 3 A Review of the Sarbanes-Oxley Requirements ....................................................................................... 3 Security Assessment (Week 2) ...................................................................................................................... 4 Current Assets ........................................................................................................................................... 4 Analysis of Current Network Topology and Risks ..................................................................................... 4 Risk Assessment Methodology ................................................................................................................. 5 Risk Mitigation .......................................................................................................................................... 6 Access Controls and Security Mechanisms (Week 3) ........

Education
1 of 19
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security Foundations Week 4: Software and Database Security <name> [Pick the date] This document contains information and typical analyses that Real-Time Integration Systems must conduct to ensure compliance with recent initial public offering (IPO) requirements and to ensure the security of the company infrastructure. In addition to ensuring compliance to the Sarbanes-Oxley requirements, the company is also considering expanding the network infrastructure to allow employee flexibility (yet sound security) in the area of network connectivity through the introduction of a wireless network. The company will evaluate the risks and the current and future network infrastructure and enterprise systems, as well as the access control policies currently in use. Within the analysis of the technical review, Real-Time Integration Systems will ensure a proper security program is in place and
that policies and procedures are updated and accurate. Table of Contents Project Outline and Requirements (Week 1) ............................................................................................... . 1 Organization Description ............................................................................................... ........................... 1 Project Requirements ............................................................................................... ................................ 1 Introduction to Information Security (Week 1) ............................................................................................ 3 The Need for Information Security ............................................................................................... ............ 3 Potential Issues and Risks for Wi-Fi Environments ................................................................................... 3 Security Challenges of Allowing Consultants to Work On-Site ................................................................. 3 A Review of the Sarbanes-Oxley Requirements ....................................................................................... 3 Security Assessment (Week 2)
............................................................................. .................. ....................... 4 Current Assets ............................................................................................... ............................................ 4 Analysis of Current Network Topology and Risks ..................................................................................... 4 Risk Assessment Methodology ............................................................................................... .................. 5 Risk Mitigation ............................................................................................... ........................................... 6 Access Controls and Security Mechanisms (Week 3) ................................................................................... 7 Access Controls of Existing Applications ............................................................................................... .... 7 The Application List From Week 2 With Needed Access Controls (Examples): .................................... 7 Access Controls to the Wi-Fi Network ............................................................................................... ....... 7 Network Authentication Schemes ............................................................................................... ............. 8
Single Sign-On ............................................................................................... ........................................ 8 Virtual Private Networks ............................................................................................... ........................ 8 Software and Database Security (Week 4) ............................................................................................... .... 9 Regulatory Requirements of Sarbanes-Oxley ........................................................................................... 9 Polices ............................................................................................... ........................................................ 9 Controls ............................................................................................... ...................................................... 9 Protecting Data ............................................................................................... .......................................... 9 Data-at-Rest ............................................................................................... ........................................... 9 Data-in-Motion ............................................................................................... ...................................... 9 Network Security (Week 5)
............................................................................... ................ .......................... 10 Protecting Data .......................................................................................... Error! Bookmark not defined. Intrusion Detection Systems .................................................................. Error! Bookmark not defined. Intrusion Prevention Systems ................................................................ Error! Bookmark not defined. References ............................................................................................... ................................................... 11 Computer Systems Security Foundations Organization Consultants Page 1 Project Outline and Requirements (Week 1) Organization Description Real-Time Integration Systems is a publicly traded company
based in San Jose, California that offers customized solutions to customers and clients. The main focus for Real-Time is the creation of solutions based on integrating the various systems that are used in the customers’ offices so that they can have a single management interface for all systems and applications. Real-Time has 100 employees. About one third is internal company-based support, and two thirds of the employee base is consulting staff working on the customized solutions. The company recently underwent an IPO, and as such, now has additional regulatory requirements that it must meet. Talking with the company’s chief information officer (CIO) and chief financial officer (CFO), they admit that the recent IPO has added additional pressures for their company. They now must meet additional regulatory requirements. The consulting staff typically meets with the customer to gather the system requirements and then returns home to the Real-Time facilities to create the integration solutions. A major problem that the consultants face is network resources. The office spaces that are allocated to the consulting team offer cubicles with limited network access. The consultants need a more flexible solution for connecting to the Real-Time network. Real-Time wants to implement a secure solution that ensures the privacy of the communications and company data as well as giving the consultants the flexibility to connect to the network and move around and interact and conference with other consultants. Project Requirements As Real-Time starts the project, the leaders realize that their current infrastructure is not as secure as
they thought. The original information technology (IT) staff was well-meaning, but at the time of the start-up, they were not as security-conscious as companies are today. As a result, Real-Time wants to ensure the overall security of the existing infrastructure and to isolate the new development infrastructure as much as possible. To begin, the existing network architecture includes a demilitarized zone (DMZ) for the company Web site, file transfer protocol (FTP), and mail servers. The company Intranet is a flat network. All company resources and applications are on the same network with all staff desktops. All company systems are internal (meaning that they outsource no solutions). All systems and applications are housed in the San Jose corporate site in a converted conference room that is now a dedicated data center. Real-Time does have a concern over the customer systems and data that are brought into the San Jose facility. The customer data and equipment need to be isolated from other customer environments. At no point in time can the data from one customer be stored in the same environment as a different customer. The CIO has made these requirements very clear to the staff. Customer data privacy and security needs to be a top priority. Proper resources have been allocated for the project, and several key goals have been set: • Evaluate the regulatory requirements based on the Sarbanes- Oxley Act, and ensure that company security policies are sufficient to meet the
requirements. • Evaluate the security risks in the current environment. • Evaluate the access control methods that are currently in use, and identify newly needed controls. • Evaluate the need for controls to better protect data both at rest and in motion. • Develop or redesign a secure network solution. Introduction to Information Security (Week 1) A review of the current infrastructure and security model is needed to ensure compliance with the new Sarbanes-Oxley regulations. Management wants to understand how the regulation impacts the information security posture of the Real-Time Integrations Systems environment. To do so, the following areas need to be better understood by the organization: • Describe the need for information security • The potential issues and risks that exist and what benefits they can gain from the new wireless fidelity (W-Fi) project • Describe what new challenges exist with the new project to allow consultants to work on-site • Describe the challenges that now apply to the company with the recent IPO taking place
The Need for Information Security A review of the high level of information security should take place, and then a practical discussion about what it means for organizations like Real-Time Integration Systems needs to take place. Potential Issues and Risks for Wi-Fi Environments A review of the technical security needs to take place. The focus should be on the extension of a network through the use of wireless technologies. Security Challenges of Allowing Consultants to Work On-Site A review of the administrative security controls needs to take place. The focus should be on the policies and personal requirements that need to be implemented A Review of the Sarbanes-Oxley Requirements Sarbanes-Oxley will now affect Real-Time, and there needs to be a discussion about the specific provisions of the regulations that apply to the IT infrastructure. Security Assessment (Week 2) To conduct a security assessment, the organization needs to understand its environment. This includes asset identification, data classifications, and network topologies. This section will focus on asset identification and network topology and the risks associated with them in the current environments. Current Assets A list of the enterprise systems that Real-Time Integration
Systems relies on to run the day-to-day business activities includes the following systems: Example Enterprise Systems System Applications Description Enterprise resource planning (ERP) Human resources (HR) Human resources uses this to track employees, managers, assignments, salary, and expenses ERP Financials Accounts payables, accounts receivables, general ledger Customer relations management (CRM) Sales and marketing Tracking of customers and customer projects Web servers Company public portal Information and applications used by customers to interact with Real-Time Integration Systems E-mail server All departments E-mail system used for company
e-mail and external communications Analysis of Current Network Topology and Risks An example diagram for the current network (although not required for submission) could be represented as follows: Because all machines (user desktops and servers) are on the same network, all connected to the Internet, a security breach on any single machine give hackers direct access to all other servers and devices on the same network. This is highly undesirable. Additional risks should be discussed. System Risks Web server Accessible to the Internet by design, easy targets for hackers Desktop systems Users are primary targets for social engineers, if compromised network resources are accessible If the new Wi-Fi network is added to the existing network, an example diagram could look as follows: A discussion about the new risks for this model needs to be
conducted. Risk Assessment Methodology The following is an outline of the methodology that can be used for a risk assessment: • Phase 1: Project Definition • Phase 2: Project Preparation • Team Preparation • Project Preparation • Phase 3: Data Gathering • Administrative • Technical • Physical • Phase 4: Risk Analysis • Assets • Threat Agents and Threats • Vulnerabilities • Phase 5: Risk Mitigation • Safeguards • Residual Security Risk • Phase 6: Risk Reporting and Resolution • Risk Recommendation • Documentation Risk Mitigation
As part of the risk-assessment process, a plan needs to be recommended (and ultimately acted upon). The exact process for dealing with risk varies from company to company based on the risk tolerance. The following should be discussed with respect to handling risk: Access Controls and Security Mechanisms (Week 3) The focus of this section is to examine the access control model of the previously identified applications. A potential review of the existing system could take place, but a proposed final solution needs to take place for each application. A proposed solution for the new Wi- Fi network is also given. Access Controls of Existing Applications The application list from Week 2 with needed access controls (examples): System Proposed Access Control Identification/Authentication Authorization ERP Single sign-on technology (SSO) Role-based access control Desktop Active Directory Role-based access control Access Controls to the Wi-Fi Network
A detailed description of how access controls should be implemented is provided. An example of a network segregation diagram (not required but could be implemented) is as follows: Active Directory has been included for the potential of desktop and wireless authentication. Additional discussions could take place surrounding the concepts of virtual private network access for wireless clients. Network Authentication Schemes Single Sign-On Description of SSO technologies and their use will take place in this section. Virtual Private Networks Description of VPN technologies and their use will take place in this section. Software and Database Security (Week 4) A focus on the policies, processes, and procedures is an important part of the Sarbanes-Oxley regulations and requirements. This section will focus on the needed policies and audit controls that need to be in place to meet the requirements. Regulatory Requirements of Sarbanes-Oxley
Sarbanes-Oxley is a wide-sweeping regulation that applies to publicly traded companies. Although the main focus of the regulation deals with the accurate reporting of financial data and record-keeping, several sections touch on the need for IT controls. The following is a list and description of specifics in the regulation that deal with IT: <Provide the Details of Sarbanes-Oxley Requirements> Polices An important aspect of any security program and the compliance with Sarbanes-Oxley is the implementation and enforcement of security policies. The following is a list and description of applicable security policies that are implemented at Real-Time Integration Systems: Policy Description Acceptable-use policy Describe what, when, and how company resources should and should not be used. A total of 5 policies are required. Controls Policies state management’s desired intent of acceptable behavior and expectations, but more than expressed desire is required. The company needs to be testing and tracking compliance with the published policies. The following is a list of controls that can be used to complete that task: Policy Control Acceptable-use policy Firewall monitoring for violations of
access time and access sites Acceptable-use policy Monitoring of outbound phone call usage A total of 3 controls for each policy are required. Protecting Data Data-at-Rest A description of data-at-rest and the applicable use will take place in this section. Data-in-Motion A description of data-in-motion and the applicable use will take place in this section. Network Security (Week 5 TBD) References Project Outline and Requirements (Week 1)Organization DescriptionProject RequirementsIntroduction to Information Security (Week 1)The Need for Information SecurityPotential Issues and Risks for Wi-Fi EnvironmentsSecurity Challenges of Allowing Consultants to Work On-SiteA Review of the Sarbanes-Oxley RequirementsSecurity Assessment (Week 2)Current AssetsAnalysis of Current Network Topology and
RisksRisk Assessment MethodologyRisk MitigationAccess Controls and Security Mechanisms (Week 3)Access Controls of Existing ApplicationsThe application list from Week 2 with needed access controls (examples):Access Controls to the Wi-Fi NetworkNetwork Authentication SchemesSingle Sign-OnVirtual Private NetworksSoftware and Database Security (Week 4)Regulatory Requirements of Sarbanes- OxleyPolicesControlsProtecting DataData-at-RestData-in- MotionNetwork Security (Week 5 TBD)References Sheet1Order # 53618899Part IX - Financial DataRevenue2018201920202021Gifts/Grants/Donations/Contrib utions$13,229$10,550$15,000$18,000Membership Fees$0$0$0$0Gross Investment Income$0$0$0$0Net Unrelated Business Income$0$0$0$0Other Income (Please describe this income)$0$0$0$0Sales Income (Sale of goods/services)$0$0$0$0Unusual Grants$0$0$0$0Fundraising Income$0$0$0$0Total Revenue$13,229$10,55015,000$18,000Expenses2018201920202 021Line 14 - Fundraising Expenses$0$0$0$0Line 15 - Grants, Donations, Gifts to OthersFor _____________________________$0$0$0$0For _____________________________$0$0$0$0For _____________________________$0$0$0$0Line 17 - Director / Officer compensation (Provide NAME & TITLE)For _____________________________$0$0$0$0For _____________________________$0$0$0$0For _____________________________$0$0$0$0Line 18 - Other salaries and wages (Provide NAME and/or TITLE)For _____________________________$0$0$0$0For _____________________________$0$0$0$0For _____________________________$0$0$0$0Line 19 - Interest Expense$0$0$0$0Line 20 - Occupancy (rent, utilities, etc.)$0$0Rent$0$0$0$0Utilities$0$0$0$0Line 21 - Depreciation and Depletion$0$0$0$0Line 22 - Professional Fees$0$0$0$0Line 23 - Other Expenses$0$0$0$0Program
Expenses (OVERHEAD EXPENSES. Please Itemize)Texas State Formation of Azama Progressive Foundation Inc. Expenses$459$0$0$0For ___Legal Zoom__________________________$1,500$445$1,000$900For Legal Zoom/Attorney Consultations/1yr Subscription Expense$131$131$131$131For Website Development & 1yr. Support/Hosting$930$300$300$250For 501©3 Recognition_& Letter of Determination$620$0$0$0Formation of Azama Progressive Foundation Inc.in Nigeria Expenses$1,300$0$0$0Purchase of 2 New HP Laptops for the Foundation in Nigeria$996$0$0$0Promotion for Scholarship Expenses sent to Nigeria$894$375$450$600Scholarship Awards to 100 Azama College Students$0$2,000$3,000$3,000Purcase of 100 Large School back packs / shipment$0$1,507$0$1,600Purchase of 1.5 Acres of Virgin Land for Cashew Plantion$0$3,500$0$0Labor Land clearing/make ready for cashew planting/cashew seedling transplant$2,000$0$1,500Misc. Expenses/Refreshment for/Rental of chair & tables for scholarship award$0$1,200$0$0Weeding/Ferterlizing/Establishment of intercrops in the new cashew farm$0$0$1,200$1,200Barbwire Fencing of the cash farm/Bill Board of the Foundation/No Trespass Sign$0$0$1,500$0Office Supplies$577$325$6001350Telephone$0$0$0$0Fax$0$0$0$0Int ernet Expense$0$0$0$0Delivery & Postage$0$0$0$0Printing Costs$0$0$0$0Reproduction (Copying)$0$0$0$0Transportation Costs (Gas, Lodging, etc.)$0$0$0$0Parking$0$0$0$0Permits & Licenses$0$0$0$0Insurance$0$0$0$0Other Expenses Subtotal$7,407$11,783$8,181$10,531Total Expenses$7,407$11,783$8,181$10,531Excess Revenue Over Expenses$5,822($1,233)$6,819$7,469 Sheet2 Sheet3 Assignment The case study company is also concerned about the
confidentiality and integrity of the data. What policies and controls are needed to meet the regulatory requirements imposed by the recent initial public offering (IPO)? To ensure the confidentiality of data both internally and externally, discuss how you can effectively protect the data in motion and at rest. Create the following section for Week 4: · Week 4: Security Policies, Procedures, and Regulatory Compliance · List and describe the regulatory requirement that was introduced by the IPO. · List and describe at least 5 policies that the company needs. · From the list of policies, list and describe at least 3 controls that the company needs to implement. · Describe the data at rest and data in motion and how they can be protected · Section 4 should be 2–3 pages long. Worked Example Please refer to the following worked example of this assignment based on the problem-based learning (PBL) scenario. The worked example is not intended to be a complete example of the assignment, but it will illustrate the basic concepts that are required for completion of the assignment, and it can be used as a general guideline for your own project. Your assignment submission should be more detailed and specific, and it should reflect your own approach to the assignment rather than just following the same outline.

Recommended

REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docxREAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docxcatheryncouper
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015sllongo3
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 

Recommended

REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docxREAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx
REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docxcatheryncouper
 
Project Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxProject Deliverable 2 Business Requirements1Project Deliverab.docx
Project Deliverable 2 Business Requirements1Project Deliverab.docxwkyra78
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015TierPoint White Paper_With all due diligence_2015
TierPoint White Paper_With all due diligence_2015sllongo3
 
With-All-Due-Diligence20150330
With-All-Due-Diligence20150330With-All-Due-Diligence20150330
With-All-Due-Diligence20150330Jim Kramer
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
SDM Term Project (DWMT Consulting)
SDM Term Project (DWMT Consulting)SDM Term Project (DWMT Consulting)
SDM Term Project (DWMT Consulting)"Royce \"Trey\"" Duncan
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...Symantec
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
SOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataSOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataKashish Trivedi
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyJames Konderla
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&aPublicly traded global multi-billion services company
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Projectchris odle
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Project NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxProject NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxtoltonkendal
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comamaranthbeg72
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comamaranthbeg92
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comamaranthbeg112
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 
Recognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxRecognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxdanas19
 
Recognizing Fallacies Constructing sound arguments requires .docx
Recognizing Fallacies Constructing sound arguments requires .docxRecognizing Fallacies Constructing sound arguments requires .docx
Recognizing Fallacies Constructing sound arguments requires .docxdanas19
 

More Related Content

Similar to REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx

IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...Symantec
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company Abdulrahman Alamri
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comPrescottLunt386
 
SOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataSOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataKashish Trivedi
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresIJRES Journal
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the HourTechdemocracy
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]LinkedIn
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyJames Konderla
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Projectchris odle
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
Project NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxProject NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxtoltonkendal
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comamaranthbeg72
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comamaranthbeg92
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comamaranthbeg112
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperDavid J Rosenthal
 

Similar to REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx (20)

SDM Term Project (DWMT Consulting)
SDM Term Project (DWMT Consulting)SDM Term Project (DWMT Consulting)
SDM Term Project (DWMT Consulting)
 
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
IT Security at the Speed of Business: Security Provisioning with Symantec Dat...
 
The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company The Security and Compliance Plan for Maxistar Medical Supplies Company
The Security and Compliance Plan for Maxistar Medical Supplies Company
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Cyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.comCyb 610 Inspiring Innovation--tutorialrank.com
Cyb 610 Inspiring Innovation--tutorialrank.com
 
SOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp DrataSOC 2 Compliance Made Easy with Process Street amp Drata
SOC 2 Compliance Made Easy with Process Street amp Drata
 
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual InfrastructuresGeneric Security Framework for Multiple Heterogeneous Virtual Infrastructures
Generic Security Framework for Multiple Heterogeneous Virtual Infrastructures
 
Why IAM is the Need of the Hour
Why IAM is the Need of the HourWhy IAM is the Need of the Hour
Why IAM is the Need of the Hour
 
Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]Sample Cloud Application Security and Operations Policy [release]
Sample Cloud Application Security and Operations Policy [release]
 
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies CompanyIT Security and Compliance Program Plan for Maxistar Medical Supplies Company
IT Security and Compliance Program Plan for Maxistar Medical Supplies Company
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Capstone Final Project
Capstone Final ProjectCapstone Final Project
Capstone Final Project
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
Project NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docxProject NameYour Full NameCourse Number and Name (As i.docx
Project NameYour Full NameCourse Number and Name (As i.docx
 
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docxRunning Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
Running Head NETWORK INFRASTRUCTURE VULNERABILITIES1NETWORK .docx
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.com
 
Csec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.comCsec 610 Your world/newtonhelp.com
Csec 610 Your world/newtonhelp.com
 
Csec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.comCsec 610 Extraordinary Success/newtonhelp.com
Csec 610 Extraordinary Success/newtonhelp.com
 
Security and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 WhitepaperSecurity and Compliance In Microsoft Office 365 Whitepaper
Security and Compliance In Microsoft Office 365 Whitepaper
 

More from danas19

Recognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxRecognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxdanas19
 
Recognizing Fallacies Constructing sound arguments requires .docx
Recognizing Fallacies Constructing sound arguments requires .docxRecognizing Fallacies Constructing sound arguments requires .docx
Recognizing Fallacies Constructing sound arguments requires .docxdanas19
 
Recognizing Written ArgumentFor this weeks discussion, Id like.docx
Recognizing Written ArgumentFor this weeks discussion, Id like.docxRecognizing Written ArgumentFor this weeks discussion, Id like.docx
Recognizing Written ArgumentFor this weeks discussion, Id like.docxdanas19
 
Recognizing the fact usernames passwords are the weakest link in.docx
Recognizing the fact usernames passwords are the weakest link in.docxRecognizing the fact usernames passwords are the weakest link in.docx
Recognizing the fact usernames passwords are the weakest link in.docxdanas19
 
Recognizing ArgumentsIn this assignment, you will apply key co.docx
Recognizing ArgumentsIn this assignment, you will apply key co.docxRecognizing ArgumentsIn this assignment, you will apply key co.docx
Recognizing ArgumentsIn this assignment, you will apply key co.docxdanas19
 
Recognition, Reification, and Practices of ForgettingEthica.docx
Recognition, Reification, and Practices of ForgettingEthica.docxRecognition, Reification, and Practices of ForgettingEthica.docx
Recognition, Reification, and Practices of ForgettingEthica.docxdanas19
 
Recipe Format for Café Laura (and HM courses)Header Information.docx
Recipe Format for Café Laura (and HM courses)Header Information.docxRecipe Format for Café Laura (and HM courses)Header Information.docx
Recipe Format for Café Laura (and HM courses)Header Information.docxdanas19
 
Recently, several flyers were found near the campus of the Universit.docx
Recently, several flyers were found near the campus of the Universit.docxRecently, several flyers were found near the campus of the Universit.docx
Recently, several flyers were found near the campus of the Universit.docxdanas19
 
Recently, Kathy Smith, a project manager for a large industrial cons.docx
Recently, Kathy Smith, a project manager for a large industrial cons.docxRecently, Kathy Smith, a project manager for a large industrial cons.docx
Recently, Kathy Smith, a project manager for a large industrial cons.docxdanas19
 
Recently your facility has had patient complaints about staff posing.docx
Recently your facility has had patient complaints about staff posing.docxRecently your facility has had patient complaints about staff posing.docx
Recently your facility has had patient complaints about staff posing.docxdanas19
 
Recently, I built a floating bed frame for my room. I watched a qu.docx
Recently, I built a floating bed frame for my room. I watched a qu.docxRecently, I built a floating bed frame for my room. I watched a qu.docx
Recently, I built a floating bed frame for my room. I watched a qu.docxdanas19
 
Recently, a US Circuit Court upheld the enforceability of Website .docx
Recently, a US Circuit Court upheld the enforceability of Website .docxRecently, a US Circuit Court upheld the enforceability of Website .docx
Recently, a US Circuit Court upheld the enforceability of Website .docxdanas19
 
Recently police departments across the nation has been accused o.docx
Recently police departments across the nation has been accused o.docxRecently police departments across the nation has been accused o.docx
Recently police departments across the nation has been accused o.docxdanas19
 
Recently Capital One experienced scandal1.  Understand what.docx
Recently Capital One experienced scandal1.  Understand what.docxRecently Capital One experienced scandal1.  Understand what.docx
Recently Capital One experienced scandal1.  Understand what.docxdanas19
 
Recall a time when you received bad news, either in your academic or.docx
Recall a time when you received bad news, either in your academic or.docxRecall a time when you received bad news, either in your academic or.docx
Recall a time when you received bad news, either in your academic or.docxdanas19
 
Recent genetics research on leadership by Dr. Richard Avey suggests .docx
Recent genetics research on leadership by Dr. Richard Avey suggests .docxRecent genetics research on leadership by Dr. Richard Avey suggests .docx
Recent genetics research on leadership by Dr. Richard Avey suggests .docxdanas19
 
Receiving funding from a grant or other source of funds is a great a.docx
Receiving funding from a grant or other source of funds is a great a.docxReceiving funding from a grant or other source of funds is a great a.docx
Receiving funding from a grant or other source of funds is a great a.docxdanas19
 
ReceivedRevisedAcceptedISSN 1307-9298Copyr.docx
ReceivedRevisedAcceptedISSN 1307-9298Copyr.docxReceivedRevisedAcceptedISSN 1307-9298Copyr.docx
ReceivedRevisedAcceptedISSN 1307-9298Copyr.docxdanas19
 
Received 9 December 2017 Revised 19 September 2018 Accepted.docx
Received 9 December 2017 Revised 19 September 2018 Accepted.docxReceived 9 December 2017 Revised 19 September 2018 Accepted.docx
Received 9 December 2017 Revised 19 September 2018 Accepted.docxdanas19
 
Recall that the goal of the Kyoto Protocol was to cut developed co.docx
Recall that the goal of the Kyoto Protocol was to cut developed co.docxRecall that the goal of the Kyoto Protocol was to cut developed co.docx
Recall that the goal of the Kyoto Protocol was to cut developed co.docxdanas19
 

More from danas19 (20)

Recognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docxRecognizing  the fact usernames passwords are the weakest link in an.docx
Recognizing  the fact usernames passwords are the weakest link in an.docx
 
Recognizing Fallacies Constructing sound arguments requires .docx
Recognizing Fallacies Constructing sound arguments requires .docxRecognizing Fallacies Constructing sound arguments requires .docx
Recognizing Fallacies Constructing sound arguments requires .docx
 
Recognizing Written ArgumentFor this weeks discussion, Id like.docx
Recognizing Written ArgumentFor this weeks discussion, Id like.docxRecognizing Written ArgumentFor this weeks discussion, Id like.docx
Recognizing Written ArgumentFor this weeks discussion, Id like.docx
 
Recognizing the fact usernames passwords are the weakest link in.docx
Recognizing the fact usernames passwords are the weakest link in.docxRecognizing the fact usernames passwords are the weakest link in.docx
Recognizing the fact usernames passwords are the weakest link in.docx
 
Recognizing ArgumentsIn this assignment, you will apply key co.docx
Recognizing ArgumentsIn this assignment, you will apply key co.docxRecognizing ArgumentsIn this assignment, you will apply key co.docx
Recognizing ArgumentsIn this assignment, you will apply key co.docx
 
Recognition, Reification, and Practices of ForgettingEthica.docx
Recognition, Reification, and Practices of ForgettingEthica.docxRecognition, Reification, and Practices of ForgettingEthica.docx
Recognition, Reification, and Practices of ForgettingEthica.docx
 
Recipe Format for Café Laura (and HM courses)Header Information.docx
Recipe Format for Café Laura (and HM courses)Header Information.docxRecipe Format for Café Laura (and HM courses)Header Information.docx
Recipe Format for Café Laura (and HM courses)Header Information.docx
 
Recently, several flyers were found near the campus of the Universit.docx
Recently, several flyers were found near the campus of the Universit.docxRecently, several flyers were found near the campus of the Universit.docx
Recently, several flyers were found near the campus of the Universit.docx
 
Recently, Kathy Smith, a project manager for a large industrial cons.docx
Recently, Kathy Smith, a project manager for a large industrial cons.docxRecently, Kathy Smith, a project manager for a large industrial cons.docx
Recently, Kathy Smith, a project manager for a large industrial cons.docx
 
Recently your facility has had patient complaints about staff posing.docx
Recently your facility has had patient complaints about staff posing.docxRecently your facility has had patient complaints about staff posing.docx
Recently your facility has had patient complaints about staff posing.docx
 
Recently, I built a floating bed frame for my room. I watched a qu.docx
Recently, I built a floating bed frame for my room. I watched a qu.docxRecently, I built a floating bed frame for my room. I watched a qu.docx
Recently, I built a floating bed frame for my room. I watched a qu.docx
 
Recently, a US Circuit Court upheld the enforceability of Website .docx
Recently, a US Circuit Court upheld the enforceability of Website .docxRecently, a US Circuit Court upheld the enforceability of Website .docx
Recently, a US Circuit Court upheld the enforceability of Website .docx
 
Recently police departments across the nation has been accused o.docx
Recently police departments across the nation has been accused o.docxRecently police departments across the nation has been accused o.docx
Recently police departments across the nation has been accused o.docx
 
Recently Capital One experienced scandal1.  Understand what.docx
Recently Capital One experienced scandal1.  Understand what.docxRecently Capital One experienced scandal1.  Understand what.docx
Recently Capital One experienced scandal1.  Understand what.docx
 
Recall a time when you received bad news, either in your academic or.docx
Recall a time when you received bad news, either in your academic or.docxRecall a time when you received bad news, either in your academic or.docx
Recall a time when you received bad news, either in your academic or.docx
 
Recent genetics research on leadership by Dr. Richard Avey suggests .docx
Recent genetics research on leadership by Dr. Richard Avey suggests .docxRecent genetics research on leadership by Dr. Richard Avey suggests .docx
Recent genetics research on leadership by Dr. Richard Avey suggests .docx
 
Receiving funding from a grant or other source of funds is a great a.docx
Receiving funding from a grant or other source of funds is a great a.docxReceiving funding from a grant or other source of funds is a great a.docx
Receiving funding from a grant or other source of funds is a great a.docx
 
ReceivedRevisedAcceptedISSN 1307-9298Copyr.docx
ReceivedRevisedAcceptedISSN 1307-9298Copyr.docxReceivedRevisedAcceptedISSN 1307-9298Copyr.docx
ReceivedRevisedAcceptedISSN 1307-9298Copyr.docx
 
Received 9 December 2017 Revised 19 September 2018 Accepted.docx
Received 9 December 2017 Revised 19 September 2018 Accepted.docxReceived 9 December 2017 Revised 19 September 2018 Accepted.docx
Received 9 December 2017 Revised 19 September 2018 Accepted.docx
 
Recall that the goal of the Kyoto Protocol was to cut developed co.docx
Recall that the goal of the Kyoto Protocol was to cut developed co.docxRecall that the goal of the Kyoto Protocol was to cut developed co.docx
Recall that the goal of the Kyoto Protocol was to cut developed co.docx
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaVirag Sontakke
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitolTechU
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,Virag Sontakke
 

Recently uploaded (20)

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Painted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of IndiaPainted Grey Ware.pptx, PGW Culture of India
Painted Grey Ware.pptx, PGW Culture of India
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Capitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptxCapitol Tech U Doctoral Presentation - April 2024.pptx
Capitol Tech U Doctoral Presentation - April 2024.pptx
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)ESSENTIAL of (CS/IT/IS) class 06 (database)
ESSENTIAL of (CS/IT/IS) class 06 (database)
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,भारत-रोम व्यापार.pptx, Indo-Roman Trade,
भारत-रोम व्यापार.pptx, Indo-Roman Trade,
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 

REAL-TIME INTEGRATION SYSTEMS Computer Systems Security .docx

  • 1. REAL-TIME INTEGRATION SYSTEMS Computer Systems Security Foundations Week 4: Software and Database Security <name> [Pick the date] This document contains information and typical analyses that Real-Time Integration Systems must conduct to ensure compliance with recent initial public offering (IPO) requirements and to ensure the security of the company infrastructure. In addition to ensuring compliance to the Sarbanes-Oxley requirements, the company is also considering expanding the network infrastructure to allow employee flexibility (yet sound security) in the area of network connectivity through the introduction of a wireless network. The company will evaluate the risks and the current and future network infrastructure and enterprise systems, as well as the access control policies currently in use. Within the analysis of the technical review, Real-Time Integration Systems will ensure a proper security program is in place and
  • 2. that policies and procedures are updated and accurate. Table of Contents Project Outline and Requirements (Week 1) ............................................................................................... . 1 Organization Description ............................................................................................... ........................... 1 Project Requirements ............................................................................................... ................................ 1 Introduction to Information Security (Week 1) ............................................................................................ 3 The Need for Information Security ............................................................................................... ............ 3 Potential Issues and Risks for Wi-Fi Environments ................................................................................... 3 Security Challenges of Allowing Consultants to Work On-Site ................................................................. 3 A Review of the Sarbanes-Oxley Requirements ....................................................................................... 3 Security Assessment (Week 2)
  • 3. ............................................................................. .................. ....................... 4 Current Assets ............................................................................................... ............................................ 4 Analysis of Current Network Topology and Risks ..................................................................................... 4 Risk Assessment Methodology ............................................................................................... .................. 5 Risk Mitigation ............................................................................................... ........................................... 6 Access Controls and Security Mechanisms (Week 3) ................................................................................... 7 Access Controls of Existing Applications ............................................................................................... .... 7 The Application List From Week 2 With Needed Access Controls (Examples): .................................... 7 Access Controls to the Wi-Fi Network ............................................................................................... ....... 7 Network Authentication Schemes ............................................................................................... ............. 8
  • 4. Single Sign-On ............................................................................................... ........................................ 8 Virtual Private Networks ............................................................................................... ........................ 8 Software and Database Security (Week 4) ............................................................................................... .... 9 Regulatory Requirements of Sarbanes-Oxley ........................................................................................... 9 Polices ............................................................................................... ........................................................ 9 Controls ............................................................................................... ...................................................... 9 Protecting Data ............................................................................................... .......................................... 9 Data-at-Rest ............................................................................................... ........................................... 9 Data-in-Motion ............................................................................................... ...................................... 9 Network Security (Week 5)
  • 5. ............................................................................... ................ .......................... 10 Protecting Data .......................................................................................... Error! Bookmark not defined. Intrusion Detection Systems .................................................................. Error! Bookmark not defined. Intrusion Prevention Systems ................................................................ Error! Bookmark not defined. References ............................................................................................... ................................................... 11 Computer Systems Security Foundations Organization Consultants Page 1 Project Outline and Requirements (Week 1) Organization Description Real-Time Integration Systems is a publicly traded company
  • 6. based in San Jose, California that offers customized solutions to customers and clients. The main focus for Real-Time is the creation of solutions based on integrating the various systems that are used in the customers’ offices so that they can have a single management interface for all systems and applications. Real-Time has 100 employees. About one third is internal company-based support, and two thirds of the employee base is consulting staff working on the customized solutions. The company recently underwent an IPO, and as such, now has additional regulatory requirements that it must meet. Talking with the company’s chief information officer (CIO) and chief financial officer (CFO), they admit that the recent IPO has added additional pressures for their company. They now must meet additional regulatory requirements. The consulting staff typically meets with the customer to gather the system requirements and then returns home to the Real-Time facilities to create the integration solutions. A major problem that the consultants face is network resources. The office spaces that are allocated to the consulting team offer cubicles with limited network access. The consultants need a more flexible solution for connecting to the Real-Time network. Real-Time wants to implement a secure solution that ensures the privacy of the communications and company data as well as giving the consultants the flexibility to connect to the network and move around and interact and conference with other consultants. Project Requirements As Real-Time starts the project, the leaders realize that their current infrastructure is not as secure as
  • 7. they thought. The original information technology (IT) staff was well-meaning, but at the time of the start-up, they were not as security-conscious as companies are today. As a result, Real-Time wants to ensure the overall security of the existing infrastructure and to isolate the new development infrastructure as much as possible. To begin, the existing network architecture includes a demilitarized zone (DMZ) for the company Web site, file transfer protocol (FTP), and mail servers. The company Intranet is a flat network. All company resources and applications are on the same network with all staff desktops. All company systems are internal (meaning that they outsource no solutions). All systems and applications are housed in the San Jose corporate site in a converted conference room that is now a dedicated data center. Real-Time does have a concern over the customer systems and data that are brought into the San Jose facility. The customer data and equipment need to be isolated from other customer environments. At no point in time can the data from one customer be stored in the same environment as a different customer. The CIO has made these requirements very clear to the staff. Customer data privacy and security needs to be a top priority. Proper resources have been allocated for the project, and several key goals have been set: • Evaluate the regulatory requirements based on the Sarbanes- Oxley Act, and ensure that company security policies are sufficient to meet the
  • 8. requirements. • Evaluate the security risks in the current environment. • Evaluate the access control methods that are currently in use, and identify newly needed controls. • Evaluate the need for controls to better protect data both at rest and in motion. • Develop or redesign a secure network solution. Introduction to Information Security (Week 1) A review of the current infrastructure and security model is needed to ensure compliance with the new Sarbanes-Oxley regulations. Management wants to understand how the regulation impacts the information security posture of the Real-Time Integrations Systems environment. To do so, the following areas need to be better understood by the organization: • Describe the need for information security • The potential issues and risks that exist and what benefits they can gain from the new wireless fidelity (W-Fi) project • Describe what new challenges exist with the new project to allow consultants to work on-site • Describe the challenges that now apply to the company with the recent IPO taking place
  • 9. The Need for Information Security A review of the high level of information security should take place, and then a practical discussion about what it means for organizations like Real-Time Integration Systems needs to take place. Potential Issues and Risks for Wi-Fi Environments A review of the technical security needs to take place. The focus should be on the extension of a network through the use of wireless technologies. Security Challenges of Allowing Consultants to Work On-Site A review of the administrative security controls needs to take place. The focus should be on the policies and personal requirements that need to be implemented A Review of the Sarbanes-Oxley Requirements Sarbanes-Oxley will now affect Real-Time, and there needs to be a discussion about the specific provisions of the regulations that apply to the IT infrastructure. Security Assessment (Week 2) To conduct a security assessment, the organization needs to understand its environment. This includes asset identification, data classifications, and network topologies. This section will focus on asset identification and network topology and the risks associated with them in the current environments. Current Assets A list of the enterprise systems that Real-Time Integration
  • 10. Systems relies on to run the day-to-day business activities includes the following systems: Example Enterprise Systems System Applications Description Enterprise resource planning (ERP) Human resources (HR) Human resources uses this to track employees, managers, assignments, salary, and expenses ERP Financials Accounts payables, accounts receivables, general ledger Customer relations management (CRM) Sales and marketing Tracking of customers and customer projects Web servers Company public portal Information and applications used by customers to interact with Real-Time Integration Systems E-mail server All departments E-mail system used for company
  • 11. e-mail and external communications Analysis of Current Network Topology and Risks An example diagram for the current network (although not required for submission) could be represented as follows: Because all machines (user desktops and servers) are on the same network, all connected to the Internet, a security breach on any single machine give hackers direct access to all other servers and devices on the same network. This is highly undesirable. Additional risks should be discussed. System Risks Web server Accessible to the Internet by design, easy targets for hackers Desktop systems Users are primary targets for social engineers, if compromised network resources are accessible If the new Wi-Fi network is added to the existing network, an example diagram could look as follows: A discussion about the new risks for this model needs to be
  • 12. conducted. Risk Assessment Methodology The following is an outline of the methodology that can be used for a risk assessment: • Phase 1: Project Definition • Phase 2: Project Preparation • Team Preparation • Project Preparation • Phase 3: Data Gathering • Administrative • Technical • Physical • Phase 4: Risk Analysis • Assets • Threat Agents and Threats • Vulnerabilities • Phase 5: Risk Mitigation • Safeguards • Residual Security Risk • Phase 6: Risk Reporting and Resolution • Risk Recommendation • Documentation Risk Mitigation
  • 13. As part of the risk-assessment process, a plan needs to be recommended (and ultimately acted upon). The exact process for dealing with risk varies from company to company based on the risk tolerance. The following should be discussed with respect to handling risk: Access Controls and Security Mechanisms (Week 3) The focus of this section is to examine the access control model of the previously identified applications. A potential review of the existing system could take place, but a proposed final solution needs to take place for each application. A proposed solution for the new Wi- Fi network is also given. Access Controls of Existing Applications The application list from Week 2 with needed access controls (examples): System Proposed Access Control Identification/Authentication Authorization ERP Single sign-on technology (SSO) Role-based access control Desktop Active Directory Role-based access control Access Controls to the Wi-Fi Network
  • 14. A detailed description of how access controls should be implemented is provided. An example of a network segregation diagram (not required but could be implemented) is as follows: Active Directory has been included for the potential of desktop and wireless authentication. Additional discussions could take place surrounding the concepts of virtual private network access for wireless clients. Network Authentication Schemes Single Sign-On Description of SSO technologies and their use will take place in this section. Virtual Private Networks Description of VPN technologies and their use will take place in this section. Software and Database Security (Week 4) A focus on the policies, processes, and procedures is an important part of the Sarbanes-Oxley regulations and requirements. This section will focus on the needed policies and audit controls that need to be in place to meet the requirements. Regulatory Requirements of Sarbanes-Oxley
  • 15. Sarbanes-Oxley is a wide-sweeping regulation that applies to publicly traded companies. Although the main focus of the regulation deals with the accurate reporting of financial data and record-keeping, several sections touch on the need for IT controls. The following is a list and description of specifics in the regulation that deal with IT: <Provide the Details of Sarbanes-Oxley Requirements> Polices An important aspect of any security program and the compliance with Sarbanes-Oxley is the implementation and enforcement of security policies. The following is a list and description of applicable security policies that are implemented at Real-Time Integration Systems: Policy Description Acceptable-use policy Describe what, when, and how company resources should and should not be used. A total of 5 policies are required. Controls Policies state management’s desired intent of acceptable behavior and expectations, but more than expressed desire is required. The company needs to be testing and tracking compliance with the published policies. The following is a list of controls that can be used to complete that task: Policy Control Acceptable-use policy Firewall monitoring for violations of
  • 16. access time and access sites Acceptable-use policy Monitoring of outbound phone call usage A total of 3 controls for each policy are required. Protecting Data Data-at-Rest A description of data-at-rest and the applicable use will take place in this section. Data-in-Motion A description of data-in-motion and the applicable use will take place in this section. Network Security (Week 5 TBD) References Project Outline and Requirements (Week 1)Organization DescriptionProject RequirementsIntroduction to Information Security (Week 1)The Need for Information SecurityPotential Issues and Risks for Wi-Fi EnvironmentsSecurity Challenges of Allowing Consultants to Work On-SiteA Review of the Sarbanes-Oxley RequirementsSecurity Assessment (Week 2)Current AssetsAnalysis of Current Network Topology and
  • 17. RisksRisk Assessment MethodologyRisk MitigationAccess Controls and Security Mechanisms (Week 3)Access Controls of Existing ApplicationsThe application list from Week 2 with needed access controls (examples):Access Controls to the Wi-Fi NetworkNetwork Authentication SchemesSingle Sign-OnVirtual Private NetworksSoftware and Database Security (Week 4)Regulatory Requirements of Sarbanes- OxleyPolicesControlsProtecting DataData-at-RestData-in- MotionNetwork Security (Week 5 TBD)References Sheet1Order # 53618899Part IX - Financial DataRevenue2018201920202021Gifts/Grants/Donations/Contrib utions$13,229$10,550$15,000$18,000Membership Fees$0$0$0$0Gross Investment Income$0$0$0$0Net Unrelated Business Income$0$0$0$0Other Income (Please describe this income)$0$0$0$0Sales Income (Sale of goods/services)$0$0$0$0Unusual Grants$0$0$0$0Fundraising Income$0$0$0$0Total Revenue$13,229$10,55015,000$18,000Expenses2018201920202 021Line 14 - Fundraising Expenses$0$0$0$0Line 15 - Grants, Donations, Gifts to OthersFor _____________________________$0$0$0$0For _____________________________$0$0$0$0For _____________________________$0$0$0$0Line 17 - Director / Officer compensation (Provide NAME & TITLE)For _____________________________$0$0$0$0For _____________________________$0$0$0$0For _____________________________$0$0$0$0Line 18 - Other salaries and wages (Provide NAME and/or TITLE)For _____________________________$0$0$0$0For _____________________________$0$0$0$0For _____________________________$0$0$0$0Line 19 - Interest Expense$0$0$0$0Line 20 - Occupancy (rent, utilities, etc.)$0$0Rent$0$0$0$0Utilities$0$0$0$0Line 21 - Depreciation and Depletion$0$0$0$0Line 22 - Professional Fees$0$0$0$0Line 23 - Other Expenses$0$0$0$0Program
  • 18. Expenses (OVERHEAD EXPENSES. Please Itemize)Texas State Formation of Azama Progressive Foundation Inc. Expenses$459$0$0$0For ___Legal Zoom__________________________$1,500$445$1,000$900For Legal Zoom/Attorney Consultations/1yr Subscription Expense$131$131$131$131For Website Development & 1yr. Support/Hosting$930$300$300$250For 501©3 Recognition_& Letter of Determination$620$0$0$0Formation of Azama Progressive Foundation Inc.in Nigeria Expenses$1,300$0$0$0Purchase of 2 New HP Laptops for the Foundation in Nigeria$996$0$0$0Promotion for Scholarship Expenses sent to Nigeria$894$375$450$600Scholarship Awards to 100 Azama College Students$0$2,000$3,000$3,000Purcase of 100 Large School back packs / shipment$0$1,507$0$1,600Purchase of 1.5 Acres of Virgin Land for Cashew Plantion$0$3,500$0$0Labor Land clearing/make ready for cashew planting/cashew seedling transplant$2,000$0$1,500Misc. Expenses/Refreshment for/Rental of chair & tables for scholarship award$0$1,200$0$0Weeding/Ferterlizing/Establishment of intercrops in the new cashew farm$0$0$1,200$1,200Barbwire Fencing of the cash farm/Bill Board of the Foundation/No Trespass Sign$0$0$1,500$0Office Supplies$577$325$6001350Telephone$0$0$0$0Fax$0$0$0$0Int ernet Expense$0$0$0$0Delivery & Postage$0$0$0$0Printing Costs$0$0$0$0Reproduction (Copying)$0$0$0$0Transportation Costs (Gas, Lodging, etc.)$0$0$0$0Parking$0$0$0$0Permits & Licenses$0$0$0$0Insurance$0$0$0$0Other Expenses Subtotal$7,407$11,783$8,181$10,531Total Expenses$7,407$11,783$8,181$10,531Excess Revenue Over Expenses$5,822($1,233)$6,819$7,469 Sheet2 Sheet3 Assignment The case study company is also concerned about the
  • 19. confidentiality and integrity of the data. What policies and controls are needed to meet the regulatory requirements imposed by the recent initial public offering (IPO)? To ensure the confidentiality of data both internally and externally, discuss how you can effectively protect the data in motion and at rest. Create the following section for Week 4: · Week 4: Security Policies, Procedures, and Regulatory Compliance · List and describe the regulatory requirement that was introduced by the IPO. · List and describe at least 5 policies that the company needs. · From the list of policies, list and describe at least 3 controls that the company needs to implement. · Describe the data at rest and data in motion and how they can be protected · Section 4 should be 2–3 pages long. Worked Example Please refer to the following worked example of this assignment based on the problem-based learning (PBL) scenario. The worked example is not intended to be a complete example of the assignment, but it will illustrate the basic concepts that are required for completion of the assignment, and it can be used as a general guideline for your own project. Your assignment submission should be more detailed and specific, and it should reflect your own approach to the assignment rather than just following the same outline.