SlideShare a Scribd company logo

Information Security Assessment for Dammam Technical College

Download as DOCX, PDF
J
jaggernaoma

This document provides an information security assessment for Dammam Technical College. It begins with an introduction that outlines the organization's description, goals, structure, and security requirements. It then discusses plans for the project, including analyzing the IT architecture, identifying security threats and controls, performing a security evaluation, and proposing security improvements. The remainder of the document is structured to cover each of these planned sections in detail. It aims to analyze the current IT systems and infrastructure, evaluate security risks, and make recommendations to enhance the information security posture of the organization.

Education
1 of 26
Information Security Assessment Dammam Technical College Information Security Assessment for Dammam Technical CollegeTable of Contents iiiTable of Figures Table of Tables iv Revision History v 1.Introduction 1 1.1 Course Description 1 1.2 Organization Overview 1 1.3 Scope 1 1.4 Business Goals 1 1.5 Organization Structure 1 1.6 Security Requirements 1 1.7 Document Conventions 2
1.8 Project Plan 2 1.9 Report Structure 2 2.Literature Review 3 3.IT Architecture Analysis 4 3.1 Identify IT resources: 4 3.1.1 IT assets 4 3.1.2 IT Human Resources 4 3.1.3 Relationship between IT and Business 4 3.2 Characterize the IT network: diagram, topology, protocols used, etc. 4 3.3 Operating Environment 5 3.4 Assumptions and Dependencies 5 4.Identify security threats and security controls. 6 4.1 Identify security threats
6 4.2 List the existing security controls 6 4.3 Evaluate the adequacy of the existing security controls and their efficiency in reducing the risk associated with each security threat. 6 5.Security Evaluation 7 5.1 Risk Identification 7 5.2 Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method) 7 5.3 Choosing a security evaluation standard (Common Criteria, etc.) 7 5.4 Carry out the security evaluation strictly following the chosen standard. 7 6.Proposition (and maybe Implementation) of Security Improvements 8 6.1 Propose a suitable security policy 8 6.2 Identify appropriate Security Controls 8 6.3 Propose security controls implementation plan
8 6.4 Propose an appropriate Security Life-Cycle and Security Management Plan 8 6.5 Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.) 8 6.6 Ethical Considerations in the proposal 9 7.Proposition Nonfunctional Requirements 10 7.1 Performance Requirements 10 7.2 Safety Requirements 10 7.3 Software Quality Attributes 10 7.4 Other Requirements (Optional) 10 8.References 11 Appendix A: Glossary 12 Appendix B: Analysis Models 13 Appendix C: Software and hardware details and technical specifications 14 Table of Figures
ure 1: Orgazation Structuesss…………………………………………………………… …….8Fig Figure 2: Gnatt Chart Project Plan…………………………………………….…………..…….10 Figure 3: IT Architecture …………...………………………………….…………..…………… 12 Fure 4: Network Diagram ………...………………………………….…………….……………1 4 Table of Tables Table 1: IT Assets list 13 Revision History Name Date Reason For Changes Version 1 1. Introduction 1.1 Course Description The capstone course allows the students to review an
organization’s needs and address all the challenges involved with implementing and/or changing information technology focusing on information security in a complex organization. Students will analyze organizational objectives and propose a solution and a full implementation plan. The proposed solution must address strategies for overcoming the challenges of information security related projects such as assessing risks, reduction of funding, and keeping the support of executive management. Students will utilize skills gained throughout the program to demonstrate the ability to design an information security project from conception to post deployment. 1.2 Organization Overview Dammam College of Technology is a one of technical Colleges that created by the technical and vocational Training corporation. As all of technical Colleges, Dammam College of technology goals is to provide the labor market with technically qualified national personnel and meet the needs of the country of these cadres upon which it depend it build its economy. The start of this College was in 1988 with 150 students while according to their website the number last year is more than 4000 students. The College provide technical training in five technological sections which are Electronic Technology, Electrical Technology, Mechanical Technology, Computer Technology and Administrative Technology. 1.3 Scope Scope of work for Dammam college is starting with admission and registration of applicants, selecting and develop training material, Formation, supervision and follow-up of trainees committees , graduate a qualified trainees within maximum 4 years from theirs program started and finally assure the trainees find a jobs in labor market after their graduate. 1.4 Business Goals Business goals for Dammam Technical College (DTC) are like most of education enterprise include but not limited to provide
students or trainees with knowledge and technical skills that help them to join the labor market, develop learning and training process and material, utilize technology in the learning process, and finally simplify communications within the College. While there some corporate goals that inherent from main College in Riyadh like develop sections materials and develop staff. IT department in Dammam College provide support for more than 2000 students in addition to more than 400 employees in the College. I have selected this organization because it meets the capstone requirements of having information system, further more education field is very active and vital field that requires implementation of information security due to sensitive of data and dependency on Information system on education process. 1.5 Organization Structure Actually the College has structure mirror the mother College in Riyadh, so most of its organization refer and depend on main department in Riyadh. However below is a diagram showing the organizations chart of Damam College. My report will be mainly covers information Security that mostly carry out by the computer Center that part of Support Center organization. Below Diagram show the construction chart for Dammam College of Technology. Figuer1 Organization structure 1.6 Security Requirements Technical College of Dammam has IT systems that connected to the main office in Riyadh, however they have ITdepartment that has Manager, LAN Admins, Developers, Technical Support, and some of part time employees from computer technology College. From technology point view they have Intranet , IP Telephony, Firewall device routers , layers 3 switch, core switch, wireless controller, VTP server, cloud server and labs that contains workstations. The organization was selected because it is meet the capstone requirements. Security is
important for this organization because Information technology and computer system support the organization goals. IT system is important because it not just hardware and software but communications and data that organization depend on for transforming the information. The important of information security in education in general is critical and vital because IT system is holding the data and the College is rely on the IT for storing and processing the information. Each part of Information CIA Triad; confidentiality and integrity and availability; is important and essential in education process. From confidentiality for example the grades of student should not be access or viewed by the right people. From Integrity for example the transcripts, exams result should be accurate and not changed only by authorized people. From availability for example education data, education material and electronic services should be available whenever it’s needed. 1.7 Document Conventions In this report the following types of conventions are used: bold font: organization name Italic font: position for people in organization and notes1.8 Project Plan The project start with selecting organization, after receiving the criteria of organization that needed for this capstone from instructor, I have searched and visited many organization till I found this origination. After selecting the organization second task is IT Architecture Analysis for this origination this include identifying IT resource, IT human resource and relations between IT and business. Third part of the plan is to identify the security threats and security for this origination. This include evaluate existed security controls. Fourth action is reflecting all information in this report and provide progress report to the advisor. Five action is doing security evaluation by identifying risks and carry out risk assessment. Sixth section in
my plan is proposing or implementing security improvements for the selecting organization. Seventh part of this plan is preparing the final report and implement the advisor comments and recommendations. Final steps is preparing a presentation for this capstone. Below is a Gantt chart show the Project Plan Figure 2: GANTT CHART Project plan 1.9 Report Structure The remaining part of the report has the following sections: IT Architecture Analysis : that will include Identify It resources like IT assets , IT humman Rsesources and relationship between IT and business. In addtion to Characterize the IT network , Operating Environment and assumptions and dependencies. Identify security threats and security controls: this section will list security threats, consolidate existed security controls and evaluate the efficiency of existed control in reducing security threats. Secrurity evalutaion : will go thourgh risk identification, carry out risk assessment , choose a secuirty evalution starndard and finall carry out security evalutaion stricltly following the chosen starndard. Proposition and maybe implantation of seucirty improvements: in this section I will propose a suitable security policy, Identify appropriate Security Controls, Propose security controls implementation plan, Propose an appropriate Security Life- Cycle and Security Management Plan, Proposing an appropriate plan to establish a security culture, Ethical Considerations in the proposal Proposition Nonfunctional Requirements: Performance
Requirements, Safety Requirements, Software Quality Attributes, Other Requirements. 2. Literature Review Resource for this report are the following books, I will give brief description about each resource: 1- Brown, C. (2012). Managing information technology. Upper Saddle River, N.J.: Prentice Hall/Pearson. : it will help analyzing the IT Architecture since it provides overview of information technologies used to maximize organizational efficiency and effectiveness. 2- Stallings, W., & Brown L. (2015). Computer Security: Principles and practice. Upper Saddle River, NJ: Pearson Education, Inc. ISBN-13:9780133773927: that help me in identify information security threats, dangers, and risks that organizations face, in addition to the ability to analyze potential vulnerabilities that can impact on IT resources. 3- Dhillon, G. (2007). Principles of information systems security. Hoboken, NJ: John Wiley & Sons.: I will use this book to covers section five of this report that about cyber security issues surrounding an enterprise including securing organizational data. Note: Additional sources and references will be added in the final version of this report. 3. IT Architecture Analysis Current IT Architecture at Dammam College of Technology is consistent and support the College business goals. As showing in the diagram below that the organization is depending on IT resources to deploy and achieve its goals. References to IT architecture maturity that including Application Silos, Standardized Technology, Rationalized Data and Modular (Brown, 2012); Dammam College implemented some of these maturity.IT Architecture creation should be an outcomes of combination work between Managers and IT experts however in this organization I found that all decisions related to IT
standards , applications and projects taken by the head office. There is no architects, planners or event units in the origination. The IT Department in the origination has shorted in procedures and standards. IT department has support team, and developers. However there is a part times people how work permanently in computer technology section. There is no standard for installing software or upgrade the systems. Expansion of IT to new building or new Operating system done by third party. Figure 3: IT Architecture 3.1 Identify IT resources: IT resources in Dammam Technical College including Databases, hardware, Software and IT human resources. I will go in details for each resource. These resources are connected, however the connections is not very strong between some resources but the future growth of the College will enforce the connection to be stronger. 3.1.1 IT assets IT assets in the Dammam College of technology are many, there is software both application and support software, there are different type of hardware that include end-user, power hardware and services hardware. In the below table I will list these IT assets. Table 1: IT Assets List Software Hardware Operating systems Application software (office) Workstations windows server 2003 R2 Enterprise Edition SP2 Web browser Wireless access pointes windows server 2008 R2 Enterprise SP1 64-bit
Programing application for lab and developers TMG firewall Server windows server 2012 R2 Datacenter Cisco Telephone over IP windows server 2007 Enterprise SP2 Internet security & acceleration server windows server 2012 R2 Standard Hyper Active directory Windows 7, Windows 8 Kaspersky server windows server 2003 R2 Enterprise Edition SP2 FTP server Layer 3 Switches 2900, 3500 Web servers 3.1.2 IT Human Resources Employees in IT department around 14 employees, there is a manager and three other are working as assistances. Technical support team are five persons, there are also five employees are
working as developers. There is also five employees belong to Computer technology college working as part time if needed. 3.1.3 Relationship between IT and Business Relationship between IT and Business is aligned and associated. IT provide the support and services to achieved business goals. Organization is depending on the IT resources in communications and exchange information within the origination and out of origination. Within organization through the Ethernet and over internet to communicate outside the organization.IT system is centralized and Information system decision are implemented by the central IT of Headquarter. 3.2 Characterize the IT network: diagram, topology, protocols used, etc. Below diagram show the Characterize IT network for the organization. Topology that used in the network is a tree topology. There many Protocols used in the organization but the most common Protocols that used among the organization are: TCP, IP, UDP, POP, SMTP, HTTP, and FTP. Figure 4 : Network Diagram3.3 Operating Environment The operation environment in the origination is different based on the positions. Workstations are either for business or training. Staff are connected to separate through Ethernet to get the services or support. Labs are connected locally and has no internet access. Operating system in all workstation is windows 7 and no clear upgrade procedures. There are many access point devices but there is no strong password policy for it. There is not inventory for software and installation has no security assessment for staff. Limitation that face IT department is lack of procedures and standards, lack of employees, lack of training and poor construction for organization and mission of organization. .3.4 Assumptions and Dependencies
Assumptions that could affect the IT Department in Dammam College is poor participation in decision that related to IT. They are totally depend on Head quarter in Riyadh. While dependencies is clear in replacement program for IT assets or upgrade for Operating system. This process done by third party and out of hand IT Department in the College. Outsourcing decision is done by Head Quarter in Riyadh. 4. Identify security threats and security controls. In information technology, Confidentiality, Integrity and Availability are the three security objective goals. Confidentiality in information technology refers to achieving high levels of protecting information. Information, especially confidential information must not be revealed to unintended party whether that information is online or offline. Since the College relies on electronic information storage and transfer for all transactions, The IT systems stores and handles valuable information that are not limited to personal identifiable information. Third parties who will see this information regardless of the status mean that the information is no longer confidential. The security resources and the strategy used to ensure that information is secure online is the encryption technology. Through appropriate encryption resources and tools, confidential information will not be available to unintended parties. Like all other IT resources, encryption tools will work better when they are in their latest version. When referring to integrity in information technology, the phrase tries to explain information, which is modified before it reaches the intended person. When an IT infrastructure has achieved information integrity, it means that information passing through that system is not modified by third parties before reaching the intended person. Information is required for business processes. For business success, the need to achieve information security goals should not compromise with information available. Information should be available to authorized persons. Authorized persons should be able to access information when needed because they need it for production and efficiency of services. Cyber-attacks
always halt one or more of the three main security objective goals. I will go through security threats that may impact the security objectives in the organization. 4.1 Identify security threats Here I will identify security threats that my impact the objective of security of information in Dammam College of technology. This threats aims to impact the IT resources and may impact on business goals. First the threats that effect the availability, for the hardware the natural threats like fire and earthquake. Also theft may happened in case of poor physical security. For Software Availability may effected by deletion effect or deny of service threats. For Data also availability may be effected by authentication threats that may cause access deny or deleting files. Network and communication by impact by denial of service threats that prevent its availability. Second Threats that may effects Confidentiality. Threats here mainly in software, data and communications. Like make unauthorized copy from software. For communication steal session, threats form insider by able to reach data they should access. Finally threats that effect integrity , could be modifying software program to cause fail of program or system or to execute unrequired tasks. Unauthorized access and ability to modify the data due to lack of security control. Furthermore threats may include web applications attacks, physical threats, inside attack due to lack of policy or procedures, authentication threats. 4.2 List the existing security controls Security controls any tools, documents or practice that used to manage or limit the risk to the IT resources. Existed security controls in Dammam College are the following: 1- Physical access control: there is gate that ask for credentials to access the College. The server rooms is locked with key and there are cameras inside the room. 2- Technical access control: the Active directory that manage and control access to the network. Passwords for computers and
servers. There is cloud server and backup servers. 3- Administrative access control: there is IT asset inventory, user registration for computer use and access. 4.3 Evaluate the adequacy of the existing security controls and their efficiency in reducing the risk associated with each security threat. When I evaluate the efficiency of Security controls in Dammam Technical College I come out with the following: Physical Control: there is a weak in the physical security, since the theft may carry out by the insider employee. Also when I visit the server room there was combination lock to access carry door for the server room but the server room key was in the door. Technical Controls: it is good to have software to manage the password and authentication but there was weak in managing the software policy, I notice that there is no lifecycle for the password which big vulnerability. Also it is good to have backup and cloud server. Administrative Control: there is no clear standard, guide lines or procedure to control the IT works. However there is registration when the new employee join the organization and he assigned IT assets and these assets register under his custody as part of new hire procedures. 5. Security Evaluation <Introduce the section> 5.1 Risk Identification [Based on CS507 Module 7] <Identify Risks> 5.2 Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method)
[Based on CS562 Module 9] <Risk Assessment> 5.3 Choosing a security evaluation standard (Common Criteria, etc.) [Based on CS562 Module 8, 10-11] <Security Evaluation standard selection. You SHOULD justify your choice of the selected standard and describe the reason(s) for selecting this standard and not selecting other standards> 5.4 Carry out the security evaluation strictly following the chosen standard. <Step by step security evaluation using the selected standard> 6. Proposition (and maybe Implementation) of Security Improvements <Introduce the section> 6.1 Propose a suitable security policy [Based on CS 562 Modules 6-7] <Security Policy> 6.2 Identify appropriate Security Controls [Based on CS507 Modules 8-10] <Security Control. You SHOULD justify why you think these are appropriate?> 6.3 Propose security controls implementation plan [Based on CS507 Modules 8-10] <Step by step Implementation Plan> 6.4 Propose an appropriate Security Life-Cycle and Security
Management Plan [Based on CS562 Modules 10-11] <Security Life-Cycle> 6.5 Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.) [Based on CS562 Modules 11-13] <Plan to establish Security Culture> 6.6 Ethical Considerations in the proposal [Based on CS562 Modules 13-14] <Discuss ethical aspects> 7. Proposition Nonfunctional Requirements 7.1 Performance Requirements <If there are performance requirements for the product under various circumstances, state them here and explain their rationale, to help the developers/network designers understand the intent and make suitable design choices. Specify the timing relationships for real time systems. Make such requirements as specific as possible. You may need to state performance requirements for individual functional requirements or features.> 7.2 Safety Requirements <Specify those requirements that are concerned with possible loss, damage, or harm that could result from the use of the product. Define any safeguards or actions that must be taken, as well as actions that must be prevented. Refer to any external policies or regulations that state safety issues that affect the product’s design or use. Define any safety certifications that must be satisfied.> 7.3 Software Quality Attributes <Specify any additional quality characteristics for the product
that will be important to either the customers or the developers. Some to consider are: adaptability, availability, correctness, flexibility, interoperability, maintainability, portability, reliability, reusability, robustness, testability, and usability. Write these to be specific, quantitative, and verifiable when possible. At the least, clarify the relative preferences for various attributes, such as ease of use over ease of learning.> 7.4 Other Requirements (Optional) <Define any other requirements not covered elsewhere in the report. These might include database requirements, external (hardware, software, or communication) interface requirements, internationalization requirements, legal requirements, and reuse objectives for the project.> 8. References <List all books, conference papers, journal articles, websites, etc. used in preparing the content of this report. Provide enough information so that the reader could access a copy of each reference, including title, author, volume/edition number, page number(s), and publication year. Mention complete URLs for websites.> <The template to be used would be APA style. Newspaper articles are not allowed to be cited. Wikipedia and other non- reliable resources are not allowed>. Appendix A: Glossary <Define all the terms necessary to properly interpret the report, including acronyms and abbreviations.> Appendix B: Analysis Models <Include, but not limited to, the following analysis models: use- case diagram, class diagram, sequence diagram.>
Appendix C: Software and hardware details and technical specifications <Include details and technical specifications of the currently used and proposed software and/or hardware.> Dammam Collage of Technology Training Sections Admin and Financial Affairs Support Center Training Affairs Trainees Administrative Technology Electronic Technology
Electrical Technology Computer Technology Administrative Affairs Financial Affairs Technical Affairs Community Center Computer Center Follow up -Unit Public Relation
Quality Unit Admission Unit Research Center English Language Center General Study Center Admission and Registration Graduate Affairs Health Unit
Trainees Relations <Capstone Project> Page i Rubric for Writing Assignment 2, MMW 13, Spring 2016 In order to do well on this assignment, write a prospectus that provides a specific, detailed plan for the research paper (assignments 3 and 4) and convinces an intelligent reader that this is a worthwhile project, as follows: 1. Raise a significant issue and discuss its significance 2. Establish the project’s historical and geographical context 3. Propose an appropriate, level 3, working research question about the issue, referring to people or phenomena in the period covered in MMW 13 (1200- 1750 CE) 4. Propose your working answer to the question—your working thesis 5. Explain the connection between the question and the thesis 6. Show how you plan to support the thesis, providing enough
evidence and explanation to show the value and validity of the project and how the evidence supports the thesis 7. Raise potential counterarguments, summarizing the evidence for them, and proposing your rebuttal 8. Provide factually and culturally accurate information 9. Draw on a variety of scholarly sources, including a peer- reviewed journal article 10. Properly cite sources for all information, ideas, and words that came from any source, and list all works cited in MLA format 11. Provide photocopies of all cited sources, correctly highlighted and labeled, paper clipped together, and presented in the order of the Works Cited 12. Write in stylistically effective and grammatically and mechanically correct prose 13. Adhere to “MMW Guidelines for Papers” and the writing assignment guidelines A-/A: Meets all of the above criteria at an exceptionally high level, exceeding expectations, in most, if not all instances B/B+: Meets most of the above criteria at a very high level, with only minor exceptions
C+/B-: Meets most of the above criteria at a high level, but has some issues that interfere with full realization of goals C-/C: Attempts to meet the above criteria, and for the most part succeeds at an acceptable level, but is difficult to follow or not compelling because of issues with one or more criteria D: Meets few criteria; often unclear or undeveloped; errors significantly impair the essay F: Fails to meet the criteria or makes any of the following errors: Does not follow the prompt; does not cite any sources; makes errors in citation that rise to the level of misconduct; makes widespread and significant grammatical errors that interfere greatly with comprehension
Information Security Assessment for Dammam Technical College

Recommended

Information Security Assessment Dammam Technical College MSIS .docx
Information Security Assessment Dammam Technical College MSIS .docxInformation Security Assessment Dammam Technical College MSIS .docx
Information Security Assessment Dammam Technical College MSIS .docxjaggernaoma
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course reportPDEA's college of engineering, Pune
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityMichael Xevgenis
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraarnit1
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outlineShivamSharma909
 
Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...IJCSIS Research Publications
 

Recommended

Information Security Assessment Dammam Technical College MSIS .docx
Information Security Assessment Dammam Technical College MSIS .docxInformation Security Assessment Dammam Technical College MSIS .docx
Information Security Assessment Dammam Technical College MSIS .docxjaggernaoma
 
CYBER SECURITY audit course report
CYBER SECURITY audit course reportCYBER SECURITY audit course report
CYBER SECURITY audit course reportPDEA's college of engineering, Pune
 
Xevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityXevgenis_Michail_CI7130 Network and Information Security
Xevgenis_Michail_CI7130 Network and Information SecurityMichael Xevgenis
 
future internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxfuture internetArticleERMOCTAVE A Risk Management Fra.docx
future internetArticleERMOCTAVE A Risk Management Fra.docxgilbertkpeters11344
 
future internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management Frafuture internetArticleERMOCTAVE A Risk Management Fra
future internetArticleERMOCTAVE A Risk Management FraDustiBuckner14
 
Future internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraFuture internet articleermoctave a risk management fra
Future internet articleermoctave a risk management fraarnit1
 
Ctia course outline
Ctia course outlineCtia course outline
Ctia course outlineShivamSharma909
 
Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...Security Level Analysis of Academic Information Systems Based on Standard ISO...
Security Level Analysis of Academic Information Systems Based on Standard ISO...IJCSIS Research Publications
 
Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Laura Benitez
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017Josef Sulca Cueva
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfssuser2209e8
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...bikheet
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course PreviewInvensis Learning
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
International Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryInternational Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryCompTIA
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
International Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryInternational Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryCompTIA
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
International Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryInternational Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryCompTIA
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 
Attached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxAttached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxjaggernaoma
 
Attached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxAttached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxjaggernaoma
 

More Related Content

Similar to Information Security Assessment for Dammam Technical College

Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Laura Benitez
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAGeorge Delikouras
 
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfssuser2209e8
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...IJNSA Journal
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Ulf Mattsson
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperrickkaun
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...bikheet
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTScsandit
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfHumphrey Humphrey
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521Merlin Florrence
 
International Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryInternational Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryCompTIA
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxInfosectrain3
 
International Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryInternational Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryCompTIA
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesEMC
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Tammy Clark
 
International Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryInternational Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryCompTIA
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security StrategyAndrew Byers
 

Similar to Information Security Assessment for Dammam Technical College (20)

Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...Information Assurance Guidelines For Commercial Buildings...
Information Assurance Guidelines For Commercial Buildings...
 
Ffiec cat may_2017
Ffiec cat may_2017Ffiec cat may_2017
Ffiec cat may_2017
 
PTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIAPTX12_Presentation_George Delikouras AIA
PTX12_Presentation_George Delikouras AIA
 
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdfRH-ISAC_BuildingtheFoundation_WhitePaper.pdf
RH-ISAC_BuildingtheFoundation_WhitePaper.pdf
 
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
NON-PROFIT ORGANIZATIONS’ NEED TO ADDRESS SECURITY FOR EFFECTIVE GOVERNMENT C...
 
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
Securing fintech - threats, challenges, best practices, ffiec, nist, and beyo...
 
Hp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaperHp arc sight_state of security ops_whitepaper
Hp arc sight_state of security ops_whitepaper
 
Introduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security FrameworkIntroduction to Risk Management via the NIST Cyber Security Framework
Introduction to Risk Management via the NIST Cyber Security Framework
 
This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...This domain reviews the diverse areas of knowledge needed to develop and man...
This domain reviews the diverse areas of knowledge needed to develop and man...
 
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTSMANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
MANAGING SECURITY AND COMPLIANCE RISKS OF OUTSOURCED IT PROJECTS
 
Module 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdfModule 2 - Cybersecurity On the Defense.pdf
Module 2 - Cybersecurity On the Defense.pdf
 
CRISC Course Preview
CRISC Course PreviewCRISC Course Preview
CRISC Course Preview
 
Security and personnel bp11521
Security and personnel bp11521Security and personnel bp11521
Security and personnel bp11521
 
International Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India SummaryInternational Technology Adoption & Workforce Issues Study - India Summary
International Technology Adoption & Workforce Issues Study - India Summary
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
International Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East SummaryInternational Technology Adoption & Workforce Issues Study - Middle East Summary
International Technology Adoption & Workforce Issues Study - Middle East Summary
 
SBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing ProcessesSBIC Report : Transforming Information Security: Future-Proofing Processes
SBIC Report : Transforming Information Security: Future-Proofing Processes
 
Start With A Great Information Security Plan!
Start With A Great Information Security Plan!Start With A Great Information Security Plan!
Start With A Great Information Security Plan!
 
International Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand SummaryInternational Technology Adoption & Workforce Issues Study - Thailand Summary
International Technology Adoption & Workforce Issues Study - Thailand Summary
 
Build an Information Security Strategy
Build an Information Security StrategyBuild an Information Security Strategy
Build an Information Security Strategy
 

More from jaggernaoma

Attached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxAttached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxjaggernaoma
 
Attached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxAttached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxjaggernaoma
 
Attached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docxAttached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docxjaggernaoma
 
Attached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docxAttached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docxjaggernaoma
 
Attached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docxAttached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docxjaggernaoma
 
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docxAttached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docxjaggernaoma
 
Attached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docxAttached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docxjaggernaoma
 
Attached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docxAttached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docxjaggernaoma
 
Attached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docxAttached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docxjaggernaoma
 
Attached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docxAttached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docxjaggernaoma
 
Attached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docxAttached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docxjaggernaoma
 
Attached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docxAttached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docxjaggernaoma
 
Attached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docxAttached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docxjaggernaoma
 
Attached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docxAttached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docxjaggernaoma
 
attached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docxattached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docxjaggernaoma
 
Attach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docxAttach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docxjaggernaoma
 
Attach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docxAttach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docxjaggernaoma
 
Atomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docxAtomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docxjaggernaoma
 
Atomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docxAtomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docxjaggernaoma
 
Atoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docxAtoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docxjaggernaoma
 

More from jaggernaoma (20)

Attached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxAttached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docx
 
Attached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxAttached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docx
 
Attached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docxAttached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docx
 
Attached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docxAttached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docx
 
Attached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docxAttached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docx
 
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docxAttached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
 
Attached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docxAttached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docx
 
Attached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docxAttached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docx
 
Attached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docxAttached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docx
 
Attached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docxAttached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docx
 
Attached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docxAttached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docx
 
Attached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docxAttached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docx
 
Attached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docxAttached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docx
 
Attached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docxAttached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docx
 
attached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docxattached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docx
 
Attach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docxAttach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docx
 
Attach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docxAttach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docx
 
Atomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docxAtomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docx
 
Atomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docxAtomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docx
 
Atoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docxAtoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docx
 

Recently uploaded

Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsTechSoup
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Disha Kariya
 

Recently uploaded (20)

Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..Sports & Fitness Value Added Course FY..
Sports & Fitness Value Added Course FY..
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 

Information Security Assessment for Dammam Technical College

  • 1. Information Security Assessment Dammam Technical College Information Security Assessment for Dammam Technical CollegeTable of Contents iiiTable of Figures Table of Tables iv Revision History v 1.Introduction 1 1.1 Course Description 1 1.2 Organization Overview 1 1.3 Scope 1 1.4 Business Goals 1 1.5 Organization Structure 1 1.6 Security Requirements 1 1.7 Document Conventions 2
  • 2. 1.8 Project Plan 2 1.9 Report Structure 2 2.Literature Review 3 3.IT Architecture Analysis 4 3.1 Identify IT resources: 4 3.1.1 IT assets 4 3.1.2 IT Human Resources 4 3.1.3 Relationship between IT and Business 4 3.2 Characterize the IT network: diagram, topology, protocols used, etc. 4 3.3 Operating Environment 5 3.4 Assumptions and Dependencies 5 4.Identify security threats and security controls. 6 4.1 Identify security threats
  • 3. 6 4.2 List the existing security controls 6 4.3 Evaluate the adequacy of the existing security controls and their efficiency in reducing the risk associated with each security threat. 6 5.Security Evaluation 7 5.1 Risk Identification 7 5.2 Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method) 7 5.3 Choosing a security evaluation standard (Common Criteria, etc.) 7 5.4 Carry out the security evaluation strictly following the chosen standard. 7 6.Proposition (and maybe Implementation) of Security Improvements 8 6.1 Propose a suitable security policy 8 6.2 Identify appropriate Security Controls 8 6.3 Propose security controls implementation plan
  • 4. 8 6.4 Propose an appropriate Security Life-Cycle and Security Management Plan 8 6.5 Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.) 8 6.6 Ethical Considerations in the proposal 9 7.Proposition Nonfunctional Requirements 10 7.1 Performance Requirements 10 7.2 Safety Requirements 10 7.3 Software Quality Attributes 10 7.4 Other Requirements (Optional) 10 8.References 11 Appendix A: Glossary 12 Appendix B: Analysis Models 13 Appendix C: Software and hardware details and technical specifications 14 Table of Figures
  • 5. ure 1: Orgazation Structuesss…………………………………………………………… …….8Fig Figure 2: Gnatt Chart Project Plan…………………………………………….…………..…….10 Figure 3: IT Architecture …………...………………………………….…………..…………… 12 Fure 4: Network Diagram ………...………………………………….…………….……………1 4 Table of Tables Table 1: IT Assets list 13 Revision History Name Date Reason For Changes Version 1 1. Introduction 1.1 Course Description The capstone course allows the students to review an
  • 6. organization’s needs and address all the challenges involved with implementing and/or changing information technology focusing on information security in a complex organization. Students will analyze organizational objectives and propose a solution and a full implementation plan. The proposed solution must address strategies for overcoming the challenges of information security related projects such as assessing risks, reduction of funding, and keeping the support of executive management. Students will utilize skills gained throughout the program to demonstrate the ability to design an information security project from conception to post deployment. 1.2 Organization Overview Dammam College of Technology is a one of technical Colleges that created by the technical and vocational Training corporation. As all of technical Colleges, Dammam College of technology goals is to provide the labor market with technically qualified national personnel and meet the needs of the country of these cadres upon which it depend it build its economy. The start of this College was in 1988 with 150 students while according to their website the number last year is more than 4000 students. The College provide technical training in five technological sections which are Electronic Technology, Electrical Technology, Mechanical Technology, Computer Technology and Administrative Technology. 1.3 Scope Scope of work for Dammam college is starting with admission and registration of applicants, selecting and develop training material, Formation, supervision and follow-up of trainees committees , graduate a qualified trainees within maximum 4 years from theirs program started and finally assure the trainees find a jobs in labor market after their graduate. 1.4 Business Goals Business goals for Dammam Technical College (DTC) are like most of education enterprise include but not limited to provide
  • 7. students or trainees with knowledge and technical skills that help them to join the labor market, develop learning and training process and material, utilize technology in the learning process, and finally simplify communications within the College. While there some corporate goals that inherent from main College in Riyadh like develop sections materials and develop staff. IT department in Dammam College provide support for more than 2000 students in addition to more than 400 employees in the College. I have selected this organization because it meets the capstone requirements of having information system, further more education field is very active and vital field that requires implementation of information security due to sensitive of data and dependency on Information system on education process. 1.5 Organization Structure Actually the College has structure mirror the mother College in Riyadh, so most of its organization refer and depend on main department in Riyadh. However below is a diagram showing the organizations chart of Damam College. My report will be mainly covers information Security that mostly carry out by the computer Center that part of Support Center organization. Below Diagram show the construction chart for Dammam College of Technology. Figuer1 Organization structure 1.6 Security Requirements Technical College of Dammam has IT systems that connected to the main office in Riyadh, however they have ITdepartment that has Manager, LAN Admins, Developers, Technical Support, and some of part time employees from computer technology College. From technology point view they have Intranet , IP Telephony, Firewall device routers , layers 3 switch, core switch, wireless controller, VTP server, cloud server and labs that contains workstations. The organization was selected because it is meet the capstone requirements. Security is
  • 8. important for this organization because Information technology and computer system support the organization goals. IT system is important because it not just hardware and software but communications and data that organization depend on for transforming the information. The important of information security in education in general is critical and vital because IT system is holding the data and the College is rely on the IT for storing and processing the information. Each part of Information CIA Triad; confidentiality and integrity and availability; is important and essential in education process. From confidentiality for example the grades of student should not be access or viewed by the right people. From Integrity for example the transcripts, exams result should be accurate and not changed only by authorized people. From availability for example education data, education material and electronic services should be available whenever it’s needed. 1.7 Document Conventions In this report the following types of conventions are used: bold font: organization name Italic font: position for people in organization and notes1.8 Project Plan The project start with selecting organization, after receiving the criteria of organization that needed for this capstone from instructor, I have searched and visited many organization till I found this origination. After selecting the organization second task is IT Architecture Analysis for this origination this include identifying IT resource, IT human resource and relations between IT and business. Third part of the plan is to identify the security threats and security for this origination. This include evaluate existed security controls. Fourth action is reflecting all information in this report and provide progress report to the advisor. Five action is doing security evaluation by identifying risks and carry out risk assessment. Sixth section in
  • 9. my plan is proposing or implementing security improvements for the selecting organization. Seventh part of this plan is preparing the final report and implement the advisor comments and recommendations. Final steps is preparing a presentation for this capstone. Below is a Gantt chart show the Project Plan Figure 2: GANTT CHART Project plan 1.9 Report Structure The remaining part of the report has the following sections: IT Architecture Analysis : that will include Identify It resources like IT assets , IT humman Rsesources and relationship between IT and business. In addtion to Characterize the IT network , Operating Environment and assumptions and dependencies. Identify security threats and security controls: this section will list security threats, consolidate existed security controls and evaluate the efficiency of existed control in reducing security threats. Secrurity evalutaion : will go thourgh risk identification, carry out risk assessment , choose a secuirty evalution starndard and finall carry out security evalutaion stricltly following the chosen starndard. Proposition and maybe implantation of seucirty improvements: in this section I will propose a suitable security policy, Identify appropriate Security Controls, Propose security controls implementation plan, Propose an appropriate Security Life- Cycle and Security Management Plan, Proposing an appropriate plan to establish a security culture, Ethical Considerations in the proposal Proposition Nonfunctional Requirements: Performance
  • 10. Requirements, Safety Requirements, Software Quality Attributes, Other Requirements. 2. Literature Review Resource for this report are the following books, I will give brief description about each resource: 1- Brown, C. (2012). Managing information technology. Upper Saddle River, N.J.: Prentice Hall/Pearson. : it will help analyzing the IT Architecture since it provides overview of information technologies used to maximize organizational efficiency and effectiveness. 2- Stallings, W., & Brown L. (2015). Computer Security: Principles and practice. Upper Saddle River, NJ: Pearson Education, Inc. ISBN-13:9780133773927: that help me in identify information security threats, dangers, and risks that organizations face, in addition to the ability to analyze potential vulnerabilities that can impact on IT resources. 3- Dhillon, G. (2007). Principles of information systems security. Hoboken, NJ: John Wiley & Sons.: I will use this book to covers section five of this report that about cyber security issues surrounding an enterprise including securing organizational data. Note: Additional sources and references will be added in the final version of this report. 3. IT Architecture Analysis Current IT Architecture at Dammam College of Technology is consistent and support the College business goals. As showing in the diagram below that the organization is depending on IT resources to deploy and achieve its goals. References to IT architecture maturity that including Application Silos, Standardized Technology, Rationalized Data and Modular (Brown, 2012); Dammam College implemented some of these maturity.IT Architecture creation should be an outcomes of combination work between Managers and IT experts however in this organization I found that all decisions related to IT
  • 11. standards , applications and projects taken by the head office. There is no architects, planners or event units in the origination. The IT Department in the origination has shorted in procedures and standards. IT department has support team, and developers. However there is a part times people how work permanently in computer technology section. There is no standard for installing software or upgrade the systems. Expansion of IT to new building or new Operating system done by third party. Figure 3: IT Architecture 3.1 Identify IT resources: IT resources in Dammam Technical College including Databases, hardware, Software and IT human resources. I will go in details for each resource. These resources are connected, however the connections is not very strong between some resources but the future growth of the College will enforce the connection to be stronger. 3.1.1 IT assets IT assets in the Dammam College of technology are many, there is software both application and support software, there are different type of hardware that include end-user, power hardware and services hardware. In the below table I will list these IT assets. Table 1: IT Assets List Software Hardware Operating systems Application software (office) Workstations windows server 2003 R2 Enterprise Edition SP2 Web browser Wireless access pointes windows server 2008 R2 Enterprise SP1 64-bit
  • 12. Programing application for lab and developers TMG firewall Server windows server 2012 R2 Datacenter Cisco Telephone over IP windows server 2007 Enterprise SP2 Internet security & acceleration server windows server 2012 R2 Standard Hyper Active directory Windows 7, Windows 8 Kaspersky server windows server 2003 R2 Enterprise Edition SP2 FTP server Layer 3 Switches 2900, 3500 Web servers 3.1.2 IT Human Resources Employees in IT department around 14 employees, there is a manager and three other are working as assistances. Technical support team are five persons, there are also five employees are
  • 13. working as developers. There is also five employees belong to Computer technology college working as part time if needed. 3.1.3 Relationship between IT and Business Relationship between IT and Business is aligned and associated. IT provide the support and services to achieved business goals. Organization is depending on the IT resources in communications and exchange information within the origination and out of origination. Within organization through the Ethernet and over internet to communicate outside the organization.IT system is centralized and Information system decision are implemented by the central IT of Headquarter. 3.2 Characterize the IT network: diagram, topology, protocols used, etc. Below diagram show the Characterize IT network for the organization. Topology that used in the network is a tree topology. There many Protocols used in the organization but the most common Protocols that used among the organization are: TCP, IP, UDP, POP, SMTP, HTTP, and FTP. Figure 4 : Network Diagram3.3 Operating Environment The operation environment in the origination is different based on the positions. Workstations are either for business or training. Staff are connected to separate through Ethernet to get the services or support. Labs are connected locally and has no internet access. Operating system in all workstation is windows 7 and no clear upgrade procedures. There are many access point devices but there is no strong password policy for it. There is not inventory for software and installation has no security assessment for staff. Limitation that face IT department is lack of procedures and standards, lack of employees, lack of training and poor construction for organization and mission of organization. .3.4 Assumptions and Dependencies
  • 14. Assumptions that could affect the IT Department in Dammam College is poor participation in decision that related to IT. They are totally depend on Head quarter in Riyadh. While dependencies is clear in replacement program for IT assets or upgrade for Operating system. This process done by third party and out of hand IT Department in the College. Outsourcing decision is done by Head Quarter in Riyadh. 4. Identify security threats and security controls. In information technology, Confidentiality, Integrity and Availability are the three security objective goals. Confidentiality in information technology refers to achieving high levels of protecting information. Information, especially confidential information must not be revealed to unintended party whether that information is online or offline. Since the College relies on electronic information storage and transfer for all transactions, The IT systems stores and handles valuable information that are not limited to personal identifiable information. Third parties who will see this information regardless of the status mean that the information is no longer confidential. The security resources and the strategy used to ensure that information is secure online is the encryption technology. Through appropriate encryption resources and tools, confidential information will not be available to unintended parties. Like all other IT resources, encryption tools will work better when they are in their latest version. When referring to integrity in information technology, the phrase tries to explain information, which is modified before it reaches the intended person. When an IT infrastructure has achieved information integrity, it means that information passing through that system is not modified by third parties before reaching the intended person. Information is required for business processes. For business success, the need to achieve information security goals should not compromise with information available. Information should be available to authorized persons. Authorized persons should be able to access information when needed because they need it for production and efficiency of services. Cyber-attacks
  • 15. always halt one or more of the three main security objective goals. I will go through security threats that may impact the security objectives in the organization. 4.1 Identify security threats Here I will identify security threats that my impact the objective of security of information in Dammam College of technology. This threats aims to impact the IT resources and may impact on business goals. First the threats that effect the availability, for the hardware the natural threats like fire and earthquake. Also theft may happened in case of poor physical security. For Software Availability may effected by deletion effect or deny of service threats. For Data also availability may be effected by authentication threats that may cause access deny or deleting files. Network and communication by impact by denial of service threats that prevent its availability. Second Threats that may effects Confidentiality. Threats here mainly in software, data and communications. Like make unauthorized copy from software. For communication steal session, threats form insider by able to reach data they should access. Finally threats that effect integrity , could be modifying software program to cause fail of program or system or to execute unrequired tasks. Unauthorized access and ability to modify the data due to lack of security control. Furthermore threats may include web applications attacks, physical threats, inside attack due to lack of policy or procedures, authentication threats. 4.2 List the existing security controls Security controls any tools, documents or practice that used to manage or limit the risk to the IT resources. Existed security controls in Dammam College are the following: 1- Physical access control: there is gate that ask for credentials to access the College. The server rooms is locked with key and there are cameras inside the room. 2- Technical access control: the Active directory that manage and control access to the network. Passwords for computers and
  • 16. servers. There is cloud server and backup servers. 3- Administrative access control: there is IT asset inventory, user registration for computer use and access. 4.3 Evaluate the adequacy of the existing security controls and their efficiency in reducing the risk associated with each security threat. When I evaluate the efficiency of Security controls in Dammam Technical College I come out with the following: Physical Control: there is a weak in the physical security, since the theft may carry out by the insider employee. Also when I visit the server room there was combination lock to access carry door for the server room but the server room key was in the door. Technical Controls: it is good to have software to manage the password and authentication but there was weak in managing the software policy, I notice that there is no lifecycle for the password which big vulnerability. Also it is good to have backup and cloud server. Administrative Control: there is no clear standard, guide lines or procedure to control the IT works. However there is registration when the new employee join the organization and he assigned IT assets and these assets register under his custody as part of new hire procedures. 5. Security Evaluation <Introduce the section> 5.1 Risk Identification [Based on CS507 Module 7] <Identify Risks> 5.2 Carry out a Risk Assessment using CRAMM (CCTA Risk Analysis and Management Method)
  • 17. [Based on CS562 Module 9] <Risk Assessment> 5.3 Choosing a security evaluation standard (Common Criteria, etc.) [Based on CS562 Module 8, 10-11] <Security Evaluation standard selection. You SHOULD justify your choice of the selected standard and describe the reason(s) for selecting this standard and not selecting other standards> 5.4 Carry out the security evaluation strictly following the chosen standard. <Step by step security evaluation using the selected standard> 6. Proposition (and maybe Implementation) of Security Improvements <Introduce the section> 6.1 Propose a suitable security policy [Based on CS 562 Modules 6-7] <Security Policy> 6.2 Identify appropriate Security Controls [Based on CS507 Modules 8-10] <Security Control. You SHOULD justify why you think these are appropriate?> 6.3 Propose security controls implementation plan [Based on CS507 Modules 8-10] <Step by step Implementation Plan> 6.4 Propose an appropriate Security Life-Cycle and Security
  • 18. Management Plan [Based on CS562 Modules 10-11] <Security Life-Cycle> 6.5 Proposing an appropriate plan to establish a security culture (trainings, Awareness, etc.) [Based on CS562 Modules 11-13] <Plan to establish Security Culture> 6.6 Ethical Considerations in the proposal [Based on CS562 Modules 13-14] <Discuss ethical aspects> 7. Proposition Nonfunctional Requirements 7.1 Performance Requirements <If there are performance requirements for the product under various circumstances, state them here and explain their rationale, to help the developers/network designers understand the intent and make suitable design choices. Specify the timing relationships for real time systems. Make such requirements as specific as possible. You may need to state performance requirements for individual functional requirements or features.> 7.2 Safety Requirements <Specify those requirements that are concerned with possible loss, damage, or harm that could result from the use of the product. Define any safeguards or actions that must be taken, as well as actions that must be prevented. Refer to any external policies or regulations that state safety issues that affect the product’s design or use. Define any safety certifications that must be satisfied.> 7.3 Software Quality Attributes <Specify any additional quality characteristics for the product
  • 19. that will be important to either the customers or the developers. Some to consider are: adaptability, availability, correctness, flexibility, interoperability, maintainability, portability, reliability, reusability, robustness, testability, and usability. Write these to be specific, quantitative, and verifiable when possible. At the least, clarify the relative preferences for various attributes, such as ease of use over ease of learning.> 7.4 Other Requirements (Optional) <Define any other requirements not covered elsewhere in the report. These might include database requirements, external (hardware, software, or communication) interface requirements, internationalization requirements, legal requirements, and reuse objectives for the project.> 8. References <List all books, conference papers, journal articles, websites, etc. used in preparing the content of this report. Provide enough information so that the reader could access a copy of each reference, including title, author, volume/edition number, page number(s), and publication year. Mention complete URLs for websites.> <The template to be used would be APA style. Newspaper articles are not allowed to be cited. Wikipedia and other non- reliable resources are not allowed>. Appendix A: Glossary <Define all the terms necessary to properly interpret the report, including acronyms and abbreviations.> Appendix B: Analysis Models <Include, but not limited to, the following analysis models: use- case diagram, class diagram, sequence diagram.>
  • 20. Appendix C: Software and hardware details and technical specifications <Include details and technical specifications of the currently used and proposed software and/or hardware.> Dammam Collage of Technology Training Sections Admin and Financial Affairs Support Center Training Affairs Trainees Administrative Technology Electronic Technology
  • 21. Electrical Technology Computer Technology Administrative Affairs Financial Affairs Technical Affairs Community Center Computer Center Follow up -Unit Public Relation
  • 22. Quality Unit Admission Unit Research Center English Language Center General Study Center Admission and Registration Graduate Affairs Health Unit
  • 23. Trainees Relations <Capstone Project> Page i Rubric for Writing Assignment 2, MMW 13, Spring 2016 In order to do well on this assignment, write a prospectus that provides a specific, detailed plan for the research paper (assignments 3 and 4) and convinces an intelligent reader that this is a worthwhile project, as follows: 1. Raise a significant issue and discuss its significance 2. Establish the project’s historical and geographical context 3. Propose an appropriate, level 3, working research question about the issue, referring to people or phenomena in the period covered in MMW 13 (1200- 1750 CE) 4. Propose your working answer to the question—your working thesis 5. Explain the connection between the question and the thesis 6. Show how you plan to support the thesis, providing enough
  • 24. evidence and explanation to show the value and validity of the project and how the evidence supports the thesis 7. Raise potential counterarguments, summarizing the evidence for them, and proposing your rebuttal 8. Provide factually and culturally accurate information 9. Draw on a variety of scholarly sources, including a peer- reviewed journal article 10. Properly cite sources for all information, ideas, and words that came from any source, and list all works cited in MLA format 11. Provide photocopies of all cited sources, correctly highlighted and labeled, paper clipped together, and presented in the order of the Works Cited 12. Write in stylistically effective and grammatically and mechanically correct prose 13. Adhere to “MMW Guidelines for Papers” and the writing assignment guidelines A-/A: Meets all of the above criteria at an exceptionally high level, exceeding expectations, in most, if not all instances B/B+: Meets most of the above criteria at a very high level, with only minor exceptions
  • 25. C+/B-: Meets most of the above criteria at a high level, but has some issues that interfere with full realization of goals C-/C: Attempts to meet the above criteria, and for the most part succeeds at an acceptable level, but is difficult to follow or not compelling because of issues with one or more criteria D: Meets few criteria; often unclear or undeveloped; errors significantly impair the essay F: Fails to meet the criteria or makes any of the following errors: Does not follow the prompt; does not cite any sources; makes errors in citation that rise to the level of misconduct; makes widespread and significant grammatical errors that interfere greatly with comprehension