After reading chapter 10
Watch.. https://www.youtube.com/watch?v=FLeTLzsSMnk "So how important are those SAT's" on YouTube.
Then answer these questions
1-How do you answer questions from students or parents about the difference between the test, and whether taking one test or the other provides an advantage in the admission process?
2-How can counselors help students find out about accommodations available to them based on their financial or disability needs?
3- How would you advise a student or family who are concerned about the influence of testing in college admission? What is the appropriate way of describing the role of standardized admission test in college admission decisions?
Section 1 - Information Security Management 1
WEEK 1: INFORMATION SECURITY MANAGMENTAcme Toys, Inc. Network,[Brian Dennison]
IT454_IP1
1.0 Proposed Organization
Acme Toys, Inc. has been a leading manufacturer of toys. It has a new building which acts as the headquarters and house the company’s departments; marketing, accounting, distribution, sales, manufacturing, IT and the R&D departments. Apart from setting up the departments, the company has set up a big network that has enabled sharing of resources and communication between employees. Inside each department, there are numerous workstations which are connected to the department servers. Also, there is a main server that controls the entire servers. The servers have been delivering support for: Multiple processors, multiuser environment, large memory requirements and support of distributed applications.
In addition, the network should be able to support high-level, multiuser applications that will run simultaneously. The profiles of employees range from a sales executive who is not computer savvy to IT professionals and people in the R&D department who are technology savvy. Due to the diverse user profiles, the company also needs to consider the ease of use of the OS.
The IT department is in the process of planning its security program in order to secure the information of the organization. Although the entire company will be networked, a separate network is required for the R&D department because of security reasons. This department should be deployed with strong security technologies and procedures. In addition, the manufacturing department plans to expand its network within the next six months by fifty percent.
2.0 Principles of Security Management
2.1 People
Since the workforce of this organization consists of employees with different duties and levels of computer usage, then measures should be placed to control the access level of the systems on stored information. For instance, the sales executives are naïve to computer usage. Thus other than being able to have easy of access of information and in a summarized format, they should have less privileges of access. For instance, they should have permission to retrieve i.
After reading chapter 10Watch.. httpswww.youtube.comwatc.docx
1. After reading chapter 10
Watch.. https://www.youtube.com/watch?v=FLeTLzsSMnk "So
how important are those SAT's" on YouTube.
Then answer these questions
1-How do you answer questions from students or parents about
the difference between the test, and whether taking one test or
the other provides an advantage in the admission process?
2-How can counselors help students find out about
accommodations available to them based on their financial or
disability needs?
3- How would you advise a student or family who are concerned
about the influence of testing in college admission? What is the
appropriate way of describing the role of standardized
admission test in college admission decisions?
Section 1 - Information Security Management
1
WEEK 1: INFORMATION SECURITY MANAGMENTAcme
Toys, Inc. Network,[Brian Dennison]
IT454_IP1
2. 1.0 Proposed Organization
Acme Toys, Inc. has been a leading manufacturer of toys. It
has a new building which acts as the headquarters and house the
company’s departments; marketing, accounting, distribution,
sales, manufacturing, IT and the R&D departments. Apart from
setting up the departments, the company has set up a big
network that has enabled sharing of resources and
communication between employees. Inside each department,
there are numerous workstations which are connected to the
department servers. Also, there is a main server that controls
the entire servers. The servers have been delivering support for:
Multiple processors, multiuser environment, large memory
requirements and support of distributed applications.
In addition, the network should be able to support high-level,
multiuser applications that will run simultaneously. The profiles
of employees range from a sales executive who is not computer
savvy to IT professionals and people in the R&D department
who are technology savvy. Due to the diverse user profiles, the
company also needs to consider the ease of use of the OS.
The IT department is in the process of planning its security
program in order to secure the information of the organization.
Although the entire company will be networked, a separate
network is required for the R&D department because of security
reasons. This department should be deployed with strong
security technologies and procedures. In addition, the
manufacturing department plans to expand its network within
the next six months by fifty percent.
3. 2.0 Principles of Security Management
2.1 People
Since the workforce of this organization consists of employees
with different duties and levels of computer usage, then
measures should be placed to control the access level of the
systems on stored information. For instance, the sales
executives are naïve to computer usage. Thus other than being
able to have easy of access of information and in a summarized
format, they should have less privileges of access. For instance,
they should have permission to retrieve information but not
modify. Therefore, they are required to act as clients to the
servers who request recourses from the servers but with minimal
modification to the information. As a result, the network is
supposed to have procedures that provide higher abstraction at
the pertinent clients.
On the other hand, the IT professionals need to access the
network resources in dept. they would thus require more
privileges of access to the architecture of the network. They
should be able to perform activities such as network monitoring
and control, add or remove network accounts and modify group
policies of the network.
2.2 Technology
Apart from providing support of communication in the network,
the technology applied in the organization should be able to
provide security of the network resources. Furthermore, they
should be up to date with the current world in order to cater for
new issues and threats. (
Most importantly, the R&D department should have an
exceptional.ly high security since it requires transaction of
information which is very sensitive. The technology should
ensure that information exchanges as well business transaction
between the departments is trusted in terms of non-repudiation
and authenticity.
2.3 Process
The activities pertaining the securing of the network should be
well planned. Certain procedures should be deployed to regular
4. check security threats, maintain the network and update
servicing. This would ensure that the network safety is not
jeopardized out of ignorance. For instance, IT professionals
should regular be checking the network like assessing the data
traffic to identify any irregularities of data packet transfer.
3.0 Project Management Role
In order to implement security management in Acme Toys, Inc.
network, a systematic strategy should be designed. The project
should be arranged into stages which range from the evaluation
of the network to the implementation of methods for security
management.
Apparently, the project management acts a big role of
evaluating the current security measures of the organization.
This would involve reviewing the existing ‘Information Security
Management Policies’ to determine if they are still applicable in
all the security areas of the organization. This ensures that all
the security loopholes are identified and are ready to be solved
Secondly, the project management acts a role of planning the
security measures to be assessed and established. This typically
is involved where guidelines and time schedule are provided for
the project scope. For instance, risk analysis and management of
the network is performed.
Project management plays a role in the implementation of the
security policies. In this stage, awareness is created to the
network users about the new security policies. They are
informed about how to implement such security policies. The
awareness ensures that the users feel the responsibility of taking
the security measure of the network in their hands. This would
thus buffer the security of the network.
After this the evaluation of the network security policies
achieved by the project should be performed. This involves
carrying out regular internal and external audits of the IT
systems. Also, self-assessment and reaction to security
occurrences should be observed. Then maintenance is performed
to learn and improve the security control measures. All these
are the role of project management.
5. References
Tipton, H. F., & Krause, M. (2003). Information security
management handbook. CRC Press.
Information Security Management. (n.d.). Retrieved February
28, 2016, from
http://www.tutorialspoint.com/itil/information_security_manage
ment.htm
Week 2
1.0 Data Classification Schema
The information and data assets pertinent to Acme Toys, Inc.
needs to be classified based on risks related with stored or
processed data. Those of highest risk require the strongest
protection level to hamper compromise while those with less
risk need proportionately lower protection.
1.1 Public
This include information and data implicitly or explicitly
permitted for dissemination to public with no restrictions. The
distribution can be done freely without any emergent harm to
the Acme Toys, Inc. organization, individuals or affiliates.
This security program classify the following data as being
public since they are less sensitivity with no unauthorized
disclosure;
a. the Acme Toys, Inc. website (which is the main source of
advertisement for the products),
b. department general description,
c. opening and closing schedules for departments,
d. toys/products’ catalogue and
e. Press release.
1.2 Internal
6. This level includes data/information intended for the internal
business of the Acme Toys, Inc. This includes data restricted to
the specific departments such as the manufacturing and sales
departments with legitimate needs. These data are unavailable
to parties outside the Acme Toys, Inc. community and have
potential impact to the organization but with moderate
sensitivity. These data include;
a. employees salary records
b. employees’ departmental user account information
c. sales records on daily basis (only pertinent to users in the
sales department)
d. raw materials vendors’ information
e. stock information
f. directory information of employees except whose
requesting non-disclosure
g. network transaction logs
1.3 Confidential
This defines data for is highly sensitive and is intended for
specific persons with explicit authorization required to access
information. The unauthorized of such information would lead
to adverse impact on the organization business, such
information classified from the organization include;
a. Individuals personal privacy
b. Compliance with the state and federal laws. This is
specifically important for the R&D department which is highly
secured.
c. Regulations and the vendor’s contracts.
2.0 Existing frameworks
2.1 Network segmentation
The network is divided into segments. Each department has its
own network segment or subnet. This would act as a potential
framework for implementing the security program into groups
of manageable units.
2.2 Client-server Architecture
7. The fact that the network architecture of the organization is
server-based would be advantageous to the implementation of
the security program. This is because server-based architecture
would enable easy management and centralization of network
resources and distributed applications and hence easy
implementation of security measures. For instance, if a network
group policy is applied to the server, then the policy would
apply to this specific
2.3 Separation of sensitive departments
The R&D department has its own independent network different
form the other departments. This is a good framework of
deploying an independent security policy that is more advanced
and aware of the security sensitivity of the delicate R&D
department network.
3.0 Need for Management Support
Reliable experience is the backbone for the structuring of
security program in the Acme Toys, Inc. Network. Without it, it
would be remarkably tiresome and leading to inaccurate
development of the security program. The management has been
the pioneer to the development of the network architecture of
the organization. Mind you, they are the ones who have been
using the systems. Therefore, there is need for the management
support to be involved in the security program.
3.1 Source of Information
Firstly, the management know the pros and cons of the system
and hence acting as an existing source of information which is
readily available with less effort. Having used the network day-
in-day-out would definitely infer that weaknesses and strengths
in the security measures of the organization’s systems are
observable. The management may have been receiving
complaints and undesirable conditions from the users.
Therefore, they would provide a valuable information about the
security of the organization’s systems.
3.2 Source of finance
Expenditure guarantee and financing of the security program is
8. in the hands of the management. The budget strap of the
organization would determine the amount of effort applied in
the program as well as the expanse of the security technology
and measures invested in the organization. If the management is
willing to invest much in security, then a promising thru output
of the security program would be achieved. Hence the need of
management support is very crucial for the success of the
security program.
3.4 Necessary for evaluation
Making the organization feel that they are part and person of
their own security is strikingly important reason as to why the
management support is crucial in the security program. This is
because it would apparently result to relatively more
satisfaction at the completion of the security program than when
the task of developing the security program is solely on the
shoulders of the experts. This would mean that during the
development and implementation of the security program, the
management would provide its own opinion and most of the task
would be done sweeting the needs of the management.
For instance, an expert may technically feel comfortable with a
certain security measure because according to the expert it is
efficient in preventing threats. However, the management would
fill that the measure is more complicated to handle and it would
compromise the ease of use for the organization’s users.
Therefore, the management’s view should be importantly be
taken into consideration in order to bring up satisfaction of the
security program. Thus the management support is crucial for
the success of the security program.
3.5 Important in the implementation
Training the workforce on how to use and implement the
security program makes the management support very crucial.
This is because when incorporated in the development of the
security program, the management would provide a good
platform in training the rest of the users on configuring the
security program. For instance, they would provide good
schedule of time for its users to indulge in a training - which
9. can be part time. Also, they can arrange seminars and
symposium of bringing awareness of the security program.
4.0 Reporting Methods
4.1 Statistical reporting
The user’s views about the current security conditions of the
organization and the viability of the proposed security program
would be summarized from the questioner’s findings. For
instance, the number of users complaining on cases of security
threats of the workstation accounts and servers file directories
can be recorded down on paper and the statistics presented to
the management. This would indicate the progress of the
security program in its stage off gathering information.
4.2 Report Writing
Reports on the progress of the security program can be
developed and printed then presented to the management. The
reports can be in form of written paragraphs or short notes
which describe about how the security program has been
advancing. For instance, the list of security equipment,
recommendations and feasibility study of the security program
can be written in a report format, edited and published for the
management to read. Also, the softcopy of the report can be
communicated through using email and social media such as
Facebook and twitter.
4.3 Direct communication
Direct verbal communication with the management about the
security program can be a good way of reporting. The persons
involved in the security program can communicate to the
management through table sitting, phone call or video
conferencing and discuss the progress of the security program.