Information Security Breaches Over the Last Decade

Information Security Breaches At The News Since Last Decade
As per my study, the following are the recent information Security breaches in the news since last
decade. Company name – T J Maxx Marshalls
Industry – clothes department store chain
Size –about 1000 stores
Place in industry – operates in USA, UK, Ireland, Germany and Poland.
Date of breach – announced in February 2007. Breach occurred in a span of 20 months.
How they got in – hacked a wireless transfer between two Marshall's stores which had a weak
encryption system by infecting malicious software. It also involved physical hacking into the retail
kiosk network.
What they took – customer details were stolen who used ... Show more content on Helpwriting.net
...
What they took – more than 1000 screen shots of data of 62 patients.
How might they have been stopped – better policies and procedures to maintain safety would have
helped. One should not use personal emails at work place for which they can create new email IDs
for various purposes. Company Name – Google
Industry – Information Technology
Place in its Industry – google headquartered in Mountain view, California.
Date of Breach – Mid 2009
How they got in – Because of browser liability attacker injected flaw code into browsers.
What they took – attacker stolen the intellectual property such as multi–national companies lost their
sensitive data, most of online applications services lost their customer data such as credit card
details.
How might they have been stopped – After the attack identify google stop the searching results in
chain and strengthen the authentication setting for Gmail and other affected online applications.
Company name – CardSystems Solutions
Industry – (Third Party) credit card processing company
Place in industry – Merrick Bank
Date of breach – June 2005
How they got in – infected a Trojan into an unprotected network.
What they took – stole 40 million credit card details
How might they have been stopped – the company was doing research on the data
... Get more on HelpWriting.net ...

Internal And External Security Breaches
Regardless of the fact that they happen quite often, both internal and external security breaches are
surprisingly unforeseen by many corporations. It is imperative that companies know how to go
about dealing with one when a breach does occur. It seems that "the best approach to forensic
response is to plan the response before an incident occurs" (Week 5 Lecture). There should be a way
for employees to know how to handle a security breach and prevent future occurrences. Each
individual company needs to have a standard operating procedure that discusses the processes for e–
mail, acceptable use, physical security, and incident response.
Standard operating procedures (SOPs) "provide direction, improve communication, reduce training
time, and improve work consistency" (Greene, 2006). These documents are established procedures
within an organization and pretty much the official way for the company to do business. Creating
the SOP requires the company to look in detail as to what the company is all about. It helps not only
understand the business better and how it operates, but essentially it helps determined where its
flaws are and how it should be protected through several procedures.
One such procedure would discuss in detail how the company should manage employee emails. For
instance, the SOP should point out that outside emails would under no circumstances be allowed. All
emails must be company based and sites such as Gmail, Yahoo, or Hotmail cannot be used. This is
because

The Security Of Online Banking
Billions of financial data transactions occur online every day and bank cybercrimes take place every
day when bank information is compromised by skilled criminal hackers by manipulating a financial
institution's online information system. This causes huge financial loses to the banks and customers.
The evolution history of attacks began more than 10 years ago. Its sophistication has increased on
par with the new security technologies adopted by the bank industry intended to mitigate the
problem. This means there are some flaws in the security of online banking that results in loss of
money of many account holders along with leakage of their personal information to unauthorized
persons.
3.2.1 Banking websites
According to a recent study by University of Michigan, in an examination of 214 bank Websites,
more than 75 percent of bank websites have at least one design flaw that could lead to the theft of
customer information and flaws are ones that even an expert user would find difficult to detect and
unlike bugs, cannot be fixed with a patch. It was recommended to use SSL throughout the entire
website and to avoid using links to third–party sites. Secure banking websites have become an
integral part of our day–to–day life from our personal to our job–related business. A survey
conducted by Pew Internet states 42% of all internet users bank online. With 24/7 access from
around the world users can view balances, transfer funds and lots more at their convenience using
online

The Vulnerabilities Of Passwords And Security Essay
Introduction
Passwords for access to personal phones, computers, online portals, and websites has become very
prevalent and the best practice for authentication. Additionally, passwords authenticate mobile
phones, computer networks and databases for many software applications. However, ensuring that
passwords are encrypted, and safe have become one of the greatest challenges for most
organizations. This paper will review some of the vulnerabilities of the use of passwords and
provide controls to implementation to assist with the management and handling of passwords.
Ineffectiveness of Passwords
We are living in an information–driven world today that requires us to protect what and how we
share this information. To access the guarded data or information we want to protect requires either
a password or a pin. A password is a string or group of combined characters precise in length.
Passwords and pins are suppositional, and more consideration is seriously required. They are the
primary defense against intrusion. However, they can be easily captured and deciphered by cyber
criminals. The security in this area is challenging due to the ineffectiveness of the creation of
passwords and pins. Kirushnaamoni (2013) elicits that making logging in straightforward and
convenient for users and trying to prevent password cracking is problematic. Cyber criminals will
continue to persist and target the vulnerabilities in this area. Therefore, personally, financial, health
and

Internet Technology, Marketing, and Security (Ebay)
The company I will talk about for this paper is eBay. eBay is the world 's online marketplace; a
place for buyers and sellers to come together and trade almost anything. With more than 97 million
active users globally, eBay is the world 's largest online marketplace, where practically anyone can
buy and sell practically anything. Founded in 1995, eBay connects a diverse and passionate
community of individual buyers and sellers, as well as small businesses. Their collective impact on
ecommerce is staggering: In 2010, the total value of goods sold on eBay was $62 billion –– more
than $2,000 every second. I have been interested in eBay since I got first debit card and was able to
shop online. eBay's stock is currently valued at $28.23. It has ... Show more content on
Helpwriting.net ...
4. We share your personal information with other eBay members in accordance with our Privacy
Policy to help facilitate transaction and to allow members to contact you. 5. We disclose limited
personal contact information to verified requests by law enforcement and government officials who
conduct criminal investigations, and require a subpoena for additional personal information, in
accordance with our Privacy Policy. 6. We give you choices about how you wish to be contacted in
the Preferences section of My eBay. 7. We will provide you with notice if our privacy policy
changes and an opportunity to reject such changes. 8. We let you change your personal information
so that you can keep it up to date. 9. Other eBay companies that have access to your personal
information in accordance with the policy are required to protect your personal information at least
as strictly as we do. 10. We use safe, secure technology and other privacy protection programs to
keep your personal information secure on eBay.
Customer information is stored on different servers located in the United States. eBay treat data as
an asset that must be protected and use lots of tools (encryption, passwords, physical security, etc.)
to protect your personal information against unauthorized access and disclosure. However, as you
probably know, third parties may unlawfully intercept or access transmissions or private
communications, and other users may abuse or misuse

Security Analysis And It Security Policy Manager At My...
In writing this paper I spoke with Security Analysis and IT Security Policy Manager at my place of
employment when researching this paper. They gave me some insightful direction as to the
information, where to look for information and the important security issues to reference. Working
in IT for the last 10 years I have also had to deal with many of these policies first hand. Additionally,
I referenced the PowerPoints presented in class and The CISSP and CAP Prep Guide: Platinum
Edition that I purchased and used for the quiz in class.
When discussing the topic of information security there are many concepts, elements and topics to
discuss. Some of the information to be discussed here are the ten domains of Computer Information
Systems ... Show more content on Helpwriting.net ...
This is a company that I made–up just for name sake of this paper. This is not a comprehensive list
however will point out some of the more important points.
To begin with, any security professional must take in to account the three fundamentals of principles
of Confidentiality, Integrity, and Availability (CIA) that set the security posture for an organizations
information security department. Integrity ensures that unauthorized alteration to information is not
made, alterations are not made by unauthorized personnel, and the information is reliable both
internally and externally. Confidentiality unauthorized release of information, regardless if the
release is internally or externally. Availability for the users to be able to access the data in a
consistent and timely manner that will add value to their job is also necessary.
The process and choice of classifying information is very important. Data of different types have
different values to the owner of the information. Some data may be of more value or critical
importance than other data. Certain information is therefore valuable, and if lost could cause great
financial loss.
Total Layer IT will classify its information using the terms Public, Sensitive, Private, and
Confidential based on the information's value, age, useful life, and personal association. Based upon
the business needs certain groups will have access to these various levels of information.

Analysis Of Edu Corp Employee 's Mobile Device Essay
1. Overview
With mobile device usage on the rise, the security of any given Edu Corp employee's mobile device
is considered essential. With continuous concerns regarding both privacy and security, Edu Corp has
established a strict, comprehensive policy in order to protect all Edu Corp employees who chose to
utilize mobile devices within the workplace. To date, in the United States, large percentages of
people possess some form of mobile device (Anderson, 2015). With a large employee base at Edu
Corp, the company considers the privacy and security of every employee utilizing a mobile device
to be of a high priority. At Edu Corp, we seek the highest level of safety and security for any
individual or group in association with the company, regardless of affiliation with a mobile device.
The use of mobile devices in the workplace may provide convenience; however, securing and
regulating the use of mobile devices within the workplace is critical for safe and efficient business
practices. As a result, Edu Corp continuously recommends security software and applications for
employee mobile devices, assures all mobile security components are up–to–date, encrypts data on
mobile devices, as necessary, requires password protection on mobile devices used for business–
related tasks, encourages employees to be aware of their surroundings, along with potential security
vulnerabilities, sets strict communication strategies and standards, employs a solid system for
handling and/or recovering

Recommendation For Current It Security Policy
Recommendation to Current IT Security Policy
The systems approach to problem solving is used to analyze and identify mediatory provisions, see
figure 2, Appendix D, Systems Approach to Problem Solving. Loss suffered in the Societe Generale
Bank security breach was substantial because the perpetrator knew where to look to acquire access
to financial information and circumvent existing security measures. This defined fraudulent
behavior and solidified criteria for productive countermeasures. Prevention and risk management
must be addressed by establishing policies and procedures and enforced by management at all
levels. In accordance with Societe Generale Bank security policy these recommendations are
proposed
Implement institutional audits, including employee actions;
Implement quarterly risk assessments;
Implement quarterly security awareness training for all employees;
Enforce separation of duties and least privilege;
Implement access controls includes policies for account and password management and account
termination;
Perform regular review of organizational security risk, policies, and procedures and institute
preparedness; and
Provide multilayer secure access points for remote access gateways (Musthaler, 2008).
Countermeasures
Preemptive steps to sustain a secure landscape for Societe Generale Bank will include the first five
out of seven identified recommendations focusing on audits, risk assessments, awareness training,
separation of duties, and

How Technology Has Changed The Way Of Living Across The World
Corporate Policy and Security
Technology has changed the way of living across the world. Mostly, last 20 years period is a golden
era for technology. People have accomplished several outstanding innovations in the field of
technology. Modern technology is becoming very accessible not only for richest and developed city
like New York but also for poor people and least–developed countries across the globe. It is a
tremendous achievement in the field of modern technology. Today, people are no longer have to be
on long queue or do long driving to get services from government agencies to the private big
enterprises through small coffee shops. Technology has contributed to make our life easy and fast.
However, it has created some major ... Show more content on Helpwriting.net ...
To protect web and data, companies must have a security policy. One of the best policies to protect
the company from various vulnerabilities is password policy. Passwords are the must important
element of the computer security. Week password may cause serious damage to the company. It is a
just a similar as given the main door key to the house where the diamond and millions of cash are.
So, the main purpose of choosing password policy is to set–up a standard for everybody to give a
strong password. It will set–up the standard protocol to setup and handle the passwords of every
individual that are related to the company including all users including contractors.
These are the password policy steps must follow by everyone.
➢ All system–level passwords must be changed on at least a quarterly basis
➢ All production system–level passwords must be part of the global password management
database.
➢ All users–level passwords must be changed at least every six months.
➢ Users accounts that have system–level privileges granted through group memberships must have
unique password than the users have.
➢ There must be guidelines to create a standard password such as: –
–Special characters, lower case, uppercase, punctuation, and number.
–Limitation of characters.
– Language of password
– Choose special word or characters to remember easily for users but make it difficult to the
outsiders (hackers).
➢ One–time

Security Policies And Control And Password Management...
Security policies are rules and guidelines formulated by an organization to manage access to
information systems and/or computer networks. Simply put, these policies exist to govern
employees, business partners, and third–party contractors with access to company assets.
Furthermore, some policies exist to comply with laws and regulatory requirements. These policies
are part of the company information security management system (ISMS), and are usually
administered to employees by Human Resources or distributed to business partners and contractors
via the Technology department. In sum, security policies protect assets from illegal or damaging
actions of individuals. Of course, many security policies exist, but this review will focus on the ...
Show more content on Helpwriting.net ...
These standards appear in the ISO/IEC 27000 series, the industry recognized best practices for
development and management of an ISMS (pg. 68 of CISSP). To clarify, ISO 27002 Information
Technology Security Techniques Code of Practice for Information Security Management module
falls within the ISO 27000 Framework. Ultimately, HHI's objective will be to comply with industry
standards and governmental regulations by designing sound security policies using ISO 27000
standards.
As has been mentioned in the previous section, the ISO/IEC developed the ISO 27000 framework,
which includes the ISO 27002 standards (page 37). Furthermore, the ISO 27002 standards contain
12 domains; nevertheless, this review will focus on the Access Control domain to rewrite the new
user and password requirement policies. Moreover, the Access Control domain has seven
subdomains:
Business Requirements for Access Control;
User Access Management;
User Responsibilities;
Network Access Control;
Operating System Access Control;
Application and Information Access Control;
Mobile Computing and Teleworking.
Specifically, the Network Access Control subdomain delves into user access management and user
responsibilities. In summary, the ISO 27002 standards encompasses 12 domains to "establish
guidelines and principles for initiating, implementing, maintaining, and improving information
security management within and organization

Nt1330 Unit 3 Assignment 1 Essay
Q4: What are the 5 of authentications available? List them form least secure to most secure, while
designing SQL Server's Object level security? You are also required to fill in the classification field
in the following table based on the security topology of Active directory running on a SQL server.
Requirement Classification
Login security must be integrated with active directory Server Level
It must be possible to deny a particular login access to the server if necessary Server Lev el
Developers must have read only access to production database system Database level or schema
level, depending on the design of the database
Service accounts must be unique for each instance/service combination. Service level
No user should own any tables. Schema level
Developer should be ... Show more content on Helpwriting.net ...
Password Policy: Password policies for SQL Server logins can be compulsory only when the case is
installed on windows server 2003 or 2008.
a) Password complexity: – This helps to successfully break the password for a password of letters
and third–party software cannot be known by the combo numbers to be.
b) Password expiration:– Trout password Ding document will be used to fight the password life.
When operating the password has expired package SQL Server, it reminded to change old passwords
that are divided into customer hears, recording and password.
c) Policy Enforcement:– How to apply the password policy can be configured separately for each
SQL Server connection. Use ALTER LOGIN to determine the password policy option for the SQL
Server access.
Encryption policy: It uses the secret encryption key of the strategy of resistance data. This plan,
gives or is meaningless without notice, or a fine. So safety data control always improves disaster
limitation, you understand. Be randomly shuffled arranged in the host computer database is useless,
for example, it is possible that the data is stolen; it is classified as a software engineer.

Cupcake Cuisine Policy Statement
Policy Statement
The objective of this policy is to ensure Cupcake Cuisine has security controls to restrict access to
software application features and data.
The purpose of this policy is to protect the integrity and confidentiality of Cupcake Cuisine's digital
data and to prevent unintentional corruption, and any misuse of company assets.
Body
A. Policy Objective 1. User accounts will be created for each employee of Cupcake Cuisine through
a cooperative company purchase of Employee Management software provided by Square.
2. Access to Software Applications will be Access to Software applications will restricted to only
authorized users or processes least privilege.
3. The task of creating individualized employee accounts and determining ... Show more content on
Helpwriting.net ...
The designated IT manager must henceforth log into the administrator account and reset the
password to this account following the password guidelines. The default administrator account has
the ability to create custom roles.
F. Role Creation 1. You must establish a role creation for each employee you wish to create an
accessible account for. In the next screen, the designated IT manager must create a role name first in
the creation of a new role. 'Under Role Information', to the right of 'Role name', type in the
description of the job, for the job title of another employee of Cupcake Cuisine. Note: Do not type in
the first or last name of the employee.
G. Accessing Point of Sale and Modules within PoS
1. Once the designated IT manager has defined an employee's role name, the screen will change
allowing the option to toggle whether this role name has access to 'Access Shared Point of Sale'. For
brevity the Point of Sale will henceforth be referred to as PoS.
2. If toggled on, it grants 19 features of the PoS which may each individually turned on or off.
3. if kept off, this user has no access to the PoS the PoS modular features or any Square software
applications that integrate with the Square such as Personnel, Payroll, Invoice, Payment, Capitol,.
H. POS: Least

Tft2 Task 1
Updated Heart Healthy Information Security Policy
Due to personnel, policy and system changes, and audits, Heart Healthy has voluntarily updated
their information security policy to be in–line with the current information security laws and
regulations. Currently Heart–Healthy Insurance, a large insurance company, plans to review and
provide recommendations for an updated information security policy in the area 's of:
Current New Users Policy
The current new user section of the policy states:
"New users are assigned access based on the content of an access request. The submitter must sign
the request and indicate which systems the new user will need access to and what level of access
will be needed. A manager's approval is required ... Show more content on Helpwriting.net ...
Heart–Healthy's Information Security Office will be responsible for management and administration
of Heart–Healthy's information security function(s). Heart–Healthy's Information Security Office
will be the chief point of contact for any and all security related functions.
User Access Policy * Heart–Healthy users will be permitted access based on the principle of least
privileges' * Remote access or dial–in–services will be requested by Manager level positions and up,
and approved by the Information Security Department. * End users are not allowed to re–transmit or
extend any of Heart–Healthy's network services. E.g. users will not attach hubs, switches, firewalls,
access points to Heart–Healthy's network without prior written authorization. * Users are not
allowed to install any additional hardware or software without the express written consent from the
Heart–Healthy information technology department. * All Heart–Healthy computer systems will
conform to agency standards * End users are not allowed to download, install or run any programs
that could potentially reveal or undermine Heart–Healthy's in–place security system, e.g. packet
sniffers, password crackers or network mapping tools are strictly forbidden. * All Heart–Healthy
employees, 3rd party contractors are responsible for managing their information resources and will
be held accountable for any information security violations or infractions
Current

Information Security Policy ( Isp ) For Star Gold
INFO 2411: Foundations of Computer Security
Project 1
07/03/2016
Student Name and SID:
1. Abdulaziz Aljafari – 100299460 ‫ــــــــــــــــــــــــــــــــــ‬
2. Turki Aljudai – 100298138 ‫ــــــــــــــــــــــــــــــــــ‬
3. Saud Alotaibi – 100300556 ‫ــــــــــــــــــــــــــــــــــ‬
I certify that this is my own work yes/no and that I have read and understand the University
Assessment regulations. Information Security Policy (ISP) For Star Gold
1. Scope
This Information Security Policy (ISP) for Star Gold applies to all company 's employees and
managers.
2. Objectives
To enhance security and protect Star Gold 's business information and to ensure its confidentiality,
integrity, and availability. Also to help the ... Show more content on Helpwriting.net ...
Computer Misuse Act:
The principle of the computer Misuse Act is to purpaccess to gain information without
authorization. Also it can be intentionally access to the system to be involved in a serious crime.
Unauthorized deletion or modification of programs can be one of the computer Misuse Act
principles.
Disability Discrimination Act:
The principle of the Disability Discrimination Act is to make sure that disabilities are not accessible
to any of the server public resources.
5. Application of the Policy
The company will be able to enforce all the policies by the group Policy and the object of this group
is to allows the staff to perform identified configurations for users. Moreover, if there is any breach
in the server, it might may damage your server and the first action that you will have to do is to see
how this breach happened and then after determining the action find the right way to prevent the
breach to not happen again.

6. Acceptable Use Policy
The goal of this policy is to plan the acceptable use of computer equipment at Gold Star, and to
protect the company and its employees. The misuse of these rules can lead to risky issues towards
the company, such as virus attacks.
a. Passwords policy
Passwords considered to be a very important part to ensure security. Passwords that are weak can
lead risky attacks against Star Gold's sources. Every

Implementing Effective Policies For Governing The Network
Requirements
The following corrective measures are listed in order of ease and importance. Additionally, they are
in order by feasibility. It is not feasible to enforce policies when there are no policies. Without
building non–repudiation into the system it is difficult to punish individuals violating enforced
policies, and by the same token without having granular data in the logs it is impossible to identify
individuals anyways. Because some items must be done before others, the foundation items are
listed prior to other items.
1. Policies
The most important step to securing the system is to publish effective policies for governing the
network. Without formal policies to guide the administrators there can be no consistent management
of the network. Without formal policies for acceptable use the users will not have an understanding
of what is unacceptable behavior and unwanted behaviors such as sharing passwords will continue
to be an issue. Publishing a series of policies is a cheap and effective step for improving the current
security posture. Policies should be issued for at least all of the following items in this section in
order to create a baseline for acceptable use and security of the TKU information systems.
2. Privileges
Administrator and user privileges should be limited in scope in order to prevent any one individual
from performing unauthorized actions on the network. Currently all administrators have full access
to all system resources. These administrator

A Brief Note On Information System Security Policy Essay
Information System Security Policy
Joshua E. Neal
Liberty University
October 21, 2016
CSIS 341 B01–Fall
Information System Security Policy
In business today the business process is almost entirely ran using information systems. At the end
of the last millennium business spent an estimated five hundred billion dollars fixing the Y2K bug
(Svaldi, 2000, p 2048). This is an example of how important the information system has become to
the business process. This is why information system security has become such a high priority in
corporations today. Think of having a high value company asset left out in the open for anyone to
steal. This the equivalent of an information system without proper security. Adequate and
sophisticated security structure is not something that falls into place by accident it takes strategic
planning and implementation. Building security for an information system demands a broad range of
expertise including cryptography, cryptographic protocols, system reliability, organizational and
legislative matters (Trcek, 2000, p. 1716) Organizations use a set of rules to define the protocols to
access to the information system. This list of protocols is known as security policies. Security
consists of a group of standardized polices working together as one document creating the security
policy. Researchers have stated the development of information security policies is the first step in
the right direction toward preparing an organization to defend

ABC Credit Union
ABC Credit Union
AUP 14 for ABC Credit Union/Bank
Policy Statement
This policy is to ensure compliance with GLBA, IT security best practices by its employees, and
regulate the use of the internet as well as the pages allowed visiting, not related to business
operations, and email security controls
Access to the Internet will be approved and provided only if reasonable businees needs are
identified. Internet services will be granted based on an employee's current job functions, a new
Internet access request must be submitted within 5 days.
User Internet access requirements will be reviewed periodically by company departments to ensure
that continuing needs exist.
Purpose/Objectives
The purpose of this policy is to define the appropriate uses of the Internet by ABC Credit Union
employees and affiliates.
Additionally to secure ABC Credit Union, the employees, and customers from harm caused by the
misuse of our IT systems and our data
This policy will be followed by every person employed by, under the control of, and/or contracted
by ABC Credit Union and will focus on Internet/e–mail use, organization's IT assets/system for
personal use, and security awareness training
Scope
This policy applies to anyone using ABC Credit Union Information Technology assets across the
multiple branches and locations throughout the region. Including but not limited to; employees,
temporary employees, contract employees, vendors, and visitors. ABC Credit Union's Internet users
are expected to

Sample Resume : Ccf Network Administration
11/18/2015 POLICY NUMBER 2015–11 To
All hospital staff
From
Dr. Manny Dominguez
CIO
CC
Ileana Escalona
Network Administrator
Attachments.
Copy to:
Dr. Manny Dominguez
CIO
Ileana Escalona
Network Administrator
POLICY: CCF NETWORK ADMINISTRATION
PURPOSE:
To provide guidance regarding access, use, and maintenance of CCF Network system, including
patient's Electronic Medical Records (EMR) and Protected Health Information (PHI), in accordance
... Show more content on Helpwriting.net ...
b) Users must not allow others to access the Internet by using their accounts.
2. Password Policy: Password is the front line of protection for user accounts
a) Access to CCF systems is tailored to individual staff needs and responsibilities are assigned via a
unique password.
b) The owner of an access password/ID is accountable for its use.
c) The password/ID owner is responsible to protect the integrity of accessible systems and preserve
the confidentiality of accessible information.
3. Network Access Policy
a) Internet access is granted to all users, however, CCF will filter content it feels is inappropriate for
business purposes.
b) CCF also reserves the right to monitoring, recording, review, and audit systems on a periodic
basis to ensure compliance with this and all other policies.
c) If employment is involuntary terminated, CCF will terminate your access to our IT resources

immediately to protect confidential and proprietary information.
4. HIPAA Security Policy: Health Insurance Portability and Accountability Act of 1996, and the
federal "Breach Notification Rule" as amended or added by the Health Information Technology for
Economic and Clinical Health Act ("HITECH")

How Technology Has Brought Internet
Introduction
The development of technology has brought Internet to become the mass communication media
between people or companies. Through Internet, people can communicate with other people in
various places. Companies can get many advantages by using Internet network to support their
business. Therefore, companies are trying as hard as they can, and give high effort in protecting their
network from attack and make sure that they have the best network security.
Most people think that the threat of security attack is only come from outside the company. In fact,
the attack from inside the company network is more harmful with high frequency to be happened.
As written by Cryptek (2001), which based the argument from some articles, that ... Show more
content on Helpwriting.net ...
All of the facilities boost up the use of corporate LAN increase, which resulted the increase of
internal security threats, vulnerabilities to be attack by either outside or inside intruders.
As written in Cryptek (2001), there are some problems make the inside network security is
vulnerable from attack such as: the server operating systems and the password protection on most
corporate network is sometimes do not work well. Moreover, the router access controls are often not
enough secure and many the network systems are not perfect configured, which enable illegal
outsiders enter the company network. It means that the main cause of inside attack is the ineffective
network security. They only focus with developing firewall, and they forget that firewall can't
effectively protect the network, if the intruders are come from inside the network, such as employee
or other authorized users.
As explained in the article written by NetMaster (2000), in the Ciscoworld Magazine: "Firewall are
not a protection against everything, but generally they will protect against unauthenticated
interactive access from the "outside" ". From the description, we know that the function of the
firewall is more to protect the company network from outside attack. Firewall are not

Information Security Performance Evaluation Program
Information Security Performance Evaluation Program: BuildingDNA should develop, monitor, and
report on the results of information security measures of performance. These reports should be used
by leadership to effectively manage their systems security life cycle and replace information systems
that do not meet the security levels needed to provide a safe and secured environment.
Odoo Usage Policy: BuildingDNA management should create and disseminate policies that
document the appropriate use of Odoo in accordance with the contract agreements.
Documentation of BuildingDNA's Information Systems: BuildingDNA must make all
documentation to their information systems readily available to authorized personnel and
administrators. This documentation will include the installation, configuration, and operations of
Odoo; how to operate and maintain the various security features; and known vulnerabilities
regarding configuration and use of administrative (i.e., privileged) functions (GSA). BuildingDNA
must also obtain all the documentation pertaining to the security features accessible to the general
user and guides on how a user can effectively use these features so as to provide a secure
environment during operation. If the above mentioned documentation does not exist, then
BuildingDNA should contact the vendors to obtain the documentation or create the documentation
themselves.
Risk Assessment Program: In order to provide a safe and secured environment for BuildingDNA's

Acceptable Use Policy
Acceptable Use Policy (AUP)
You must sign or digitally sign this form prior to issuance of a network userid and password. Initial
Awareness Training must be completed prior to signing this agreement. IAAwareness training is
found at https://ia.gordon.army.mil/dodiaa/default.asp. The IAAwareness test located on the Fort
Gordon website must be completed to fulfill the Awareness training requirement.
[pic]
By signing this document, you acknowledge and consent that when you access Department of
Defense (DoD) information systems:
1. You are accessing a U.S. Government (USG) information system (IS) (which includes any device
attached to this information system) that is provided for U.S. Government authorized use only.
2. You ... Show more content on Helpwriting.net ...
However, in such cases the U.S. Government is authorized to take reasonable actions to identify
such communication or data as being subject to a privilege or confidentiality, and such actions do
not negate any applicable privilege or confidentiality.
9. These conditions preserve the confidentiality of the communication or data, and the legal
protections regarding the use and disclosure of privileged information, and thus such
communications and data are private and confidential. Further, the U.S. Government shall take all
reasonable measures to protect the content of captured/seized privileged communications and data to
ensure they are appropriately protected.
a. In cases when the user has consented to content searching or monitoring of communications or
data for personnel misconduct, law enforcement, or counterintelligence investigative searching, (i.e.,
for all communications and data other than privileged communications or data that are related to
personal representation or services by attorneys, psychotherapists, or clergy, and their assistants), the
U.S. Government may, solely at its discretion and in accordance with DoD policy, elect to apply a
privilege or other restriction on the U.S. Government's otherwise–authorized use or disclosure of
such information.
b. All of the above conditions apply regardless of whether the access or use of an information
system includes the display of a Notice and Consent Banner ("banner"). When

Online Health Insurance System ( Medicare )
FINAL REPORT
(FALL 2016)
Submitted by : SHRAVYA VALUPADASU
Student ID : 700632904
________________________________________
ABSTRACT
The objective of this project Online Health Insurance System (Medicare) is to develop a web
application to an organization which is intending to provide health insurance plans to all its
employees.We are formed a team of 6 members to work on this project and divided the work among
ourselves and tried to complete the actual intended function of this application.
There are two types of users Admin and member.Admin is the person of an organization who will be
maintaining this application like adding policy details,adding insurance company details,getting the
employees registered,approving the requests raised by employees to get a health plan and so on.Both
Admin and member need to login into the application to access this web application.They can
register and provide the details to login.They even have the feature to change password,update
employee details and so on.
We have developed the application using C#, .Net for the front end along with HTML and CSS on
Microsoft Visual Studio. We have developed this application following MVC pattern.For the
backend or database related activities we have used SQL Server Management Studio.I have learned
using stored procedures more effectively and writing functions and views in database related
operations.We have written all object or properties in model.And the controller contains all action
items as to

Essay about Tft2
Heart Healthy Information Security Policy
Due to personnel, policy and system changes, and audits, Heart Healthy has voluntarily updated
their information security policy to be in–line with the current information security laws and
regulations. Currently Heart–Healthy Insurance, a large insurance company, plans to review and
provide recommendations for an updated information security policy in the area 's of: 1. Current
New Users Policy – The current new user section of the policy states: "New users are assigned
access based on the content of an access request. The submitter must sign the request and indicate
which systems the new user will need access to and what level of access will be needed. A
manager's approval is ... Show more content on Helpwriting.net ...
The combination of the password and the complexity directly lead to its unpredictability. With 8
character complex passwords, with current GPU processing power a password can be broken in less
than 26 days by exhausting all possible combinations.
Proposed Password Guidelines * Passwords should be a minimum of 14 characters * Passwords
based on dictionary words are prohibited * Passwords based on pet names, biographical
information, children's names, no names of relatives * Passwords must consist of a mixture of
uppercase, lowercase, and a special character * System will remember last 12 passwords * If
passwords are written down, they must be kept in a safe place, e.g. a wallet, or a safe. Passwords are
not be be written down and tape to the bottom of the keyboard, stuck to the computer monitor with a
sticky note, or put in an unlocked desk drawer. * All passwords will be changed every 90 days
Proposed Password Policy
Heart–Healthy password policy guideline is a recommendation for creating a new user password.
This policy is a guideline to help end users in: * Choosing and creating a strong password * Ensure
that passwords are highly resistant to brute force attacks and password guessing *
Recommendations on how users should handle and store their passwords safely * Recommendations
on lost or stolen passwords
Password expiration * Password expiration

Unit 3 Assignment 1: Implementing Passwords
Passwords:
Passwords are usually combination of strings, characters and numbers used for authenticating the
user and provide the access to utilize the resources/data. There are different operating systems and
each of them has different options to enable the passwords.
Implementing Password Policy:
The Passwords can be implemented on the active directory and it should be mandatory for the users
to follow the password policies.
Enforcing Password Policy in Windows 7 OS
The most common method to authenticate the individual or users is to use the password. To Secure
the network they must use strong passwords. It must be at least eight characters combination of
digits, alphabets and symbols. The password prevents the user accounts from being

Unit 9 Network Security P2
The first task I will be creating a check–list for the numerous procedures that will help secure the
network secure, one policy I will be entering in the check–list is password policy. This type of
authentication is used in most websites and many organization that requires a password like
Facebook, eBay, and websites that as secure data. It can be secure depending on how decent the
password is, usually the user–name is the most secure part as its just specific for that user, also for
the user to make his or her password secure is by using capital letter, spaces, number and not
something the hacker can guess like the same as your user–name or birthdays and your name, also
the user can change and updated any time they want, and if you get either ... Show more content on
Helpwriting.net ...
There are many responsibilities that the admin has to keep the network secure one is the server
security, this is where they will need to make sure that the servers are placed and housed in a secure
location in the organisation. Also the admin need to make sure when the server are doing there jobs
that they don't over heat and break, and damage the organisation data ,so what they do is put the
servers in a air conditioned so it would not overheat.
The next way to secure administrative permission is they need to make sure that they have some
kind of security so keep the network secure , i thing i will add on the check list is an internet firewall
this is used to try and stop unauthorized access to the organisation network.
The third thing i will add to the check–list for the administrative permission procedures is that the
organisations admin will need to have some kind of desktop security so that there will be a less
chance of theft happening in the business. One thing that they can do is by chaining all the
computers and printer to the desk so intruders can't steal

Verizon Data Breach Investigations Report
Online Defense 101
Statistics show that most security breaches are direct results of insider misconduct rather than being
hacked. According to the most recent Verizon Data Breach Investigations Report, about "285 million
records were compromised in 2008." Seventy–four percent of the incidents were from inside
sources. Users are more likely to be victims of computer virus infections, inquisitive students/co–
workers, and hardware failures than to be victims of an Internet security attack.
Reasonable precautions should be taken in order to ensure the safety of personal files that may be on
the user's computer as they navigate through the Internet. Each situation is different.
Every user should take the reasonable amount of precautions that depends ... Show more content on
Helpwriting.net ...
Another source of a great amount of fraud is the fact that a lot of businesses are careless when
they're hiring new employees because they do not do conduct adequate background checks during
the hiring process. They also have lack an adequate network and do not have a reliable computer
security system in place so that also plays a big factor in to why their business is victim to fraud and
cybercrime.
One of the many ways that employees are given the opportunity to make fraud from their companies
is that customers physically hand over their credit cards to the employees rather than just swiping
the card and following the instructions that are placed near the cash register or that is being told
verbally to them. That gives employees all complete trust and the opportunity do what he/she wants,
regardless of company policy. There is the temptation to do something wrong which more often than
not, the chance is

Information Security And Computer Usage Essay
TECHNOCRACY "NO GOD OR KINGS. ONLY MAN."
MEMORANDUM
TO: Dan Brown, VP of Technocracy DATE: 10/6/16
CC: Stan Lee, President of MultiGame
FROM: Domenick Perrino, Director of Information and Computer Technology
SUBJECT: Information security and computer usage policies
This memo presents the plans for the revision of information security and computer usage polices
for Technocracy. The memo will outline discovered security issues and new policies including
additional steps, goals and obstacles when implementing them.
Previous security issues discovered
Security compromises were discovered in information and computer security after the hack of
MultiGame's Mi–Play. This resulted in multiple lawsuits and loss of customers because customer
private information was disclosed.
These previous security issues were lack of:
Information security and computer usage polices
Secure passwords.
Encryption.
Employee/User restriction.
Security features to block pirated software.
To prevent a similar situation from occurring to Technocracy the new polices were created based on
the discovered security compromises.
New polices and benefits
Secure passwords:
Password policy: Requires all employees to create or change passwords to meet specific
requirements. This policy will establish Technocracy with secure passwords and protect all
Technocracy accounts from unauthorized access. (US–Cert Publication, 2016)
Encryption:
Encryption policy: Encryption established on

Vulnerability Assessment Of The Network Security
Introduction
According to Kizza (2013), the rapid growth of networking has led to increased security risks. Many
of these risks are as result of hacking, improper uses of network resources and network device
vulnerabilities. Awareness of the various weaknesses and vulnerabilities is vital to the success of
current networks (Kizza, 2013).
The network security incidents are increasing at a disturbing rate every year. As the complexity of
these threats increases, so do the security measures required to protect networks. Enterprise data
center operators and analysts, network administrators as well as other data center experts need to
understand the principles of security in order to safely deploy and manage networks today.
Vulnerability ... Show more content on Helpwriting.net ...
Table 1 lists security weaknesses found and their description.
Table 1 Network Security Weaknesses
Vulnerability Description
TCP/IP protocol vulnerabilities Some internet protocols such as HTTP, FTP, and ICMP are
intrinsically insecure. On the other hand Simple Network Management Protocol (SNMP), Simple
Mail Transfer Protocol (SMTP), and SYN floods are closely related to the intrinsic insecure
structure design of TCP.
The network workstations operating system weaknesses The company uses the Windows network
operating systems whose security problem needs address.
Network equipment weaknesses The various types of network equipment, such as routers, firewalls,
and switches, have security weaknesses that should be recognized and protected against. These
weaknesses include the following:
Password protection
Inadequate authentication
Routing protocols
Firewall holes
Configuration Weaknesses
Network administrators and engineers need to fully understand what the configuration
vulnerabilities are and correctly configure their computing and network devices. Table 2 lists
configuration vulnerabilities

Cis333 Week 5 Lab 4
Lab 5 Assessment 4– Questions & Answers
Lab Assessment Questions & Answers
1. Define why change control management is relevant to security operations in an organization.
Change control is a precision arrangement of managing every change made to a system. This is to
ensure that no unneeded changes are done, that every change is documented, and that no service is
disrupted unless absolutely necessary, and that all resources efficiently used.
2. What type of access control system uses security labels?
A LBA C Label Base Access Control
3. Describe two options you would enable in a Windows Domain password policy.
Password must meet complexity requirements Minimum Password length ... Show more content on
Helpwriting.net ...
Account Policies/Password Policies/ Enforce Password History. Also in Account Policies/Password
Policies/ Maximum Password Age. Also in Account Policies/Password Policies/ Minimum Password
Age. Also in Account Policies/Password Policies/ Minimum Password Length. Also in Account
Policies/Password Policies/ Password Must Meet Complexity Requirements
7. What sources could you use as a source to perform the MBSA security state?
You can direct the MBSA either to use the Microsoft Update Live Service, a Windows Server
Update Services (WSUS) server, or an Offline catalogue as the missing security updates source
instead.
8. What does WSUS stand for,
The WSUS or Windows Server Update is a free management tool for patches, and available to all
Administrators of Window's Servers. The WSUS allows these administrators to authorize, publish &
distribute updates throughout their networks.

and what does it do? It is imperative that Administrators keep their Networks safe & Secure. Instead
of each and every workstation manually connecting to Microsoft updates, Administrators can
employ WSUS to download updates centrally to an internal server in their network. Once the WSUS
authorizes them, they are deployed to their internal locations. Then, Reporting tools assist and keep
the Administrators informed

Create A Password-Change Policy Paper
Create a password–change policy for a networking group The password policy is set in the Default
Domain Policy, and the password is set to expire every 180 days, but it can be change to 30 days and
never. You can run a command called "Gpresult /v" at the command prompt line to see which
systems are set to the 180 day password reset. Before the password expires you will be prompt about
a week before it expire, letting you know that it will expire in so many days, and it will ask you to
change it before it expired. If you do not and it expires, then you will come in one day and will not
be able to log in and you will have to contact the network security/help desk to reset your password
for you. Once you have log in as the administrator, you can type in the command secpol to open up
the local security policy. Remember you have to be log in as the administrator. Next double click on
the Account Policies and then click the Password Policy. Once you are in the password policy, you
can click what you ... Show more content on Helpwriting.net ...
This can make it hard for a hacker to hack the system, but a lot of work on the users and a lot of
passwords to remember. Maximum number of days, can be set to any number, but if to high can cost
problems, let's say we set it to 60 days, which means that if I change my password (1BanX@1o1) to
something else, then I cannot use (1BanX@1o1) password for 60 days. Each time I change it to
something else, then I cannot use that old password for 60 more days. To long can give a hacker
time to hack your password, and to short can be a nuisance to the user, for him having to change
their password too

Nt1310 Unit 1
1. Authorization:
Authorization is the act of checking to determine if a user has the proper permission to access a file
or perform an action, after the user has properly identified themselves through authentication
(Username/Password). Authorization is provided to users based on a job requirement or a need to
know that allows them to access the required material. Authorization is usually determined when a
user first gains access to a system but may change over time. If a change occurs that requires more
or less authorization for a particular employee, the concerned supervisor should contact the
appropriate authority to make the change.
2. Identification:
Identification is the means through which a user is associated with and gains access to an account.
The most common form of identification in use with computer systems is through the use of a
username. Other systems use Common Access Cards (CAC), smart cards, or tokens combined with
a pin code that allow for access to a system. More complex, high security systems might use some
form of biometric to associate a user with an account and permission set. Biometrics include:
fingerprint, iris scan, facial scan etc.. something that is unique to the particular person that cannot be
easily altered. Identification allows for the tracking ... Show more content on Helpwriting.net ...
This authentication is historically something only known to the individual using their corresponding
Identification code. Authentication when using a smart card or token is both the insertion of that
card into the appropriate reader and the entry of the corresponding pin code. With biometrics,
authentication is the submission of whatever reading is required (i.e. thumbprint). Successful
authentication means that you have submitted the identification of who you say you are and verified
it through whatever authentication method was

Security Plan
Introduction
The purpose of this security plan is to elicit the potential threats to an organisation physical and
electronic information holdings. Organisations in general are starting to take information security
more sincerely due to the proliferation of mobile services, VPN connections, terrorism and natural
disasters. We must however acknowledge that this very technology advancement is regarded as
efficient but is also leading to a higher level of security risks. These risks must be mitigated to
ensure the confidentiality, integrity, and availability of information assets. (The SANS Institute.
2007)
The security team would like to report the following threats to the organisations physical and
electronic information holdings ... Show more content on Helpwriting.net ...
Effective Cooling / Notification systems The server rooms should also be adequately equipped with
air–conditioning as well as sensors and monitoring systems to detect any failures. A server
overheating can cause a fire and this could lead to various other threats to an organisations
information assets.
Backups A company must ensure that their data is backed up and also need to verify that the backed
up data can be restored and stored in a save location.
Incident Response Management A computer incident security response team (CISRT) together with
incident response management will ensure a company can recover from a incident and continue
normal services.
Malicious Code, including viruses, worms and Trojans Digital attacks , mainly in the form of DOS
denial of service through the use of malicious code, viruses, worms, Trojans and many more are a
threat to an organisations information portal.
Outsourcing Development and Support To remain competitive, the organisation should mitigate
security threats when acquiring, outsourced development and support staff including implementation
of host software applications.
Software Development Methodologies Software development needs to be analysed and examined
internally, and also to prevent any threats to our information the business should ensure the

Advantages And Disadvantages Of Key Stroke Dynamics
Key–Stroke Dynamics This research paper describes the advantages and disadvantages of key–
stroke dynamics with the aim that it will help to improve the traditional password security system
while increasing usability. Key–stroke biometric means typing characteristics that are unique to an
individual physiology and behavior and thus difficult to duplicate. As in practice many users find
burden of remembering unique and constantly changing passwords. It is difficult to carry so users
usually use same passwords for all the account. Although using best recommendations passwords
are easily transferable because people usually write down their passwords or type them incorrectly
by entering them in username filed or through shoulder surfing. Secure authentication without
significant burden on usability is extensive. Applications which are involved in financial transaction
are most likely targeted by attacks. Users want to keep their financial information safe from these
attacks. For this purpose key–stroke dynamics are highly attractive as an authentication option
because of degree of transparency it offers. The most finest way to take benefit of it is to collect the
timed information of data that user already typed to login id ... Show more content on
Helpwriting.net ...
This explanation clearly shows that security and usability both do not go side by side. Many
software developers say that improving usability degrades security and vice–versa. On the other
hand user belief that being difficult, is a part of being secure. The methodology used in this study it
uses a laboratory test which asks users to perform tasks that include the use of securiy. Study is
comprised of both the methods i.e. quantitative and qualitative approaches. The Polaris
documentation was also included as it is considered a part of the software

Case Study: Heart-Healthy Insurance
Heart–Healthy Insurance is an important and successful insurance company that prides itself on its
commitment to its user's privacy. This privacy we provide to our customers creates a mutual trust
that makes our company more valuable than our competitors. To keep this client trust, we must meet
certain criteria to ensure our security practices are up to par to provide the utmost protection to our
customer's privacy.
My greatest concern to the out current security policy as of now are the New Users creation policy
and the Password Requirements policy. I felt that these policies are lacking and don't quite meet the
current standards that are required for our organization and the type of data we handle and store. The
present new user policy states: ... Show more content on Helpwriting.net ...
The success of your information security plan depends largely on the employees who implement it.
Consider, checking references or doing background checks before hiring employees who will have
access to customer information." (FTC) By vetting any new user accounts, we would be by
establishing a more secure baseline to operate at and ensure social engineering attacks would not be
successful. The use of segregated accounts with regular access and administrative access enables our
current User Creation policy under HIPAA and HITECH standards. "Passwords should be changed
periodically based on threat exposures (e.g., every 30, 60, or 90 days, with timing an output of the
practice's risk analysis). Implement and carry out sanctions for any workforce member who posts a
password on a workstation terminal or desktop, or who shares a password with other workforce
members."(Jones) Increasing the password characters and complexity is a requirement for PCI–DSS
"PCI compliance password requirements are the following: Require a minimum length of at least
seven characters, Contain both numeric and alphabetic characters, Users to change passwords at
least every 90 days." (Charles) I feel these changes are the steps that need to be taken to continue
our trust with our customers and is only the first step to combating the attacks against those who
wish to gain our sensitive

Organizational IT Security and Troubleshooting Essay examples
Security of a network is a huge issue with companies due to the sensitive information that the
companies work with. One of the easiest ways of security the computer is to secure user accounts
and people need to understand to never give out their passwords to anyone. Techs may ask for the
user name to reset a person password but never give out the password. Social engineering activity
lately has been increasing with attacker calling claiming to be an internet helpdesk or some sort of
helpdesk. There are user authentication policies which can be created to help improve the network
security. There are many password policies which can be set and enforced by Windows 7 or the
network domain services which will help ensure the system is ... Show more content on
Helpwriting.net ...
In this case, it would be more likely a person would reset the password when it expires to the same
password because it would be easy to remember. By forcing unique password at each reset, the user
has to come up with a new password. Another authentication policy which can be put into place to
help improve security network is by using another form of security with a password such as smart
card or biometrics. These are addition security to allow people to access the network. According to
Kim & Solomon (2012), brute force attack is where the attacker tries different passwords on a
system until one is successful usually by a software program, (Kim & Solomon, 2012). An attacker
can use a brute force tool to get a person password but have a much harder time getting by the
addition security of a smart card or biometrics. Some laptops come with biometrics scanner
technology already installed and it would have to be setup. The biometrics normally is a finger print
scanner. The smart card would be a cheaper alternative to the biometrics and uses a credit card like
card with a computer chip to store information to authenticate people on the computer. If the user
lost their smart card, it should be reported as soon as possible to get the card deactivated to prevent
authorized entry by someone finding the card. In addition to authentication policies, training should
be done with the employees to

The Importance Of Security Best Practices
Security Best Practices
"No computer with a connection to the internet is 100 percent safe" (Helmke, 2015). System
Administrators have a responsibility to protect individuals and corporations from breaches and loss.
A breach can have massive economic implications and, even worse, long lasting damage to your
reputation. Linux is just as vulnerable as other operating systems and it appears the majority of best
practice methodologies apply across all operating systems.
"Security Audits"
The first step is to perform a security audit and determine where vulnerabilities may exist. Physical
Placement – The system is extremely vulnerable if not installed in a climate controlled secure room.
Only authorized personnel should have access to the room ... Show more content on Helpwriting.net
...
Software versions – Additionally, it is good to hide the machine ID and software versions. This is
simply free information making it easier for the attacker.
Wireless – Helmke (2015) also recommends using wired and avoiding wireless if possible.
NMAP – Another vulnerability is open ports. Tools such as NMAP scan and determine if any ports
are open. Unexpected open ports are clues that a potential breach has occurred and that a cracker has
opened unauthorized ports.
Intrusion Detection Systems – IDS should be installed that contain the capabilities to monitor the
network and send alerts if odd or different behavior is observed.
"Protect your system"
Update Linux kernel and Software – Regular updates are critical to insure the system has the most
stable and reliable load.
Viruses –Linux has an advantage over Windows. Helmke (2015) explains,
"Linux never puts the current directory in your executable path, so typing ls runs /bin/ls rather than
any program named ls in the current directory.
A nonroot user can infect only the files that user has write access to, which is usually only the files
in the user's home directory. This is one of the most important reasons for never using sudo when
you don't need to.
Linux forces you to manually mark files as executable, so you can't accidentally run a file called
myfile.txt.exe thinking it is just a text file.
By having more than one common web browser and email client, Linux has strength through

Adequacy of Organization's Long-term Counter Attack Actions
Introduction
In Case study number one (Dhillon, 2007), Stellar University(SU), which is public education
institution, had a system breach in its Information Systems(IS). The IS of SU contained many types
of IT such as Mainframe, AS400, Linux, VAX, Unix, AIX, Windows(3.1 and up to 2003), Apple,
RISC boxes Storage Area Networks(SAN), Network Attached Storage(NAS) and much more. Sadly,
SU has had a security breach on some of its systems. Even though everything was fixed but there
are issues that need to be discussed about this breach. The first issue is adequacy of organization's
long–term counter attack actions. The second issue is helpfulness of immediate counter attack
actions. Hopefully, the discussion will be concise and to the point.
Adequacy of Organization's Long–term Counter Attack Actions
Sadly, the measures SU IS staff has taken were not adequate enough. The post–mortem check they
conducted to determine the what and why of the breach was not done in a formal fashion. It was
basically, a written summary presented to the management, along with an analysis of how to avoid
such future breaches of similar type presented to the System Administrators(SAs). It was done in
several steps. First, after viewing monitoring tool logs the SAs decided to put the Anti–Virus(AV)
program in the watch list of services so they would be alerted when a hacker for instance disables
the AV. Still, this step will not prevent the intrusion! This is another proof that the actions were not

Acct 556 Week 1 Key Learning Points
Key Learning Points During this course there have been a number of key learning points that would
help every organization protect itself from a cyber–event. These include password management,
patch management, security policies, encryption, and user training. In each of the cyber security
breaches one or more of these standard security protocols were not used. Each of these cyber
security events could have been prevented if standard security measures had been taken. Strong
password management is key to protecting every organization from a breach. Weak passwords can
be compromised by guessing or brute force. One of these password hacking tools is called
OphCrack (Easttom, 2012). This tool understands the way Microsoft keeps passwords as a hash file
on the system (Easttom, 2012). OphCrack uses this information to gain access to the local
administrator account on the system (Easttom, 2012). There ... Show more content on
Helpwriting.net ...
This policy establishes the guidelines that the organization follows. This would include an
acceptable use policy, an authentication policy, and an incident response policy ("The IT Security
Policy Guide", n.d., pg. 6). This policy will reflect the entire organizations security posture, not just
the IT department ideas. A strong policy will help employees understand what is expected of them,
and explain to customers how their information is protected.
Encryption should be in place to protect and secure information. Encryption allows information to
be sent or kept securely. Files at rest may need to be encrypted if they contain secure information.
Information such as patient data, or social security numbers would need to be encrypted. Further,
emails or transmitted information may need to be encrypted. This will protect the information while
in transit. If an attacker gains access to the email, they would not be able to open the file because
they would not have to key to unlock the

Information Security Breaches Over the Last Decade

Recommended

Recommended

More Related Content

Similar to Information Security Breaches Over the Last Decade

Similar to Information Security Breaches Over the Last Decade (12)

More from Nina Vazquez

More from Nina Vazquez (20)

Recently uploaded

Recently uploaded (20)

Information Security Breaches Over the Last Decade