Information Security Threats

With widespread use of internet services, the network scale is expanding on daily basis and as the network scale increases so will the scale of security threats which can be applied to system connected to the network. Viruses and Intrusions are amongst most common threats that affects computer systems. Virus attacks can be controlled by proper antivirus installation and by keeping the antivirus up to date. Whereas any unauthorized access in the computer system by an intruder can be termed as Intrusion and controlled by IDS. Intruders can be grouped into two major categories which are external and internal Intruders.

Moreover, management should conduct privacy protocol training, so everyone is on the same page. The policy needs to state clearly the company’s rules about protecting customer’s personal data. Also, staff needs to know that there will be monitoring of phone calls and well as computer activity and emphasizes that per Muhl, (2003) “an employee’s personal use of an employer’s e-mail system and Internet access is not protected under the law.” Hence, organizations can encounter legal troubles due the inappropriate use of the system. The privacy of customer is important, and it needs protection.

There are several differences between a policy, a standard, and a guideline. Policies are typically a statement produced by senior management relating to the protection of information. It outlines security roles and responsibilities. It also describes the controls that are set in place to protect pertinent information. Each policy should make some form of reference to the standards and guidelines that support it.

We are now just one click away from buying a car or communicating with someone halfway across the world. “The Internet has revolutionized the computer and communications world like nothing before. ”("Internet Society."). Scientists and engineers like Roberts and Kleinrock worked very hard to put their ideas down on paper to describe this global communication through a network. The first form of the Internet was originally called ARPANET.

Sharing Internet Access: within a computer network learners are able to access the internet at once. Speed: Using a network is a faster way for sharing and transferring files. Without a network, files are shared by replicating them to a floppy disk. Cost: Networkable versions of many popular software programmes are available at significant savings compared to buying individual licensed copies. It also allows easier upgrading of the program.

They also handle all aspects of information security. This includes teaching others about computer security, inspecting for security violations,

Information Systems Audit and Control Association (ISACA). 6. Describe three of the COBIT P09 control objectives. • Plan and Organize is the domain that deals with the strategy and tactics and concerns the identification of the way information technology can best provide to the accomplishment of the business

• Security that all transmissions are protected when being transmitted over the electronic communications

Fundamentals of Networking IT204-1701A-03 Unit 1 Discussion Board 2 Andrew LeLusche Professor Gregory Roby Colorado Technical University 1/6/2017 Fundamentals of Networking IT204-1701A-03 Unit 1 Discussion Board 2 In order to choose the correct network for your needs, it is important to first understand the differences, advantages, and disadvantages between a peer to peer network and a client/server network. Whether you are a family home, a mom and pop shop, a data center or large corporation- there is a network for your needs. A network is a system of operating machines that allows a user to access an interface suitable for creating and saving documents, access webpages and video/audio content, run administrative programs to serve clients based on whatever business model or service provider you are. First let’s discuss a peer to peer network.

1. Policies governing the network insecurities which include Email and communications policy, Remote Access Policy, BYOD Policy and Encryption policy 2. User accounts management through training and assigning of user roles depending on their access levels to information in the organization. 3. Setting up workstations and assigning every user a workstation.

The Information Security Manager reports in their capacity to the CEO. Company officers, executives, directors, employees, contractors and third party service providers cooperate and work with the Information Security Manager to ensure the protection of customer’s non-public information and Licensee’s Information Assets. Policies, such as Enterprise Antivirus Program, Network Access, Software Development Security Standards, Physical Security, Vendor Manangmenet Ativirus, Mobile Computing/Remote Access, Inromation Security Risk Assessment, Social Media, Data Loss Prevention, and Secuiryt Incident Response Policies have been implemented to protect customer’s non-public personal information and company Information

For operational purposes, the company collects and stores confidential information about their customers, employees, suppliers, and vendors. For purposes of their rewards program, the company collects sensitive and confidential consumer information. Although security measures and information technology systems have been put in place to ensure secure transmission and storage of confidential information, security breaches, computer viruses, or even human error can occur. Any of these events could cause data to be lost or stolen, as well as disclosed and used with malicious intent. Such occurrence could lead to litigation, fines, increased security costs, and damage to

h. Preventive controls such as proper training and educating employees so they understand to never use a USB if they don’t know where it came from or what is on it. Antimalware or spyware software can be used for security protection. i. Preventive controls such as proper training and implementation of CIRT so that employees know where to go when an attack occurs. Corrective controls such as practicing the incident response plan and alert process can help when attacks occur and help identify gaps in the plan so they can be fixed for when a real attack happens. j. Preventive controls such as testing the systems and securing access by requiring proper verification of the users attempting to obtain dial-in access.

17- How has computer security evolved into modern information security? Its evolution can be noticed because in the earlier days the concern was to gain access into a computer system but nowadays security had become a must in every computer industry. Both information and computers need and depend on security nowadays.

the more options there and can be used to violate privacy. Most people consider they have little, if any, control over their personal data. Better encryption and the minimizing of data requirements aids in this goal. PIMS systems are a new technological developing that promises to aid the privacy dilemma. The PIMS system consists of a user’s server, running the services selected by the user, storing and processing the user’s data locally instead of on an online server.