StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Information Security: Policy, Processes, and Practices - Research Proposal Example

Cite this document
Summary
This research proposal "Information Security: Policy, Processes, and Practices" discusses different factors that must be taken into account when constructing and maintaining an information security policy. However, there are many methods available for constructing an information security policy…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.2% of users find it useful
Information Security: Policy, Processes, and Practices
Read Text Preview

Extract of sample "Information Security: Policy, Processes, and Practices"

?Contents Contents Part A 3 1 Introduction 3 2 Overview 4 3 Scope 4 4 Gold Star Goals and Objectives 5 5 Purpose of Establishing Policy 51.5.1 Success Factors 6 1.6 Application of the Policy 7 2 Computer Hardware and Software Policy 7 2.1 Ownership 7 3 Acceptable Use Policy 10 3.1 Network Security Policy 11 4 Legislation and Other Policy 12 4.1 Associated and Applicable Legislation 12 4.2 Intellectual Property Rights 13 4.3 Intellectual Property Standards and Training 13 4.4 Using Software from Outside Sources 13 5 Enforcement 14 6 Revision History 14 7 Definition of Terms used in this policy 14 8 Easy Access Matrix 15 9 Passwords policy 15 10 Privileges policy 16 11 Email Use Policy 16 12 Network Use Policy 16 13 Internet Use policy 16 14 Backup 16 15 Conclusion 16 16 Part B 17 16.1 NMAP 17 17 NESSUS 19 17.1 Vulnerability Details and Fixing Recommendations 20 18 References 22 1 Part A 1.1 Introduction As this is an information age, information is now in the form of digits that flows on an electronic computerized network. Organizations are dependent on these digital communication channels for transferring and exchanging classified information such as confidential information, mission critical information and information that is published for the people. As information is a blood life of any organization, it is vital to protect information by implementing physical, logical and environmental controls. In the context of protecting information security, three fundamental factors must be considered to make use of digitized information in an effective manner i.e. Confidentiality, Integrity and Availability. As there is a requirement of protecting this digital information internally and externally, policy is a control that provides necessary steps, procedures and processes to protect information. These are also considered as high level statements derived from the board of the organization. “Information security policy is therefore considered an essential tool for information security management” (Ilvonen 2009). However, information security policy is customized by company to company and department to department. Different factor that may influence to tailor the policy includes organization size, dependence on information systems, regulatory compliance and information classification scheme. For addressing all issues related to information security via a single policy is not possible, however, to cover all aspects related to information security, a set of information security policy document focusing on different group of employees within the organization is more suitable. This paper will discuss different factors that must be taken in to account when constructing and maintaining an information security policy. However, there are many methods available for constructing an information security policy, the initial step before adopting any one of the methods is to identify the current maturity level of the policy construction process within the organization. The outputs will be either no information security policy development process in place or there is an extensive policy development process exists. 1.2 Overview As information security (Detmar Straub, Goodman et al. 2008) has now become everyone’s business, every employee of Gold Star is accountable making themselves aware with the compliance with Gold Star policies, procedures and standards associated with information security. Likewise, a policy is considered as a tactical control followed by budgets and organizations (Osborne, Summitt, n.d). Information Security is defined as: “The protection of information systems against unauthorized access to or modification of information, whether in storage, processing or transit, and against the denial of service to authorized users or the provision of service to unauthorized users, including those measures necessary to detect, document, and counter such threats” (Vacca, n.d ). Information security has three fundamental objectives that must be met i.e. Confidentiality, Integrity and Availability. The policy in this draft is based on these three objectives. 1.3 Scope This policy is applicable to all information resources, systems that are internally connected, Gold Star, employees and third parties who have access to Gold Star. The scope of this policy will also cover all the legacy and future equipment that will be configured and tuned as per the reference documentation. 1.4 Gold Star Goals and Objectives Gold Star and Gold Star employees are intrinsic and responsible for protecting the physical information assets, confidential data and intellectual property of the organization. Likewise, these physical and intangible assets must be protected from potential threats to Gold Star and Gold Star employees. Consequently, the information security policy for Gold Star is a critical business function that must be integrated within the business operations covering all aspects of Gold Star business procedures, processes and tasks. However, to achieve these objectives, policies and procedures are already in place i.e. Acceptable Use Policy of Gold Star. Information security is the basis for the business that must be integrated into each function of the organization i.e. administrative service, planning and development, sales and marketing and operations, as these functions require precise controls for mitigating the risk from normal business operations. State and federal laws associated with information security and privacy are applicable to Gold Star, as non-compliance will impose fines, stakeholder confidence, audits and direct revenue loss for Gold Star. 1.5 Purpose of Establishing Policy Gold Star needs an information security policy to secure information resources from threats, as it will build confidence in stakeholder confidence. Moreover, by securing information resources, competitive advantage can be achieved in the market, that will result in maximizing profitability along with trust in data. Security of the organization should not focus on Information technology only. Some of the sources of threats includes vandalism, sabotage, espionage, natural disasters, online frauds, phishing etc. however, cyber criminals can also compromise networks while data in transit. Some of the threats are non-ethical hacking, viruses, Trojan, malicious codes, and denial of service attacks. 1.5.1 Success Factors Critical success factors for the effective and successful application of security within Gold Star are: Complete and comprehensive security policy, security objective that aligns with Gold Star business objectives A methodology that is steady and aligns with Gold Star culture Comprehensively Visible Senior management support for Gold Star Highly visible support from Gold Star executive management Comprehensive and in-depth knowledge of risk management and security requirement practices Communicating security requirements to Gold Star managers, business partners, customers, and software developers and outsourcing companies. Assistance and guidance to all Gold Star managers, business partners, customers, software developers and outsourcing companies. Awareness and training on Information security Measuring the effectiveness of information security by periodic reviews of controls and mechanisms Identifying weak areas and adjustment on Gold Star modified business objectives where necessary For updating or modifying the policy, Annual review of the information security policy of Gold Star for addressing changed business objectives along with risk environments 1.6 Application of the Policy The information security policy is drafted from one of the templates from SANS that claims on their website to be the most trusted and the largest source for information security research in the world that focuses on certification, research and training (, SANS: Information Security Policy Templates ). Moreover, many authors refer to SANS information security policy templates to facilitate organizations for an initial step of fundamental and basic requirements that are stated in these templates. However, in some cases these policy templates only require a change in the name of organization only. In spite, the focus needs to be on aligning business objectives to the policy, as it is considered to be one of the vital controls that governs from top to bottom (Osborne, Summitt). 2 Computer Hardware and Software Policy This policy defines the scope for interaction of physical computing components with the employees. For instance, the policy may restrict opening and inspecting a workstation for any error or no hard drive detection. Employees by no means can open the case and unplug hardware components from the system. Moreover, the policy also defines all the required software required for every employee working on different levels and grades. Moreover, installation and configuration rights against each role are also mentioned. 2.1 Ownership The first factor that must be addressed is the ownership criteria. Gold Star is responsible for recruiting or assigning an information security manager, a point of contact for communication and an alternate point of contact in case of unavailability of the primary point of contact. Employees who are assigned as the owners of the systems must organize and update the point of contact on regular basis in order to align with the information security and corporate enterprise management members or groups. Information security manager must be available all the time i.e. round the clock, either via phone or on office hours. In case of absence, alternate manager must be functional to avoid hindrance to production operations. In case of any lack of mismanagement, legal action is applicable against the employee. Moreover, Information security managers are also liable for the vital factor that is the security of the information resources of Nesux Solutions and the impact of its operations on the production functions and operations that are functional on the network and any other associated network services. However, in a situation where no specific requirements are addressed in the policy, managers must do their best for safe guarding information security of Gold Star, from security weaknesses and vulnerabilities. Information security managers are also liable for aligning security policies in compliance with Gold Star, security policies. The following policies are vital: Password policy of networking devices and hosts, wireless network security policy, Anti-Virus security policy and physical security policy. The information security manager is of the Gold Star is responsible for granting and approving access to employees requiring access for information or business purpose. Access can be either short term or long term depending on the ongoing job description or responsibilities. Moreover, information security manager will also ensure effective procedures for terminating unwanted access to the Gold Star resources. The network support staff or administration must monitor and maintain a firewall between the network that connects the production functions, processes and operations from the Gold Star network or network appliance / equipment / device. The network support staff or administration must be entitled to have full rights for interrupting network connections of the Gold Star that may impose impact or security risk on processes, functions and operation on the production network The network support and administration staff must maintain and record all the IP addresses that are operational in the Gold Star, any database associated with routing information from these IP addresses. Network access of Gold Star by departmental or external organizations to or from the network must provide a business case including justification of access with network diagrams and equipment to the information security management who will review the requirements for security issues and concerns and give approval prior to the deployment of the connection. User passwords must meet the requirements of the access management or password policy of Gold Star, password policy. Moreover, any inactive account must be deleted within 2 days from the access list and any device that involves critical and sensitive information of Gold Star, passwords of group based accounts from the group membership modules must be modified within 24 hours. The customized network of Gold Star will not facilitate third party or outsourced organization apart from network and data transmission, storage, modification, monitoring and protection. All the other departments of Gold Star will be facilitated by their respective support functions. In case of non-compliance, information security management must consider business justifications and allow waivers accordingly. 3 Acceptable Use Policy Any vulnerability detected in the Gold Star computer security must be reported to the adequate security staff. Vulnerabilities in computer systems are detected by unknown software or abnormal system behavior that may lead to accidental invasion of confidential information. Misuse Reporting processes section can be used to report any policy violation by the staff that can be related to Intranet, Extranet, Internet, and Email procedures. No user is allowed to access data, personal documents, emails and applications installed on Gold Star without documented authorization. All employees of Gold Star must not share their email passwords, Personal Identification Numbers, system passwords, server passwords with anyone. No employee of Gold Star is entitled to make copies of licensed software that is purchased by Gold Star. No employee of Gold Star is entitled to install any software on their systems without Gold Star management approval. No employee of Gold Star must involve in offensive contents or material that is used for transmitting, storing, harassing intentionally or that is not legal in terms of federal legislation. No employee of Gold Star will involve in practices that may slow down the performance of Gold Star information resources, remove authorize access to Gold Star information resources, gain approval for additional resource allocation. No employee of Gold Star will install and execute software such as packet sniffers, password cracking software or tools to reveal system vulnerabilities of Gold Star, unless approved and authorized by the Gold Star acting CISO Information resources of Gold Star are not entitled for gaining personal objectives, political movements, fund raising programs and every such activity that is prohibited by the federal legislation. Gold Star employees must provide authorized access to researchers and Gold Star employees for accessing patient information and medical records stored on Gold Star Ltd staff must not allow non-employees to access confidential patient and medical records stored on Gold Star information resources. 3.1 Network Security Policy The network traffic between different departments and the other networks for instance, Gold Star network traffic, will be transmitted via a firewall monitored and maintained by the support staff. However, in case of a wireless network transmission, connection to other networks of the organization will be prohibited. In order to configure or modify any configuration settings on the firewall, it must be reviewed and approved by the information security personnel. Tools associated with port scanning, network sniffing, auto discovery of registered / unregistered ports and other scanning tools must be prohibited within the premises of Gold Star, as they can trigger information security risks and disrupt the Gold Star network operations, or any other network that may be operational. Right to audit for all inbound and outbound activities of any department of Gold Star is applicable to the information security personnel anytime. For ensuring physical access, every employee must identify themselves via physical security controls before entering in the premises of Gold Star. Accessing mobile phones, PDA’s, smart phones, laptops and any other communication device in the parameter of Gold Star, must be according to the open area security policy. Encryption must be applicable to stored password files, VPN connections and connections to the third party service providers where applicable. 4 Legislation and Other Policy 4.1 Associated and Applicable Legislation To sidestep for any legal issues or security breaches, Gold Star will define, document and demonstrate compliance with all applicable statutory, regulatory and contractual requirements for each information system. Owners of the systems must take advice from the information security officers for all issues related to Legal and security information. Local regulations must be addressed that are applicable where data is handled, stored or protected. Likewise, legal officer of Gold Star will examine applicable laws and regulations of policies at different regions. The legal officer will consult chief information security officer for establishing required exceptions to policies and specific policies to different regions. 4.2 Intellectual Property Rights All employees at Gold Star will conform to the legal requirements of intellectual property protection along with license agreements related to copyright software. The objectives of this policy is to make employees of Gold Star aware and to make them comply with copyrights, trademarks etc. Employees of Gold Star are accountable if they not use Gold Star intellectual property with guidelines and standard procedures. In case of non-compliance, employee will face a disciplinary action, termination of employment and criminal or civil charges. 4.3 Intellectual Property Standards and Training The Chief information security officer or any role acting in this category along with system owners will develop educational and training session. 4.4 Using Software from Outside Sources Employees of Gold Star must not install or download pirated or non-licensed software on Gold Star systems. Employees of Gold Star will not download and install any software from the Internet without approval. If approval is granted, it be justified and must contribute to business objectives. 5 Enforcement If any violation of this policy is found, the matter maybe subjected to disciplinary action including termination of employment and students of the campus maybe expelled. 6 Revision History Version 1.0 7 Definition of Terms used in this policy Local regulations: applicable laws of the region where the company is located. Encryption: raw data is converted in to a coded form. VPN connections: a secure dedicated tunnel for transmitting data in encrypted form. Physical security controls: Physical controls are incorporated for adding security for human factors Registered / Unregistered ports: Also called as sockets, used for registering them for specific applications running on the network. Firewall: A security appliance used for adding baseline security for the network that allows and deny packets on the defined criteria. Federal legislation: applicable laws and regulations of the current region. Packet sniffers: Used for tracing data packets traveling through the network. Password cracking software: Used for exposing or gaining access to a password protected application. CISO: Chief Information Security Officer implements and enforce information security policies and procedures within the organization. Intranet: Application that is accessed and travels within the local network Extranet: Application that is accessed and travels within the local as well as wide area network. 8 Easy Access Matrix Resources Roles E-Mail Server Firewall Applications Information Security Officer Utilize, Configure Review logs, Ensure Compliance with policy Review violation logs, password logs, application security control review Network Administrators Utilize Install, backup, configure, utilize Utilize configure Support Staff Monitor Monitor and communicate anomalies Monitor and communicate logs 9 Passwords policy Password policy defines the complexity level and password length that must be standardized in all modules of applications. The policy also defines ‘Do’s’ and ‘Don’ts’ for setting the password. 10 Privileges policy This policy illustrates mandatory and discretionary levels of access on applications, networks and databases. 11 Email Use Policy This policy defines the attachment requirements of emails, communication via email to third parties or individuals publicly available. No company information will be shared publicly by using company email address. Moreover, users may not spread non ethical information, religious information via email within the company. 12 Network Use Policy This policy restricts and allows the user to access data, network services and applications available on the network. Users may not be able to access shared files pertaining to other departments. Likewise, if any confidential data is shared, it must not be accessible to other department employees. 13 Internet Use policy This policy defines the permitted and restricted information requested via Internet connection. However, certain department may have access to certain websites that may facilitate them, such as marketing department requires research. 14 Backup Backup of data and applications is maintained by the network administration staff of gold star. 15 Conclusion A good information security policy must demonstrate a general security mandate and intent of the management. Information security policy must be detailed to cover all the aspects that may involve risks and threats to the organization. Moreover, human risks are one of the prime factors that cannot be prevented but can be counter with awareness and training. In the creation of an initial draft of the ISPD document, we have created a comprehensive information security policy for Gold Star to address internal logical threats, external logical threats, human threats and physical threats. Every policy must be different for every organization and every department. There is a requirement of addressing risks that may gave opportunities to threats to utilize vulnerabilities and gain access to critical servers, in this case, the database which may include college papers and other confidential data. Terms used in this policy: human threats, physical threats, external and internal logical threats, 16 Part B 16.1 NMAP Step 1 IP Address: 192.168.1.2 Net Mask: 255.255.255.0 Gateway IP: 192.168.1.1 DNS: 192.168.1.1 Fully Qualified Domain Name (FQDN): None Step 2 Ping Scan.txt Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-18 00:09 Nmap scan report for 192.168.1.3Host is up (0.0080s latency).MAC Address: 00:1B:77:9A:F0:33 (Intel Corporate)Nmap done: 1 IP address (1 host up) scanned in 17.22 seconds TCPScan1.txt Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-18 00:12 NSE: Loaded 106 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 00:12Scanning 192.168.1.3 [1 port]Completed ARP Ping Scan at 00:12, 0.33s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 00:12Completed Parallel DNS resolution of 1 host. at 00:12, 16.50s elapsedInitiating SYN Stealth Scan at 00:12Scanning 192.168.1.3 [481 ports]Discovered open port 139/tcp on 192.168.1.3Discovered open port 135/tcp on 192.168.1.3Discovered open port 445/tcp on 192.168.1.3Completed SYN Stealth Scan at 00:12, 6.89s elapsed (481 total ports)Initiating Service scan at 00:12Scanning 3 services on 192.168.1.3Completed Service scan at 00:13, 6.20s elapsed (3 services on 1 host)Initiating OS detection (try #1) against 192.168.1.3NSE: Script scanning 192.168.1.3.Initiating NSE at 00:13Completed NSE at 00:13, 40.01s elapsedNmap scan report for 192.168.1.3Host is up (0.0055s latency).Not shown: 478 filtered portsPORT STATE SERVICE VERSION135/tcp open msrpc Microsoft Windows RPC139/tcp open netbios-ssn445/tcp open netbios-ssnMAC Address: 00:1B:77:9A:F0:33 (Intel Corporate)Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed portDevice type: general purposeRunning: Microsoft Windows 2008OS CPE: cpe:/o:microsoft:windows_7::sp1 cpe:/o:microsoft:windows_server_2008::sp2OS details: Microsoft Windows 7 SP1 or Windows Server 2008 SP1 - SP2Uptime guess: 53.042 days (since Sun Nov 25 23:13:10 2012)Network Distance: 1 hopTCP Sequence Prediction: Difficulty=260 (Good luck!)IP ID Sequence Generation: IncrementalService Info: OS: Windows; CPE: cpe:/o:microsoft:windowsHost script results:| nbstat: | NetBIOS name: HUDA-PC, NetBIOS user: , NetBIOS MAC: 00:1b:77:9a:f0:33 (Intel Corporate)| Names| HUDA-PC Flags: | HUDA-PC Flags: | WORKGROUP Flags: | WORKGROUP Flags: | WORKGROUP Flags: |_ \x01\x02__MSBROWSE__\x02 Flags: | smb-os-discovery: | OS: Windows 7 Professional 7600 (Windows 7 Professional 6.1)| OS CPE: cpe:/o:microsoft:windows_7::-:professional| Computer name: HUDA-PC| NetBIOS computer name: HUDA-PC| Workgroup: WORKGROUP|_ System time: 2013-01-18T00:12:51+05:00| smb-security-mode: | Account that was used for smb scripts: guest| User-level authentication| SMB Security: Challenge/response passwords supported|_ Message signing disabled (dangerous, but default)|_smbv2-enabled: Server supports SMBv2 protocolTRACEROUTEHOP RTT ADDRESS1 5.46 ms 192.168.1.3NSE: Script Post-scanning.Read data files from: C:\Program Files (x86)\NmapOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 73.52 seconds Raw packets sent: 1481 (67.002KB) | Rcvd: 27 (1.490KB) VerScan1.txt Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-18 00:36 UK Standard TimeNSE: Loaded 106 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 00:36Scanning 192.168.1.3 [1 port]Completed ARP Ping Scan at 00:36, 0.33s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 00:36Completed Parallel DNS resolution of 1 host. at 00:37, 16.50s elapsedInitiating SYN Stealth Scan at 00:37Scanning 192.168.1.3 [80 ports]Completed SYN Stealth Scan at 00:37, 2.74s elapsed (80 total ports)Initiating Service scan at 00:37Initiating OS detection (try #1) against 192.168.1.3Retrying OS detection (try #2) against 192.168.1.3NSE: Script scanning 192.168.1.3.Initiating NSE at 00:37Completed NSE at 00:37, 0.00s elapsedNmap scan report for 192.168.1.3Host is up (0.0052s latency).All 80 scanned ports on 192.168.1.3 are filteredMAC Address: 00:1B:77:9A:F0:33 (Intel Corporate)Too many fingerprints match this host to give specific OS detailsNetwork Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 5.23 ms 192.168.1.3NSE: Script Post-scanning.Read data files from: C:\Program Files (x86)\NmapOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 23.61 seconds Raw packets sent: 197 (11.784KB) | Rcvd: 5 (680B) Starting Nmap 6.25 ( http://nmap.org ) at 2013-01-18 00:38 UK Standard TimeNSE: Loaded 106 scripts for scanning.NSE: Script Pre-scanning.Initiating ARP Ping Scan at 00:38Scanning 192.168.1.3 [1 port]Completed ARP Ping Scan at 00:38, 0.34s elapsed (1 total hosts)Initiating Parallel DNS resolution of 1 host. at 00:38Completed Parallel DNS resolution of 1 host. at 00:39, 16.50s elapsedInitiating SYN Stealth Scan at 00:39Scanning 192.168.1.3 [21 ports]Completed SYN Stealth Scan at 00:39, 1.61s elapsed (21 total ports)Initiating Service scan at 00:39Initiating OS detection (try #1) against 192.168.1.3Retrying OS detection (try #2) against 192.168.1.3NSE: Script scanning 192.168.1.3.Initiating NSE at 00:39Completed NSE at 00:39, 0.00s elapsedNmap scan report for 192.168.1.3Host is up (0.0065s latency).PORT STATE SERVICE VERSION1/tcp filtered tcpmux2/tcp filtered compressnet3/tcp filtered compressnet4/tcp filtered unknown5/tcp filtered unknown6/tcp filtered unknown7/tcp filtered echo8/tcp filtered unknown9/tcp filtered discard10/tcp filtered unknown11/tcp filtered systat12/tcp filtered unknown13/tcp filtered daytime14/tcp filtered unknown15/tcp filtered netstat16/tcp filtered unknown17/tcp filtered qotd18/tcp filtered unknown19/tcp filtered chargen20/tcp filtered ftp-data21/tcp filtered ftpMAC Address: 00:1B:77:9A:F0:33 (Intel Corporate)Too many fingerprints match this host to give specific OS detailsNetwork Distance: 1 hopTRACEROUTEHOP RTT ADDRESS1 6.55 ms 192.168.1.3NSE: Script Post-scanning.Read data files from: C:\Program Files (x86)\NmapOS and Service detection performed. Please report any incorrect results at http://nmap.org/submit/ .Nmap done: 1 IP address (1 host up) scanned in 22.52 seconds Raw packets sent: 79 (6.592KB) | Rcvd: 5 (680B) 17 NESSUS The first step for executing the scan is to create new scan from the Nessus web client. After creating new scan, we have to set the parameters for the new scan i.e. scan name, scan type, and scan targets. For targeting the same machine, we will enter the system IP address on the scan targets window and click the run button. Step 1 is in Excel File Step 2 and Step 3 Signing is disabled on the remote SMB server. This can allow man-in-the-middle attacks against the SMB server. SMB Signing Disabled Synopsis Signing is disabled on the remote SMB server. Description Signing is disabled on the remote SMB server. This can allow man-in-the-middle attacks against the SMB server. Solution Enforce message signing in the host's configuration. On Windows, this is found in the Local Security Policy. On Samba, the setting is called 'server signing'. See the 'see also' links for further details. Step 4 To fix this vulnerability, SMB Signing should be enabled and possess the most updated version. 17.1 Vulnerability Details and Fixing Recommendations Server Message Block (SMB) protocol lays the foundation for Microsoft File and Print services along with various network services, for instance, remote access and administration. In order to secure man in the middle attacks from modifying SMB data packets in transition, SMB protocol as the capability to digitally sign SMB packets. Policy can be configured on the server that will determine the negotiation of SMB packets signing prior permitting further communication with the SMB client. Likewise, if this policy configuration is activated, Microsoft network server will not permit communication with network client without agreement to enable SMB packet signing. In case of unavailability of this policy configuration, SMB packet signing starts negotiating via server and the client. The default setting for this policy configuration will be: Deactivated for member servers and activated for domain controllers. The policy configuration is activated by expanding the console tree i.e. Computer Configuration ?Windows Settings ?Security Settings ?Local Policies ? Security Options . 18 References VACCA, J.R., Computer and information security handbook Amsterdam ; Morgan Kaufmann, c2009. DETMAR STRAUB, GOODMAN, S.E. and BASKERVILLE, R., 2008. Information security: policy, processes, and practices Armonk, N.Y.: M.E. Sharpe. OSBORNE, M. and SUMMITT, n.d, P.M., How to Cheat at Managing Information Security Syngress Publishing. ILVONEN, I., 2009. Information Security Policies in Small Finnish Companies. Proceedings of the European Conference on Informations Warfare & Security, , pp. 112-117. OSBORNE, M. and SUMMITT, P.M., How to Cheat at Managing Information Security Syngress Publishing. , SANS: Information Security Policy Templates. Available: http://www.sans.org/security-resources/policies/ [1/2/2012, 2012]. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Systems Security/Ethical Hacking Essay Example | Topics and Well Written Essays - 3000 words”, n.d.)
Systems Security/Ethical Hacking Essay Example | Topics and Well Written Essays - 3000 words. Retrieved from https://studentshare.org/information-technology/1403752-systems-security-ethical-hacking
(Systems Security/Ethical Hacking Essay Example | Topics and Well Written Essays - 3000 Words)
Systems Security/Ethical Hacking Essay Example | Topics and Well Written Essays - 3000 Words. https://studentshare.org/information-technology/1403752-systems-security-ethical-hacking.
“Systems Security/Ethical Hacking Essay Example | Topics and Well Written Essays - 3000 Words”, n.d. https://studentshare.org/information-technology/1403752-systems-security-ethical-hacking.
  • Cited: 0 times

CHECK THESE SAMPLES OF Information Security: Policy, Processes, and Practices

Modern Technology - Is Facebook safe from hackers

The weak default security settings of this website make things worse.... To illustrate, any person can post a malicious link or video on the wall of a Facebook user who follows default security settings.... However, some security threats limit the scope of Facebook.... Phishing is a major threat that challenges the security of Facebook accounts.... The last few decades witnessed tremendous changes in technology, specifically information technology, and this explosive technological growth entirely changed the way people across the globe communicate with each other....
4 Pages (1000 words) Essay

Issues in Information Assurance Policy

It is natural and necessary for organizations to act in its best An Information Assurance (IA) policy is one of the mechanisms that an organization could use in order to achieve this.... This paper will examine the issues in formulating such policy, including an overview of what IA is, the threats it aims to address, the ethics of developing certain rules that concerns rights issues, among other related variables.... 4) This fact underscores how an Information Assurance policy must aim its operations towards both the outsider and insider attacks of all forms....
8 Pages (2000 words) Term Paper

Research Building a World-Class Information Security Department

This area will be focused on the management of projects and resources for the information security group.... In recent years, many organizations have realized that it is illogical to adhere to individual regulations and build their security programs based on regulatory standards (Axelrod, Jennifer & Daniel Schutzer 26).... This area will be primarily focused on considering all the… I will be much easier have a single framework and customize it to individual requirements and then seal any remaining loopholes as As soon as the corporate security and risk framework has been established, it will be mapped into lower-level procedures for the implementation teams....
5 Pages (1250 words) Research Paper

Tendering Documents and Protocols

information security: Policy, Processes, and Practices.... 2010). Key features of the IT system security It should ensure that security and confidentiality is high beside not liable to any unauthorized usage. Efficient and Reliable The system should be of required standards and avail all the required details in a simple manner with no inconveniences (Dhillon, 2009, 166).... The company has plans to create a new application that can allow all is customers to access all their investment portfolio information through a secure web application (Straub, Goodman and… 42). The tendering documents will contain the following information as explained; Introduction to the tender giving a brief introduction of the tender....
3 Pages (750 words) Essay

Private and corporate information

?information security policy, processes, and practices.... information security damages can lead to significant information system destruction.... information security damages can lead to significant information system destruction.... I play my role in ensuring information security through keeping it safe in backup devices.... To improve information security I will install antivirus and antispyware software program and make sure they are up to date for the protection against any attacks....
1 Pages (250 words) Essay

Information Security: Law and Policy

information security is critical and necessary within any organization.... The aim of the The paper "information security: Law and Policy" is a worthy example of a term paper on information technology.... information security is critical and necessary within any organization.... information security in an organization involves ensuring that only people with rights to read, change, broadcast and use it have access to it.... The need for information security is to primarily protect information from any unauthorized party....
4 Pages (1000 words) Case Study

Enterprise Security Policy Plan for MEMATECH Solutions Limited

he company is encouraged to implement the security requirements according to the Enterprise information security policy at stringent agency policy according to the business and agency related regulations, directives, and laws (Tudor, 2001).... The paper "Enterprise security policy Plan for MEMATECH Solutions Limited " states that MemaTech is required to embrace the security requirements of the policy in addition to federal law, contractual obligations, and state law where the IT resources and Information assets are subject....
5 Pages (1250 words) Case Study

Vulnerability in the Communication System

The security of the internal PDF files should be a matter of concern to the management and all employees.... By not upgrading the plugins regularly, the company continued running Adobe on previous versions that have few security features (Straub, 2008).... This case study "Vulnerability in the Communication System" focuses on the problem that the system run by the organization does not have necessary checks against information stored in PDF format because the company uses Adobe Reader and the Adobe Acrobat to access PDF files....
6 Pages (1500 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us