StudentShare
Contact Us
Sign In / Sign Up for FREE
Search
Go to advanced search...
Free

Security Recommendations After Security Breach - Assignment Example

Cite this document
Summary
As a security administrator of a major organization recently breached by a social engineer, the paper "Security Recommendations After Security Breach" presents recommendations to this company on how to improve its network security through security plans, and standard operating procedures…
Download full paper File format: .doc, available for editing
GRAB THE BEST PAPER97.7% of users find it useful
Security Recommendations After Security Breach
Read Text Preview

Extract of sample "Security Recommendations After Security Breach"

Security Recommendations for a Major Organization after Security Breached al Affiliation Security Recommendations for a MajorOrganization after Security Breached Introduction For large organizations, the attainment of security requires huge amount of time, human resources, and money. However, the huge costs involved go not mean taking chances with business network security especially given the rapidly expanding networks both commercially and government, and the developing internet economy. With these and other factors, security issue gains top priority for all companies where information technology use is inevitable. As a security administrator of a major organization recently breached by social engineer, below are the recommendations to this company on how to improve its network security through security plan, and standard operation procedures. Thesis: With network breaches being inevitable, small, medium, and large organizations must have security plans and standard operation procedures in place to prevent, detect, and respond efficiently to intrusions. Organization Should Have a Security Plan A security plan is a blueprint of the realization of safety objectives. This is a requirement for small and medium companies by also for large companies. In this case, security plan comprises of numerous elements including evaluation, situation assessment, testing, security policy, and implementation all of which work towards preventing and minimizing the possibility of harm resulting from electronic and other resources through malicious actions, accident, error, or natural disaster. For this organization, situation assessment will work well in ensuring that the appropriate network areas are well protected, the formulated security strategy and plan are comparative to the probable threat, and offer upgrading plans that comprise countermeasures for novel hazards. The scope of an effective network plan will also result to clearly understood security issues, the required security level, and potential attackers among other factors (Daya, 2009, p. 2). Since the network plan scope is limited by the form of threats it covers, often, IT related threats may have a separate IT plan is prepared using specialized knowledge. With the scope, continuous security assessment will enable the organization to determine its progress in promoting network security through the identification of what is to be defended. Often, network security assessment explores the extent to which the vulnerability of people, equipment, locations, service availability, and confidential information is minimized and recommended actions for improvement. With the network components to be defended, the next move is the determination of threats to be defended (Sighn, 2011, p. 4). A security plan categorizes the threats as physical like theft; insider like information theft or disclosure; information threat like customer lists; natural like landslide or earthquakes; and computer-oriented like malware, spam, and network intrusion. Network assessment includes risk determination and prioritization. Risk determination offers crucial information on the form of risks likely to occur and their impact while prioritization determines the risk to deal with first to manage or what can be ignored safely (Sighn, 2011, pp. 4-5). Security assessment is followed by identification of actions to take, and when to take them either as a one-off or in a continuous nature. Some actions include purchasing and installing equipment like firewalls; procedure alterations; curtailing risky activities; additional staff education; creating contingency plans; and exercises like fire drills. To achieve its goals efficiently, a network security plan must be implemented by a network security administrator who should have the right resources, time, skills and budget. The administrator will ensure that no actions are left out through mechanisms like review meetings (Daya, 2009, p. 3) and that the security plan is updated regularly to fit into organizational assets’ changes and to deal with security threats to its operations annually or in the event of change in organization operations. With an effective network plan, an organization can then design and deploy a security policy. Organization Should Have a List of Network Services Network services deal more with prevention and include prevention, discovery and response (Stewart, 2013, p. 183). Network access control or NAC service works efficiently in blocking any device not compliant with organization’s no-exception policy. This policy requires that every device connecting to company network fully complies with both the organizational policy and any existing approved updates and patches. Besides being enforced using technology, the no-exception policy must be documented. The network services to be implemented depend on organizational and technical goals. For effective network services implementation, packet filters on firewalls and routers are required or additional processes for user authentication used for restriction. Care must be taken to avoid developing a very complex security strategy since it can be self-defeating and hard to implement without resulting to unplanned security holes. Besides blocking non-compliant devices, network administrator must ensure physical control over all individual access to IT components (Stewart, 2013, p. 190). Unlike logical protection, physical security protects sensitive elements of IT infrastructure from influence, access or contact by unauthorized person. This is attainable through blocking all non-administrative users from accessing network equipment and servers. In addition, the administrator must ensure that access to client systems narrows down only to authorize personnel within any department (Stewart, 2013, p. 183). Physical security also involves resisting forceful entry through the use of facilities that deter or prevent unauthorized physical intrusion, monitoring personnel activity using physical access control through card entry thus preventing visitors from forced entry into secured areas. In addition, the network administrator must ensure that all internal network communications are encrypted using Internet Protocol Security or IPSec (Daya, 2009, p. 5). IPSec guarantees that intranet communications are secure through minimization of risks like man-in-the-middle, eavesdropping, and replay among others (Stewart, 2013, p. 185).IPSec uses both IPv4 and IPv6 techniques to promote encryption and decryption through shared keys to promote quality of service to transmissions across the network (Daya, 2009, p. 6). A common form of communication across organizational network is e-mail. Mail security should not be a privilege but a requirement to deal with multifaceted and constantly changing problems of insecurity (IBM, 2014, p. n.d). The messaging structure must be protected from both inbound and outbound threats using a combination of spam control, preemptive threat control, and intelligent management options like web-based local management interface, and sophisticated grouping management options. Network security policy covers inexhaustible security requirements to guarantee prevention from intrusions (Stewart, 2013, p. 185). Additionally, failures and bad things are bound to happen to the network including breaches at any time. As a result, the organization should have an incident and intrusion response plan which is a way of planning for the worse besides continued examination and evaluation of the real threats to company assets. An incident response plan is recommended since it defines the right procedure to deal with any security threat situation. Other preparations worth attention are a business continuity plan ad disaster plan that goes beyond network security breaches to dealing with situations that can result to business termination. References Daya, B. (2009). Network Security: History, Importance, and future. Retrieved October 2, 2014, from Massachusetts Institute of Technology. IBM. (2014). Proventia Network Mail Security System. Retrieved October 3, 2014 Sighn, B. (2011). Network Security and Management. United States: PHI Learning Pvt Ltd. Stewart, M. J. (2013). Network Security, Firewalls and VPNs. United States: Jones & Bartlett Publishers. Read More
Cite this document
  • APA
  • MLA
  • CHICAGO
(“Security Measures Paper Assignment Example | Topics and Well Written Essays - 1000 words”, n.d.)
Retrieved from https://studentshare.org/information-technology/1659033-security-measures-paper
(Security Measures Paper Assignment Example | Topics and Well Written Essays - 1000 Words)
https://studentshare.org/information-technology/1659033-security-measures-paper.
“Security Measures Paper Assignment Example | Topics and Well Written Essays - 1000 Words”, n.d. https://studentshare.org/information-technology/1659033-security-measures-paper.
  • Cited: 0 times

CHECK THESE SAMPLES OF Security Recommendations After Security Breach

TSA Airport security and the changes after 9/11

Numerous instances of security breach during this period and extended hassle caused to passengers at airports have led to statements by governing bodies that the TSA has failed to achieve its mission.... Aviation security has been a primary concern for authorities and passengers since the terrorist attack on 9/11.... The September attack raised serious questions on the viability of existing security check procedures and the outcome was the formation of TSA....
14 Pages (3500 words) Research Paper

Sustainable Development and Food Security

This paper "Sustainable Development and Food security" delves into food security as an important issue among many nations in the world.... This essay will look into food security in third-world nations.... Food security is an important issue among many nations in the world.... The main objective of choosing the subject of food security in third-world nations is because food security is at the heart of many problems....
15 Pages (3750 words) Essay

Security Management

Following attacks of 9/11 and other series of attacks and threats of attacks, security features in buildings and sites have become important.... engineers endeavor to use the best skills that ensure optimum building and site security, Information Technology is the other area that IT experts spend a lot of time and resources trying to protect organization information.... security sector of an organization is never an exception.... The executive decision makers of organizations often have the interest to know the impact of security on the bottom-line operations of the firm....
17 Pages (4250 words) Research Paper

Security Council and the crisis of the invasion of Kuwait

This paper will review the security Council and the crisis of the invasion of Kuwait, and analyze the functions of this Council in relation its task of safeguarding peace and security worldwide, and will analyze the role of SC and the measures taken by it in various armed conflicts.... A glance at the previous war records shows us that in 2002, the then US President George Bush had asked the UN security Council to review the situation in Iraq, in context of the repeated violations of the resolution....
9 Pages (2250 words) Term Paper

Physical Security Survey on Bank of Kentucky

The researcher of this essay will make an earnest attempt to provide a security survey conducted at the Bank of Kentucky, below is a report on the security situation of the facility.... The survey was conducted within the guidelines provided in the course and also the security conditions presented by the bank's management.... The bank's financial function in the local region makes it a critical security facility.... Compromising the bank's security will be a major blow to the community and the economy at large....
10 Pages (2500 words) Case Study

Analysis of Information Security of Health Record Systems

"Analysis of Information security of Health Record Systems" paper takes a look at the importance of these technologies how applicable they are in medical institutions and if there are any recommendations that should be kept to ensure security and confidentiality of a patient's records.... Patients express less concern about the threat of security of their EHR records as the benefit of clinical use of computerized systems far outweighs the security risk involved....
7 Pages (1750 words) Term Paper

Information Security in Global Communication Enterprises

The paper "Information security in Global Communication Enterprises" presents contextual research findings on the threats and risks that can affect the Smartphone of GCE's CEO.... High concerns over security, however, are linked to the recent research findings that show that GSM phones (Smartphones) are vulnerable to hacking and malware attacks, among other insecurity factors.... It is the mandate of the Information security Manager of the enterprise to research the issue and report to the CEO for the implementation of security measures....
12 Pages (3000 words) Case Study

Acer Laptop - Information Security Evaluation

The paper "Acer Laptop - Information security Evaluation" is an outstanding example of an information technology case study.... The paper "Acer Laptop - Information security Evaluation" is an outstanding example of an information technology case study.... The paper "Acer Laptop - Information security Evaluation" is an outstanding example of an information technology case study.... Many people are aware of the dangers posed by information security threats but are not aware of the ways in which they can protect themselves....
8 Pages (2000 words) Case Study
sponsored ads
We use cookies to create the best experience for you. Keep on browsing if you are OK with that, or find out how to manage cookies.
Contact Us