A Security Plan of the University - Essay Example

? SECURITY PLAN Introduction A security plan is process through which an individual or organization formulates policies that can be used to ensure availability security. Before coming up with a security plan a risk has to be identified, for instance a school can decide to come up with a security plan in order to protect property like computers. This report focuses on the security plan that North Carolina agricultural and state university came up with to protect the university resources especially computers in order to promote quality in computer systems and attain the universities goals. When the university decided to come up with this plan it had noticed that the quality of education was comprised due to misuse of different institutional resources. This plan was not meant for specifics but rather the whole fraternity (Maiwald & Sieglein, 2002). The plan outlined different elements that were important in ensuring its success and efficiency. Regulations on the usage of the computers were formulated. This plan was also geared towards promoting confidentiality in its operating systems. Different individuals were therefore given different responsibilities that would help in ensuring that security is promoted. Responsibility of users North Carolina agricultural and technical state university decided to share responsibilities of ensuring security. Privacy of one’s information or an organization can easily be intruded through hacking therefore, the technology department appealed to all users of computers to be vigilant and ensure that this vice is not promoted. One of the duties of account holders is to ensure that they maintain privacy by not letting others aware of their account detail. Some people do not think it is very important to keep account information secret; they therefore carelessly display information about their accounts (North Carolina Agricultural and Technical State University, 2008 ) When accessing account users were advised not to go for those that anyone can access, different methods can be applied to ensure security of one’s account. A password is vital it does not mean having a password guarantees one security. They are those accounts with complicated password that cannot be easily accessed. Try to mix different characters in a password for instance use of letters and numbers. Through this method, it will be hard for anyone with ill motives to access your account. This method cannot only be applied in a school situation but also financial institutions. Institutions can take this method so that cases of fraud can be reduced. Banks for instance, use this method when providing ATM cards to their clients; this promotes security to a client’s bank account. Phone holders use this strategy in protecting their information. When formulating this password, users were advised to use figures they can easily remember even after a long period. Remembering your password is important because, it will reduce issues like blocking of an account. Forgetting ones account can lead to great loses, for instance a student using an account for saving his documents will lose his information because he is not to access his account. In a bank situation, clients who forget their ATM pin numbers are force to apply for other cards. This leads to great delays and additional costs that would otherwise be avoided if the password were mastered. Computer users are to ensure that they do not access accounts that do not belong to them and logging off after every session is important. This will ensure that the next user will not be able to access your information. Working or accessing an account in a public place can sometimes is tricky but users are to be careful about those around them and ensure that they are not intruding their privacy. Some students can decide to access their account while in a public place like the field; they should ensure that, when doing this their privacy is guaranteed. Users were further advised to be vigilant and ensure that actions that lead to insecurity are reported to the administration. University technology resources are to be used to only perform those tasks that they were meant for. This means that if at all a computer was designed for analyzing data then it should only carry out data analysis. It helps in avoiding corruption of information, and time is observed ( McNicholas ,2007). Lack of correct use of technology resources has been encountered in most institutions; this is mainly experienced among students. Students can sometimes be naughty and decide to use computers for reasons that do not benefit the institution. It does not make sense for a student to play computer games while there fellow students are to use the same computer for research work. Computers should be frequently be upgraded by using different tools, these tools help in doing away with viruses and improving on speed. Use of spy ware is advised plus an anti virus tool. Viruses are very dangerous in any machine that stores data, because it leads to slow formatting, and in other incidences, stored data may be erased due to existence of viruses in a computer (Maiwald & Sieglein, 2002). An individual who wishes to promote security to his computer by preventing unauthorized access should consider applying firewall. Firewall has many advantages like preventing data distortion by not allowing access by unauthorized individuals. As much as firewall is an important hardware, it also has some disadvantage that can highly affect the effectiveness of a machine. If poorly handled, one will not be able to enjoy certain privileges like access to network (North Carolina Agricultural and Technical State University, 2008) Responsibilities of system/data custodians and administrators System data custodians are mainly involved in planning of security measures to be taken to protect the universities technology resources. Together with the administrators, they are required to see to it that the security plan succeeds. One way through which they can show competence in their work is by complying with the laws set by the university. One of the aims of North Carolina agricultural and technical state university is to provide quality services to the public who are mostly students. They therefore set standard that every individual has to comply with in offering quality services. System data custodians have a role in ensuring that integrity is maintained in the usage of technological resources. Technological resources have to be provided in plenty to ensure smooth running of the organization (North Carolina Agricultural and Technical State University, 2008 ) Availability of these resources boosts the good communication and storage of data for future use. Custodians should ensure resources are reliable, this means that an institution should be able to trust custodians with upgrading of different computer systems. They should see to it that computers are free from viruses that would distort information. Another role played by administrators is to ensure that all resources have enough security. Security on these resources can be promoted by formulating passwords that will help in promoting privacy in the institutions. A system custodian should be fully informed about the possibility of different threats on resources and come up with methods through which these threats can be curbed. Confidentiality of the institutions and that of data owners is vital and this is a role that is to be carried out by data custodians. Strategies that help in the process of managing an account help to see in promoting security therefore the minimum number of characters one should consider in using as a password should not be less than six. Frequent password change should be encouraged by custodians and this is done by resetting the frequency upon which users effect these changes. The advocated period was at most thirty days ( McNicholas ,2007). Data custodians and administrators were given power to either increase or reduce access to resources. They can increase on one condition, for instance, when the institution has offered certain privileges; on the other hand, reduction can be done upon termination of privileges to resource users. In case an employee seizes to work for the institution, he is not to be given a chance to access the information technology resources. On the other hand, those that choose to study and at the same time work for the institution are to be limited to certain access areas and allowed to others. Rehiring of workers is a common aspect in any organization, therefore data custodians should ensure that incase of rehire of an employee his account is active. Instead of deleting resource, access by data custodians they can disable for a period of twelve months after which will be deleted. Responsibility of data owners Data owners are mainly in charge of ensuring that integrity of data resource is maintained. Users are able to access information through their consent. Data owners are responsible for providing clarity on what a user’s needs to have in order to access information, they outline whether the user has full authorization to access information or not. Accessing of information cannot be relevant if the user does not know what values he needs to have before accessing information ( McNicholas ,2007). Data owners help in classifying data into different categories depending on its quality or what values the data inhibit. Another role of data owners is to draft different procedures that help to explain how different processes in an institution are carried out. For instance, we are able to understand how denial to access by transferred employees is carried and what qualifies one to be an authorized member while another is not. Data owners are believed to be highly skilled compared to any other members in the security plan, if they fail to perform their duties diligently this plan will not succeed. It can be realized that other aspect of data management entirely depend on this individuals. They provide training to the users on how they can protect their data (North Carolina Agricultural and Technical State University, 2008 ) Network security Network security helps in promoting reliability, of information. The university network is only to be used by members who qualify as authorized users; therefore, network security ensures that this is followed ( McNicholas ,2007). All users are given a password that other individuals do not have in ensuring that retrieval of information is successful. In protecting the universities network, network security ensure that all network devices are fully registered. Network security also ensures that vulnerability of devices is avoided. DoIT is a company that is involved in approving the quality of different types of networks, therefore before any network device is used by the university it has to be approved (North Carolina Agricultural and Technical State University, 2008). This approval helps in protection of systems from vulnerability like viruses. DoIT closely helps in review of the configuration changes. There are different systems that help in protecting the university’s network and that is intrusion detection system. Firewall is used to reduce the levels of traffic on network (Maiwald & Sieglein, 2002) Network traffic leads to great delays in accessing information it can also lead to system breakdown. Port has been availed through network security to ensure continuous communication between different computers. A report is to be taken to the change control board by network security personnel who wish to adapt port, through this report the board will decide on what measures to take depending on either affordability or accessibility. Security contact and incident response Issues arising in the security plan are to be reported to the necessary authorities, one of the authorities is Aggie Tech support. Occurrence of unusual incidences are to be reported, apart from that, in case of any violation, users and the entire fraternity of the university is at liberty to report so that necessary measures can be put in place. Common incidences can be realized in those individuals who try to hack information. Access by unauthorized individuals is another measure through which this security plan can be successful (North Carolina Agricultural and Technical State University, 2008 ). Conclusion This report has focused on the security plans that have been put in place by North Carolina agricultural and technical state university in ensuring that there goals are achieved. The plan states that every individual has a unique role to play in ensuring that the information technology resources of the university are protected. Users have to ensure that their account details remain a secret, apart from that come up with passwords that have different characters like letters and numbers. Apart from that, the password formulated should not be complicated to avoid forgetting. The administrators do have a role to place in ensuring reliability of these resources to users. Data owners help in identifying those that should and should not access data. Reference Eric Maiwald, William Sieglein, (2002) Security planning & disaster recovery, New York McGraw-Hill Prof Med/Tech press Michael McNicholas (2007) Maritime security: an introduction, Butterworth-Heinemann, Amsterdam. North Carolina Agricultural and Technical State University. (2008). Information Security Plan.29 0ctober 2011.Web. http://doit.ncat.edu/images/files/securityplan.pdf Read More