The Issue of Security in an Organization - Coursework Example

?First Assignment Security Policies The issue of security in an organization is something that should be treated very carefully. This is particularly because there are a lot of associated repercussions in the event that there is a lapse in a firm’s security policies. As brought out in the case example, IT systems security is seen to be something that can bring about exposure of sensitive company information and also that of some of the employees. At the same time an employee who has been terminated from the firm may feel to a greater extent disgruntled and use the information at his or her disposal very much top the detriment of the firm that has fired him or her. This is something that is very much costly as it has been seen where some clients left the company in question and went to the competing company. In relation to the above case, there is a need of reviewing some of the policies in relation to the employee access to data and the revealing of information to parties that are not associated with the firm. There are some proposed policy changes that might just go a long way in preventing a repeat of the same from happening. Some of these include: 1. Termination or revoking of whatever access tools the terminated employee might be having in relation to the company’s database. 2. Wiping away of all the log files that may be related to the employee who has left the firm. 3. Instituting rules and regulations that have legal implications in the event that there is flaunting of these rules and this is in particular regard to the sensitive nature which information may be characterized. Company records prove to be something that is rather vital for the survival of a particular firm. For this reason there has to be the devising of some policies that will bring about the safeguarding of this information. One of the policies that may be of focus in this case is the development of log files which will enable the administrator to keep track of the employee activities in the system. These files will bring to light what that particular employee has done in the system and what information he or she has accessed. In addition to this it provides tracks such that there will be evidence available when it is needed. Assignment 3 The issue of logging user activities in systems has become something that is of the essence to most organizations that are after the safeguarding of the information which they possess. In this particular case having a deeper understanding of just what logging entails will be something that is rather important in a bid to understanding the importance of the matter. These log files come up in various systems and means of access that may be there to the users of computers. Some may be in relation to the websites which these users access while others may be in relation to the information on the system which these same users access at times. The development and application of the log files will be dependent on the type of environment that the particular user is in. Some of the logfiles may be in the online environment while others are just used in the typical database. The language used in their development will also depend on the language that the environment is founded on. These may be web-based languages such as PHP and HTML while others may be reliant on the database systems such as My SQL. Some of these logging utilities come with the system upon purchase while at the same time there are those that are custom made for the purpose of meeting the specific firm requirements. Of these it is more advantageous to come up with a system that can provide the tracking and warnings or notifications in the event that the set barriers are violated. This is where developing of the logs as opposed to their purchase is of importance. What a person can create a person can also destroy. What this means is the fact that these log files can be bypassed by whoever has a critical knowledge of just how good they work. It will be particularly hard to develop a system that is completely fool proof. Question 4 There are a number of options that an organization may embrace when it comes to the choice of the tools of software to use in the course of its operations. One of these options may be to develop a system in-house, to purchase an already developed system or software or on the other hand the firm may opt to look for software that suits its functionality online. This is actually what is referred to as freeware or shareware. One major motivating reasons for the firms that use shareware is the amount of savings that can be done in the event that the shareware meets the needs of the firm. This is majorly because the softwares that are available are there free for everyone to use, manipulate and at the same time make changes. There are a variety of threats that are exhibited in the computer environment every single time. With this knowledge there have been some tools developed for the purpose of preventing or detecting some of the major potential threats. These are intrusion prevention systems and intrusion detection systems. The choice of tool depends on primary security of the data or or the costs that may be associated with the acquisition of the tools. One major characteristic that these systems possess is the fact that they are network-based. This is majorly because most forms of intrusion do take place in a networked environment. The Honeynet website is particularly important to information security experts in the sense that it provides them with insights on some of the various factors that play a significant role in a network. These include the transfer and protection of data and some of the security features that are to be implemented in a good network. There are various ways through which malicious people on the internet use to carry out their activities. These may include hacking among others. Some of the ways through which these individuals achieve their objectives include the use of attractive software or programs which may end up installing themselves on the computer and thereafter crippling the network services. There are various ways through which access to these programs may be limited. One of the major ways that this can be prevented is through the use of firewalls and other network intrusion detection programs. These may include those that carry out network behavior analysis. Any anomaly in the network information should be highlighted to the Network security manager and at the same time the users should be wary and cautious of the various ways through which network intruders and malicious people can gain access to the computer network or the computer files. Assignment 2: Security policy Introduction The main purpose of this document is to develop an IT policy framework that will be aimed at guiding the employees in their everyday engagement with the computers and the organization network. Its development is for the purpose of the I.T. infrastructure security. Glossary Information Security Officer – This is the person in charge of overseeing the security of information related to IT in the organization. Resource Owner – This is an administrative officer who is the given responsibility of managing specific information within his or her functional area. Scope The scope of this policy applies to all individuals associated with the organization and these include: staff contractors management temporary staff faculty At the same time the policy applies to all resources owned by the organization including information technology hardware and the related software: network systems access card systems other technology hardware personal computers computer integrated telephony Policy Awareness It is the primary responsibility of each and every individual in the organization to familiarize themselves with the polices that have been laid down in relation the I.T. infrastructure in the firm. At the same time there will be adequate communication of these by the organization itself. Access to Equipment It is only those individuals that have privileged access who will be allowed to access the equipment that is being used by the firm. And in this case also the provision of some credentials may be required at some levels. Access to Data Employee credentials will be of the essence when it comes to the access of certain information and at the same time this information will not be readily available to all the employees. Violations Any form of violation of the laid down rules and regulations may lead to legal ramifications not forgetting the probable sacking of the person in question. Revisions Any form of revision that is to be carried out on the policies developed should be done at the management’s discretion also bearing in mind the changes that take place in the I.T. structures and also the technology. References Boyles, Tim (2010). CCNA Security Study Guide: Exam 640-553. John Wiley and Sons. Engin Kirda; Somesh Jha; Davide Balzarotti (2009). Recent Advances in Intrusion Detection: 12th International Symposium, RAID 2009, Saint-Malo, France. Robert C. Newman (2009). Computer Security: Protecting Digital Resources. Jones & Bartlett Learning. Tipton, Harold & Krause, Micki (2007). Information Security Management Handbook. CRC Press. Vacca, John, (2010). Managing Information Security. Syngress Whitman, Michael & Mattord, Herbert (2009). Principles of Information Security. Cengage Learning EMEA. Read More