Fundamentals of Information Systems Security

In: Computers and Technology

Submitted By csmith5111
Words 905
Pages 4
Fundamentals of Information Systems Security
CSS150-1302B-02
Phase 1 Discussion Board 2
Christopher Smith
May 22, 2013
Hello all. At this time we are going to discuss three out of the seven domains of a typical IT infrastructure. The three that have I chosen to discuss have the greatest impact on your day to day work lives. The domains with the most impact are the user domain (you), the workstation domain (your computer), and the remote access domain (work from home users).
The information within the seven domains is meant as internal use only. We at Richman Investments take the security of our, and our customer’s information very seriously. We will be discussing the three domains that are the most susceptible to attack. The human factor is the biggest variable in these domains. We will be discussing the safeguards put in place here at our firm.
The largest of the three domains we will be discussing is the user domain. As stated above this means you. Included in our yearly security awareness training is a recap of our acceptable use policy (also found in your employee handbook). The acceptable use policy mandates what you cannot do on our network. This includes not using personal devices on any wired/wireless networks within our property, and using storage devices not provided to you by the company. Any files you need to access away from the office should be stored on our secure online storage system only. As the user it is your responsibility to be diligent and keep your eyes peeled for any possible intrusion.
The workstation domain has a lot of safeguards already put in place by Richman Investments. These safeguards are for your safety and the safety of our information. Workstations have had any optical drives removed unless the user of that computer needs it in order to complete his/her tasks. The use of USB ports on the computers is for the optical mouse…...

Similar Documents

Information Systems Security

...Fundamentals of Information Systems Security 1E REVISED 38351_FMxx_ttlcp.indd 1 8/1/12 1:00 PM 38351_FMxx_ttlcp.indd 2 8/1/12 1:00 PM Contents Ethics and Code of Conduct Preface LAB #1 ix vii Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Introduction Deliverables Hands-On Steps 1 1 3 14 15 2 Learning Objectives 1 Evaluation Criteria and Rubrics LAB #1 ASSESSMENT WORKSHEET LAB #2 Perform a Vulnerability Assessment Scan Using Nessus Introduction Deliverables Hands-On Steps 19 19 21 31 32 20 Learning Objectives 19 Evaluation Criteria and Rubrics LAB #2 ASSESSMENT WORKSHEET LAB #3 Enable Windows Active Directory and User Access Controls Introduction Deliverables Hands-On Steps 35 35 37 49 50 36 Learning Objectives 35 Evaluation Criteria and Rubrics LAB #3 ASSESSMENT WORKSHEET LAB #4 Configure Group Policy Objects and Microsoft® Baseline Security Analyzer (MBSA) Introduction Deliverables Hands-On Steps 53 53 55 63 64 54 Learning Objectives 53 Evaluation Criteria and Rubrics LAB #4 ASSESSMENT WORKSHEET iii 38351_FMxx.indd iii 8/1/12 12:48 PM iv Contents LAB #5 Perform Protocol Capture and Analysis Using Wireshark and NetWitness Investigator 67 Introduction Deliverables Hands-On Steps 67 67 69 80 81 68 Learning Objectives Evaluation Criteria and Rubrics LAB #5 ASSESSMENT WORKSHEET LAB #6 Perform Business Continuity Implementation Planning Introduction Deliverables......

Words: 4584 - Pages: 19

Lab 1 Questions for Fundamentals of Information Systems Security

...Lab 1 Assessment Questions 1. Name at least five applications and tools pre-loaded on the Windows 2003 Server Target VM and identify whether that application starts as a service on the system or must be run manually? Windows Applications Loaded | Starts as Service Y/N | FileZila Server | Y | Nmap | N | WireShark | N | WinPcap | N | Tenable Network Security | N | Tftpd32-SE | N | 2. What was the DHCP allocated source IP host address for the Student VM, DHCP Server, and IP default gateway router? a. Student – 10.96.108.20 b. TargetWindows01 – 10.96.109.30 c. TargetUbunto01 – 10.96.109.36 d. TargetUbuntu02 – 10.96.109.40 3. Did the targeted IP host respond to the ICMP echo-request packet with an ICMP echo-reply packet when you initiated the “ping” command at your DOS prompt? If yes, how many ICMP echo-request packets were sent back to the IP source? e. Yes. f. 4 4. If you ping the “WindowsTarget01” VM server and the “UbuntuTarget01” VM server, which fields in the ICMP echo-request / echo-plies vary? g. The TTL on Windows was 128 while on Ubuntu the TTL was 64. 5. What is the command line syntax for running an “Intense Scan” with ZenMap on a target subnet of 172.30.0.0/24? h. Nmap –T4 –A –V –PE –PS22, 25, 80 –PA21, 23, 80, 3389 10.96.109.30 6. Name at least 5 different scans that may be performed from the ZenMap GUI and document under what circumstances you would choose to run those......

Words: 415 - Pages: 2

: Ab #1 Fundamentals of Information Systems Security

...Assessment Worksheet 15 1 Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Using Zenmap GUI (Nmap) LAb #1 – ASSESSMENT WORKSHEET Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) Course Name and Number: Fundamentals of Information Security Lab due date: Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you planned an attack on 172.30.0.0/24 where the VM server farm resides, and used the Zenmap GUI to perform an “Intense Scan” on the targeted IP subnetwork. Note: These forms have been formatted to allow you to complete the form online and save it using Adobe Reader. You may experience problems with either or both of these actions if you are using any other software program. Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. windows applicaTion loaded 1. 2. 3. 4. 5. sTarTs as service Y/n q Yes q Yes q Yes q Yes q Yes q No q No q No q No q No FileZilla Server Interface Wire Shark Net Whitness Investigator 9.0......

Words: 647 - Pages: 3

Lab 3 Questions for Fundamentals of Information Systems Security

...1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization. 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Discretionary access control lists (DACLs that we configure for privileges Security association between client and server that is a process to verify someone who they claim they are. 3. If you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents and Security Policy based control. 4. What is the mechanism on a Windows Server where you can administer granular policies and permissions on a Windows network using role-based access? Group Policy Editor. 5. What is two-factor authentication and why is it an effective access control technique? Two Factors sometimes uses three characteristics in Authentication types Knowledge, Ownership, Characteristics. 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. The security principals in the active directory domain partition. 7. Is it a good practice to include the account or user name in the password? Why or why not? It is not a good idea to......

Words: 354 - Pages: 2

Information Systems Security

...data that resides in and among computer systems must be protected against security threats that exploit vulnerabilities. Organizations must therefore impose appropriate controls to monitor for, deter and prevent security breaches. Three areas have been considered, in a typical sense, as the basic critical security requirements for data protection: confidentiality is used to assure privacy; principles of integrity assure systems are changed in accordance with authorized practices; and, availability is applied to maintain proper system functions to sustain service delivery (Dhillon, 2007, p. 19). These security requirements are represented in Figure 1, Classic Critical Security Requirements. This figure depicts the cross-domain solutions of informal controls, also known as human relationships, and formal and technical controls, which provide for organizational and physical information security controls, respectively. Two additional security requirements have recently been added that are of particular importance to networked environments because attacks now extend far beyond traditional firewall perimeters. These are authentication, which is used to assure a message actually comes from the source it claims to have originated; and, nonrepudiation, which can be applied to prevent an entity from denying performance of a particular action related to handling data, thereby assuring validity of content and origin. Figure 2, Core Data Security Set, depicts the interrelationship......

Words: 1759 - Pages: 8

Information Systems Security

...Information Systems Security Strayer University CIS 333 June 18, 2014 David Bevin Information Systems Security The scope of our assignment as an information officer at Whale Pharmaceuticals is to safeguardour daily operations which require a combination of both physical and logical access controls to protect medication and funds maintained on the premises and personally identifiable information and protected health information of our customers. The immediate supervisor has tasked us with identifying inherent risks associated with this pharmacy and establishing physical and logical access control methods that will mitigate all risks identified. There are few basic things to be cognizant of as we carry out this task. Security is easiest to define by breaking it into pieces. An information system consists of the hardware, operating system, and application software that work together to collect, process, and store data for individuals and organizations. Information systems security is the collection of activities that protect the information system and the data stored in (Kim & Solomon 2012). We should also be aware of what we are up against. Cyberspace brings new threats to people and organizations. People need to protect their privacy. Businesses and organizations are responsible for protecting both their intellectual property and any personal or private data they handle. Various laws require organizations to use security controls to protect private and......

Words: 3283 - Pages: 14

Fundamentals of Information Systems Security

...(Nmap) Course Name and Number: student Name: Instructor Name: Lab due date: Overview Hackers typically follow a five-step approach to seek out and destroy targeted hosts. The first step in performing an attack is to plan the attack by identifying the target and learning as much as possible about it. Hackers usually perform an initial reconnaissance and probing scan to identify IP hosts, open ports, and services enabled on servers and workstations. In this lab, you will explore the Virtual Security Cloud Lab (VSCL). You will learn how to access several different applications, including PuTTY and the Zenmap Graphical User Interface (GUI) for the Nmap Security Scanner application. You will use the data you uncover to plan an attack on 172.30.0.0/24 where the VM server farm resides. Lab Assessment Questions & Answers 1. Name at least five applications and tools pre-loaded on the TargetWindows01 server desktop, and identify whether that application starts as a service on the system or must be run manually. windows applicaTion loaded 1. 2. 3. 4. 5. sTarTs as service Y/n q Yes q Yes q Yes q Yes q Yes q No q No q No q No q No 2. What was the allocated source IP host address for the TargetWindows01 server, LAN Switch 1, LAN Switch 2, and the IP default gateway router? 38351_LB01_Pass2.indd 15 26/02/13 11:43 PM 16 Lab #1 | Perform Reconnaissance and Probing Using Zenmap GUI (Nmap) 3. Did the targeted IP hosts respond to the ICMP echo-request......

Words: 489 - Pages: 2

Fundamentals of Information Systems

...University of Phoenix Material Database Records and Relational Data Worksheet Complete Parts A and B of this worksheet. Cite any outside sources consistent with APA guidelines. Part A: Database Records l Answer the following patient information questions using the table provided. Refer to figure 4-10 on p. 83 of Health Information Technology and Management for assistance. 1. What patient resides in California? What is the patient number? Sofia Yakaria Pallares live in California. Her patient number is 10259. 2. Who is the provider of Sofia Yakaria Pallares? What credentials does her provider have? Sofia’s provider is Ruth Ann Raymond, her credentials are; MD. 3. What patient was seen on 11/05/2010? What is the patient’s date of birth? John Peters was seen on 11/05/2010. His date of birth is 5/25/1965. 4. What date and time did patient #1298 visit the doctor’s office? What is the patient’s name and date of birth? Lucy Ann Johnson was born on 6/12/1975. She was seen by a doctor on 06/04/2011 5. What patient lives in 1704 N. Atlantic Ave Ontario, AZ 85320? What is its encounter number? John Peters lives on 1704 N. Atlantic Ave in Ontario, AZ. His encounter number is 111218. Patient Info Table | Pat# | Last_Name | First_Name | Middle_Name | Birthdate | 10259 | Pallares | Sofia | Yakaria | 9/18/1985 | 30528 | Peters | John | | 5/25/1965 | 1298 | Johnson | Lucy | Ann | 6/12/1975 | Patient Address Table | Pat# | Address | City...

Words: 901 - Pages: 4

Maintaining Information Systems Security

...Maintaining Information Systems Security Akilah S. Huggins University Of Phoenix CMGT/400 August 11, 2014 Maintaining Information Systems Security Introduction With the growing development of information systems and networks, security is a main concern of organizations today. The fundamental objectives of information systems security are privacy, integrity, and accessibility. The foundation of organization's security lies in planning, creating and actualizing proper information systems' frameworks' security strategy that adjusts security objectives with the organization's requirements. In this paper the objective is to describe the importance of policies and standards for maintaining information systems security. Specifically, the paper include the discussion of the role employees—and others working for the organization to maintain the information systems security. Also the position paper aim to examine the different levels of security and how an organization can provide the proper level of effort to meet each information security need and how this relates to what is in an organization’s information security policy. Thesis Statement The aim and objective of the underlying paper is to analyze and evaluate the phenomena of maintaining information system security. Importance of Policies and Standards for Maintaining Information Systems Security. Information system security policies primarily address threats.......

Words: 1235 - Pages: 5

Fundamental Concept of Information System

...LECTURE 1 Fundamental Concepts of Information Systems Learning Objectives     Understand the concept of a system and how it relates to information systems Explain major components of an information system Present major types of information systems in the business world Explain how a firm can use IT to gain competitive advantages What is a system?  A system     Is a set of interrelated components With a clearly defined boundary Working together to achieve a common set of objectives By accepting inputs and producing outputs in a transformation process A computer, an organization  Example:  What is an Information System?  An organized combination of…      People Hardware and software Communication networks Data resources Policies and procedures Collects, processes, stores, and disseminates information in an organization  This system…  Information systems model Components of an IS  People Resources   End users: the people who use the IS or the information from the IS IS specialists: the people who develop and operate IS All physical devices used in information processing Machines, data media, peripherals All information processing instructions including programs and procedures System software, application software and procedures  Hardware Resources    Software Resources   Components of an IS (cont.)  Data Resources    Facts about the business......

Words: 1291 - Pages: 6

Information Systems Security Policy

... ® MICROS Systems, Inc. Enterprise Information Security Policy (MEIP) Revision 8.0 August, 2013 ________________________________________________________________________ 1 MICROS Systems, Inc. Enterprise Information Security Policy Version 8.0 Public Table of Contents Overview – Enterprise Information Security Policy/Standards: I. Information Security Policy/Standards – Preface……………....5 I.1 Purpose …………….……………………………………………...5 I.2 Security Policy Architecture ………………….………………….6 I.3 Relation to MICROS Systems, Inc. Policies……………………..6 I.4 Interpretation………………………………………………….…..7 I.5 Violations…………………………………………………….….....7 I.6 Enforcement…………………………………………….................7 I.7 Ownership………………………………………………................7 I.8 Revisions…………………………………………………………..7 II. Information Security Policy - Statement………………………..8 MICROS Enterprise Information Security Policy (MEIP): 1. Information Security Organization Policy (MEIP-001)...……....9 2. Access Management Policy (MEIP-002)…………………………10 3. Systems Security Policy (MEIP-003)...…….…………………......11 4. Network Security Policy (MEIP-004)…………………………….12 ________________________________________________________________________ 2 MICROS Systems, Inc. Enterprise Information Security Policy Version 8.0 Public 5. Application Security Policy (MEIP-005)…..………………………13 6. Data Security/Management Policy (MEIP-006)……………….14-15 7. Security Incident......

Words: 4971 - Pages: 20

Principles of Information-Systems Security

...As an Information Security Engineer for a large multi-international corporation, that has just suffered multiple security breaches that have threatened customers' trust in the fact that their confidential data and financial assets such as Credit-card information; one must implement security measures that will protect the network through a vulnerable wireless connection within the organization, while also providing a security plan that will protect against weak access-control policies within the organization. The first step of protecting against Credit-card information through a vulnerable wireless connection within the organization would be to first protect your wireless broadband from cyber-attacks, which don’t involve any costly measures. One must always remember to lock down the wireless network. By default the password for your panel is often a standard one set-up by the manufacturer (for example ‘admin’). It’s very important that you change this as soon as possible, because it would me that many hackers would already have the password for it. When picking a strong password use a case sensitive combination of alphabets and numbers, six characters and more. Also remember to make it something unique and not the same as something else like your Facebook or Twitter password. Next too consider is the fact that most routers come with a WEP or WPA key built in for good measure, and each router has a different code so there is no need to stress when it comes to this aspect.......

Words: 902 - Pages: 4

Information Systems and Security

...Information Systems are the backbone to support the management, operation and decision function of every business or organization. Information Systems (IS) are composed of hardware, software, infrastructure and trained personnel where all the information are digitally processed and be accessible for the use of authorized personnel. Let first resume Information Systems history: • In the 70’s, IS was made of mainframe computers were the data was centralized. They have fewer functions like payroll, inventory and billing process. • Then in the 80’s came the automation process where computers and peripheral devices started to be connected using Local Area Network (LAN). Also started the use of word processors and spreadsheets to automate the flow of information within departments. • In the 90’s the advance of technology brings the ability of corporation to stablish connection between branches and remote offices using Wide Area Network (WAN). Corporations started to look for systems and data integration, leaving behind stand-alone systems. • In the 2000, the introduction of the Internet expand WAN for global enterprises and business involved in supply chain and distribution between countries. Data sharing across systems was the main focus for corporations. The use of electronic mail (email) become a global standard communication between corporations. • In Current time, the advance on technology brings Wireless connectivity where new devices like tablet pc and......

Words: 764 - Pages: 4

Information Systems & Security

...Kyle A. Metcalf November 20, 2011 Information Systems and Security Table of Contents Statement of Purpose 3 Access Control Modules 3 Authentication 4 Education & Management Support 5 User Accounts & Passwords 6 Remote Access 6 Network Devices & Attack Mitigation 9 Strategy 9 Physical Security 10 Intrusion Protection 10 Data Loss Prevention 11 Malware and Device Vulnerabilities 11 Definitions 11 Dangers 12 Actions 13 Web and Email Attack Mitigation 13 References 15 Statement of Purpose The managing partners of Metcalf Law Group, LLP (MLG, LLP), a small but growing Law Firm, have hired an IT Director to address the numerous short and long-term objectives. This document outlines those objectives, risks associated with the network and solutions to mitigate those risks, and policies and procedures to create and maintain a safe and secure system environment for MLG, LLP. Firm management has requested formal policies be put in place for Remote Access. MLG’s clients, including MP3, the Firm’s largest and most important client, want to ensure that all communication that occurs from remote locations is secure. Firm management has also requested a formal policy that outlines the Firm’s network security structure. The proposal will address security zones, firewalls, intrusion detection, and any other items that will help secure the network. Firm management also wants to address the issue of spyware and virus attacks. ......

Words: 3222 - Pages: 13

Introduction to Information System Security

...design impacts the software life-cycle in that it should occur early; the design and implementation of core functionality can influence the user interface – for better or worse. Because it deals with people as well as computers, as a knowledge area HCI draws on a variety of disciplinary traditions including psychology, computer science, product design, anthropology and engineering. HC: Human Computer Interaction (4 Core-Tier1 hours, 4 Core-Tier2 hours) Core-Tier1 hours HCI: Foundations HCI: Designing Interaction HCI: Programming Interactive Systems HCI: User-cantered design & testing HCI: Design for non-Mouse interfaces HCI: Collaboration & communication HCI: Statistical Methods for HCI HCI: Human factors & security HCI: Design-oriented HCI HCI: Mixed, Augmented and Virtual Reality 4 4 Core-Tier2 hours Includes Electives N N HC/Foundations [4 Core-Tier1 hours, 0 Core-Tier2 hours] Motivation: For end-users, the interface is the system. So design in this domain must be interaction-focussed and human-centred. Students need a different repertoire of techniques to address this than is provided elsewhere in the curriculum. Topics: • • • Contexts for HCI (anything with a user interface: webpage, business applications, mobile applications, games, etc.) Processes for user-centered development: early focus on users, empirical testing, iterative design. Different measures for evaluation: utility, efficiency, learnability, user satisfaction. Strawman draft version: February......

Words: 1936 - Pages: 8

Reaction Paper to How to Run Your Small Business Without Microsoft by Carleen Hawn | Episode 2 | Watch movie