Is3350 Discussion 1

In: Computers and Technology

Submitted By lea40ish
Words 255
Pages 2
Failing to do a risk assessment before crafting a policy, but it is a crucial step many overlook. With Web Services Security Policy Language, the policy is in place.

Having a 'one-size-fits-all' mentality. But writing a security policy that is going to work for you means more than just editing. While you might use a template or borrow from another organization's example, after your risk assessment, it is important to customize your policy for what YOUR organization needs. They have a very detailed lay out. An A, B,C if you will.
Failing to have a standard template. Have consistency for policies within your organization, policy and governance, and awareness training. There is extensive training
Having policies that only look good on paper.
Organizations that are failing to do sufficient and frequent compliance checking.
This is recommended but no time of checking
Failing to get management to buy in to the policy
Everyone needs to abide by security policy, said Cresson Wood. That includes the most high-level staff members. Again detailed policy for all
Writing policy after a system is deployed
Security needs to be part of the systems development process, according to Cresson Wood, who said he often sees patch management programs that clients have put in place that are out of date and miss the mark of what is really going on in security.
Lack of Security policy needs to be reevaluated at least once a year, perhaps even more frequently follow up
This is not written but…...

Similar Documents

Discussion 1

...Bus 302 1: Compare and contrast the theories of scientific management with that of the human relations management approach.  Scientific management is more concerned with finding the “one best way” of getting the job done. It has four steps that help to find the best way to get the work done: 1. One must first develop a science for each element of work. 2. One must scientifically select, train and teach each worker. 3. One must cooperate with the workers to ensure the work is being done. 4. One must make sure there is equal division of the work and responsibility. Human relations management is concerned with people’s needs and it recognizes that a happy employee is a productive employee. Both management styles are important and effective in their own way, but I believe that human relations management is integral to the success of a company. Employees do the work, and bring in the income for companies. If they are unhappy, it is a matter of time before the work is affected. Too many companies are treating employees as if they are machines without any emotions, and this is not good. Determine whether there is one best approach to management, or if managers should adopt a variety of management approaches. Provide your rationale. I think that managers should adopt a variety of management approaches. If someone can only think one way, they are limiting themselves. In business, it is important to be able to adapt and think in different......

Words: 464 - Pages: 2

Acct504 Wk 1 Discussion

...Week 1: Overview of Financial Statements - Discussion Accounting is a way of tracking transactions and organizing them into concise reports to be used by investors, principals of companies, or government agencies to be able to control the financial health of a company, family, or an individual. The book uses the example of a checkbook, which is apropos, as I don't know of anyone who has never "bounced" a check due to careless recording of a transaction.  Accounting involves a level of trust, that the reporting is accurate and true.  Unfortunately, trust is not enough, and it must be standardized and regulated. Accounting is a way to maximize a finite resource (capital) and allocate it in the most efficient way.   Accounting is the bookkeeping methods involved in making a financial record of business transactions. It is also the preparation of statements concerning the assets, liabilities, and operating results of a business.  Accounting is part of every day life for those who pay bills as well.  Honestly in the business community there has to be accounting in place to see where the business stands. What is GAAP?  What is the purpose of GAAP? | | | GAAP are the rules that stop accountants from manipulating numbers and formulas to represent whatever it is they want the numbers to say rather than it being an actual reflection of the company's performance. these principles are put in place to prevent the over valuation of company's and overstating of profits......

Words: 1463 - Pages: 6

Is3350 Unit 2 Assignment 1

...Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information IS3350 Unit 2 Assignment 1: Executive Summary on Veteran’s Affairs (VA) and Loss of Private Information Background On 3 May 2006, a Department of Veterans Affairs (VA) laptop was stolen from a VA data analyst’s home in Montgomery County, Maryland. In addition to the laptop, a personal external hard drive was stolen. The external hard drive contained the personal data (names, social security numbers, dates of birth, disability ratings) for 26.5 million veterans and their spouses. It should be noted that the massive data theft was only one of many that had been discovered over the course of 1.5 years. Upon discovery of the theft, the VA employee immediately notified the local police and his supervisors. His supervisors did not notify the Veterans Affairs Secretary until 16 May 2006. On 17 May 2006, the Veterans Affairs Secretary notified the FBI, who began to work with the Montgomery County police to investigate the theft. Results and Conclusions Issue 1: The VA employee had authorization to access and use the VA databases for performance of official duties. He was not, however, authorized to take it home as he had no official need to have the data at home. The private data was not properly safeguarded. He failed to password protect (at the very minimum) and encrypt it (Opfer, 2006). For this, he receives the highest honors in the idiot category. Issue 2: The response of......

Words: 796 - Pages: 4

Week 1 Discussion 1

...Networking Security Fundamentals Week 1 Question 1 "Providing Security Over Data" Please respond to the following: The CIA Triad offers three security tenets that allow data owners the framework to secure data. Considering your place of employment or your home computing environment, discuss in detail the means in which each of the three tenets are addressed to mitigate risk and enhance security in your chosen environment. In my workplace, all three security tenets are strongly enforced. Our information systems are available 99.9% of the time. We have specialists on call to support all facets of the organization, so even an unplanned outage can be mitigated by flipping to a mirror, then correcting the issue in the production environment. The integrity of the information is protected by the user account controls implemented by the data administrators, who create views and profiles for each user. Additionally, network admins restrict access to the data servers themselves. The confidentiality is also protected by the user account controls. With these in place, only authorized users are able to access or modify data. The use of mobile devices to create or access data has gained worldwide appeal and has obtained critical mass. From the e-Activity, summarize the attack and describe how you would mitigate the threat.  Mobile devices are now more alluring to attackers due to the concentration of users on a small base of operating systems. For example, prior to the launch of......

Words: 1411 - Pages: 6

Is3350

...IS3350 Unit 3 Assignment 1 Fourth Amendment The Fourth Amendment of the United States Constitution requires that no search or seizure shall be carried out unless a warrant has been issued. While that is a wonderful right to give to citizens, in reality, it is not always possible. Over the years the Supreme Court of the United States has come to that same realization and has provided several exceptions to the warrant requirement. Those exceptions are: searches with consent, frisks, plain feel/plain view, incident to arrest, automobile exceptions, exigent circumstances and open fields, abandoned property and public place exceptions. Under the searches with consent exception, individuals, "with the authority to do so," can consent to be searched without a warrant and, likewise, can revoke that right at any time. In order for an individual to be searched, he or she must give consent. "Consent to search any property must be given by the actual owner or, by a person in charge of that property". If, for instance, more than one person owns a property, only one of those individuals must give consent. Because automobiles are mobile, it is reasonable to assume that they would qualify as an exception to the warrant clause of the Fourth Amendment. Under this particular exception, an automobile may be search "if a government agent has probable cause to believe the vehicle contains contraband or evidence of a crime without a warrant" because "in the time it would take to get a......

Words: 370 - Pages: 2

Is3350

...Larry Brown IS3350 Unit 9 Assignment 1 24 May 2914 Risk Mitigantion The most effective risk management practices used by project management in the public and private sectors. The methods described here are appropriate for public- and private-sector project owners’ representatives, including senior managers, program managers, project directors, and project managers. The primary objective of this report is to provide DOE project directors with a basic understanding of both the risk management role of an owner’s representative member of a project management team and the knowledge needed for effective oversight of risk management activities that are delegated to contractors. The report also discusses the roles and responsibilities of senior managers and program managers in developing risk consciousness among all owner, contractor, and supplier personnel by educating them about the importance of explicit consideration of risks and the implementation of an effective risk management process. This document is not intended as a rigid process to be followed for all projects but as a guide for all project stakeholders to ensure that project risks are adequately addressed. Identification and analysis of project risks are required for effective risk management. One cannot manage risks if one does not characterize them to know what they are, how likely they are, and what their impact might be. But project risk management is not limited to the identification and aggregation......

Words: 310 - Pages: 2

Discussion 1

...* From a management perspective, analyze the overall industry requirements and major organizational challenges of forming a sound information security program, and ascertain the fundamental manner in which regulations and compliancy may factor into the challenges in question. * From the e-Activity, compare and contrast quantitative, qualitative, and hybrid risk assessment methodologies overall. Give one (1) example of when you would use each of the methods over the others. Justify your response. In my opinion, from a management perspective, in order for an organization to implement a sound information security program after analyzing the company in its entirety, the attention must focused on the key components that influences the operations of systems and the behavior of the employees. The requirements needed to produce a solid security program would need to address “Security Controls, Confidentiality Integrity Availability (CIA), Defense in Depth, Single Points of Failure, Fail Open Fail Closed Fail Soft, and Privacy” (Gregory, 2010). With these systems implemented correctly, the results would provide a more secure and efficient security management system within the organization. In regards to challenges, organizations whether small or large businesses face compliance challenges with regulations concerning IT security. Keeping up with regulations presents many challenges to organizations because of the ever evolving IT vulnerabilities and threats that continue to......

Words: 586 - Pages: 3

Discussion 1 Week8

...* Discussion 1: “ Motivation, Personality, and Emotion.” Students will respond to the following:   Discuss how could Maslow’s motive hierarchy be used to develop marketing strategy for the following; pick two (2): a. Redkin shampoo b. Dasani bottle water-Physiological c. Blackberry d. Crest Whitestrips e. Chili’s Bar and Grill f. American Bird Conservancy   Give an example of how marketers create need and demand. Discuss the ethical issues that are relevant. Explain your reasoning.   Describe how motivational conflict might arise in purchasing, patronizing, or giving to the following; pick two (2):   a. Greenpeace  b. Pruis c. Wal-mart d. Taco Bell restaurant e. Red Bull energy drink f. Home security system   * Week 5 Discussion 2 Discussion 2: “ Consumer Insight 11-1.” Students will respond to the following:   Discuss how discounting by consumers is related to marketer’s use of the cognitive attitude change strategy of “shifting importance.”< /span>   Give examples of situations where loyal customers might be converted by competing brands.   Discuss how this insight is related to the difficulty marketers have when trying to get consumers to stop engaging in behaviors that are dangerous for them, such as the use of illegal drugs. * Imagine yourself as a small-business owner with 10 employees. Create a one (1) paragraph memo explaining the training, evaluation, our compensation, and benefits policy of your company. We are......

Words: 353 - Pages: 2

Discussion 1

...1. What is your main take-away from this article? What did you learn the most? After reading the article by Simona Covel, my main take-away was that business owners and future entrepreneurs should always research and understand all possible business structures prior to starting a business. The example of Susan Hartzler illustrated the ideas mentioned in my main take-away. Susan Hartzler “did not know to ask” an advisor about how to set up a business structure that best suits her needs and therefore lost personal assets when she faced bankruptcy (Covel 1). The actions of Susan show how important it is to recognize that each business structure has its risks and how important it is as a business owner to comprehend these in order to protect oneself from losing any personal assets. Prior to reading the article, I believed that a Limited Liability Corporation was a type of structure that prevented the loss of personal assets in bankruptcy. However, after reading the article and being informed about Mr. Tardiff and Ms. Watson-Tardiff’s case, I learned the most about limited liability corporations because it went against my original understanding of this type of business structure. I did not realize that, despite a business being an LLC, banks require the guarantee of a personal asset like a car or home in order for a business owner to get money to run or start their business. I believed a loan under the name of the business did not require such a guarantee from the business......

Words: 964 - Pages: 4

Discussion 1

... Discussion 1 Clean drinking water is the basis of life for humans. Humans have a right to clean drinking water (clean meaning free from bacteria, as well as metal and toxic contamination). Animals have a right to safe drinking water as well. When considering water as a resource, it has direct value through utilitarian use. Today more than ever, we not only value clean water as a necessity to sustain life, but there is also quite a market in the selling of water; water for irrigation, human consumption, as well as livestock consumption. Since water is a flow resource, it is affected by activities that have nothing to do with it. For example, a small feedlot may be on top of a hill, when the livestock waste runs to lower ground, it runs in the nearby canal, which then empties into the creek will affect neighboring water tables. This can contaminate the drinking water in the wells. The Federal government has imposed regulations of waste water through the Department of Environment Quality. Early in our history, America was quite delinquent with our management of waste. Perhaps the land seemed vast and lack of scientific knowledge led to poor waste management. Because of these practices, many drinking water sources were contaminated with harmful toxins. The Love Canal was a catalyst that got the federal government involved. “Though the federal government had established a long history of oversight of water resources…it was not until 1965 that the federal government finally put......

Words: 966 - Pages: 4

Is3350 Unit 9 Assignment 1

...IS3350 Unit 9 Assignment 2/17/16 These are the most effective risk management practices used by project management in the public and private sectors. The methods described here are appropriate for public- and private-sector project owners’ representatives, including senior managers, program managers, project directors, and project managers. The primary objective of this report is to provide DOE project directors with a basic understanding of both the risk management role of an owner’s representative member of a project management team and the knowledge needed for effective oversight of risk management activities that are delegated to contractors. The report also discusses the roles and responsibilities of senior managers and program managers in developing risk consciousness among all owner, contractor, and supplier personnel by educating them about the importance of explicit consideration of risks and the implementation of an effective risk management process. This document is not intended as a rigid process to be followed for all projects but as a guide for all project stakeholders to ensure that project risks are adequately addressed. Identification and analysis of project risks are required for effective risk management. One cannot manage risks if one does not characterize them to know what they are, how likely they are, and what their impact might be. But project risk management is not limited to the identification and aggregation of risks, and it cannot...

Words: 260 - Pages: 2

Discussion 1

...can buy depends on those inflation rates. This determines how much is able to be purchased. For instance someone knows that their security will buy them $4,000 in a year but because inflation is low they might be able to purchase more and if inflation is high they might not be able to purchase as much. After determining all of the risks, the investors have to make careful decisions on what securities to purchase. They must understand if these risks are worth taking or not. It is difficult determining risks. The most common way investor’s measure risk is through the standard deviation. This helps determine what the best outcome might be. Investors can also better prepare themselves for anything that may go wrong. The four steps include: 1. Calculating differences of the return versus the expected return. 2. In using mathematics the next step is squaring the difference. 3. The differences which are squared then have to be multiplied by the probability in which the return incurs. 4. These numbers are then added which gives a possible return. 5. Take the number from step four and apply the square root. 8. 9. What is liquidity, and why do investors care about it? Liquidity is being able to promptly turn any asset into cash. Liquidity is able to purchase or sell security and it does not affect the price of the asset. In speaking about investing, the liquidity is essentially how effortless it is to buy and sell. The asset that is most liquid is cash.......

Words: 913 - Pages: 4

Discussion 1

...1. I chose the Family and Medical Leave Act of 1993. The Family and Medical Leave Act provides unpaid leave of absence for situations regarding the birth, adoption or fostering a employees child and for serious health condition for immediate family members including employee’s own health condition. The duration required to be provided is 12 weeks of unpaid leave. What the Family and Medical Leave Act does is protect your current job position and continues to provide health coverage during the absence. To qualify, an employee must have worked at least 12 months prior to the start of the Family and Medical Leave. According to a 2007 Society of Human Resource Management survey report on Family and Medical Leave Act and Its Impact on Organizations “it may create job disruptions and adverse effects on the workplace in terms of additional costs and a loss of productivity”. Its common that other employees assume the duties while the employee is out on leave creating a burden of additional work. 2. Unemployment Insurance and how it influences staffing. Unemployment Insurance was developed in an effort to prevent unemployment and reduce and eliminate poverty. Some say this system will never work like it was developed. According to a national center for policy analysis Using Staffing Companies to Reduce Unemployment policy report by William B. Conerly “unemployment insurance discourages job search efforts” therefore influences how eager people are to aggressively search for......

Words: 291 - Pages: 2

Is418: Week 1 Discussion 1

...With the given situation that has been presented in this week’s discussion, the first thing you will want to look at is the placement of the initial server(s). If the server is going to be placed within the bank itself, as the LAN is presently, what kind of physical security will be used? Limiting unauthorized access to this data and information stored on these servers is very important as the risk of PII and Bank proprietary information being used is protected constantly. How will the server be accessed and who will be monitoring the access to the designated server. The next thing to take a look at will be what kind of operating system will be run on the server and what levels of security are available in the server OS to ensure security of the designated servers for the application. Next item that needs to be addressed is the understanding of the network topology, since we are going to be working with an application that gives access to information that is not for general viewing. Placement of the servers and minimizing the Public side of the application network (the internet) is another security concern, this means not placing the complete database outside of the intranet and in direct contact with the internet. Placement of servers in a DMZ that limits information that is available to the public side will greatly improve the protection of PII and keeping the security of PII, Proprietary information, and other sensitive information secure. Finally, hacking is......

Words: 420 - Pages: 2

Discussion 1

...! 1! ! ! “Green!Technology:!!Think!Globally,!Act!Locally”! Remarks!at!the!Green!Innovation!Forum!in!Tokyo,!Japan! “Promotion!of!Green!and!Global!Innovation”! October!12,!2010! ! Ohayo!gozaimasu!! I!consider!it!a!great!honor!to!be!invited!to!speak!at!this!30 th !Anniversary!Forum!of!NEDO! focused!on!the!promotion!of!green!and!global!innovation.!!The!aims!of!NEDO!to!promote!new! energy!and!energy!conservation!technologies,!while!developing!and!disseminating!technologies! that!protect!the!environment,!are!important!contributions!to!the!world.!!!! ! They!recognize!an!important!factor:!that!energy!and!environmental!sustainability!interact!as! complex!coupled!systems.!!One!cannot!achieve!sustainable!energy!without!assuring!a! sustainable!environment.!!Likewise!one!cannot!achieve!either!one!without!assuring!a! sustainable!economy.!!To!achieve!any!of!these!aims!requires!educating!our!youth!and!the! public!at!large!on!the!importance!of!conserving!energy!and!mitigating!climate!change.!!I!believe! that!NEDO!is!providing!great!leadership!in!promoting!these!aims!not!only!in!Japan!but!also! throughout!the!world.! ! The!three!approaches!employed!by!NEDO;!namely,!joint!implementation!(JI),!clean! development!mechanisms!(CDM),!and!emissions!trading!(ET)!are!providing!valuable!assistance! to!countries!throughout!Asia!and!elsewhere!in!the!world!to!realize!the!potential!of!green! technology!and!the!meaning!of!good!stewardship.!Through!these!initiatives,!Japan!has!beco......

Words: 1751 - Pages: 8