Intorduction to It Security – Assignment

Intorduction to It Security – Assignment Words: 1161

Dr. Cynthia Phillips The Oxford American Dictionary of Current English defines admonition as “to reprove. Urge. Give earnest advice to. Warn”. Understanding this how do we employ admonitions systems to information technology to make it more useful in-regards to Network and system security? Using admonition software we are attempting to create an environment that will either prevent data from being in-advertently distributed across networks.

Act as a deterrent to those trying to access the network illegally. Or warning users of the potential harm their actions may cause. In developing an IT security strategy, potential risks will need to be anticipated along with policies and procedures for the effective mitigation of these risks. There needs to be governing documentation that entails network design as well as security measures to safeguard the network from intrusion. Effective administrative procedures that ensure personnel are properly trained and continually advised of updates and/or changes to security.

Don’t waste your time!
Order your assignment!

order now

In today’s world the collection, processing, and sharing of information has reached all time highs. It is because of this that the Internet as well as “IT Networks” occasionally referred to as “Intranets” need securing to protect from potentially harmful entities. The Handbook of Information Security Management tells us that there are a number of ways to identify, analyze, and assess risk. In developing a plan to secure a network there are many areas to focus on. One of them is risk, and the potential for risks should be addressed and plans and procedures developed to mitigate such risks.

Risks can come in the form of external and internal threats. Whether of a physical, logical, or social nature , a plan that will outline the company’s approach to risks that will affect security will need to be developed. Targeting key areas of the network and developing countermeasures to provide solutions to the potential risks. Taking into consideration all the elements of risk management, identifying, analyzing, and assessment of risks using admonition can play a part in answering some of the questions that can arise. Whether those questions concern network security or data security.

A company can significantly mitigate the risk of adverse attacks to its network by developing and employing the appropriate security measures. Depending on the level of security needed, these measures should provide for monitoring of the network at all levels and be an on-going process. Reviewing the results of the monitoring will to keep systems administrators aprised of areas that may require added securing. Performing constant security tests and evaluating new and existing security components will ensure that the network will have the latest security programs in place.

One of the main goals involing risk is the prevention of an unauthorized user the ability to gain access to the network. An effective means of accomplishing this goal is with the use of security software. Determining the level of protection will be determined by the level of the anticipated risk to the network. Develop a plan to identify risks to the network and select measures to counter-act such risks. Documentation is the primary embodiment of strategy, helping to navigate the decisions by the users of the network, the administrators, and those individuals responsible for implementing network security .

Documentation can be viewed as a form of prevention, and might aslo be used as a form of deterrence. Documented policies also specify the means through which network security can be accomplished. This is not to say that an attack on the network will not occur, the purpose of the policy is to deter users the network not to commit security violations. Security procedures should work hand in hand with these policies and should provide guidance for the training of personnel. Policies can be used to outline the procedures needed to obtain and maintain employee certification.

Authorization forms can be created verifying that they have read and understood the policies. Polices should cover the enforcement of security regulations and provide guidance on the implications resulting in the event of a security infraction. Policy and procedures need to be well communicated to all users of the network, ensuring all concerned understand the policies and procedures. And lastly policies need not be all encompassing, there needs to be room for improvement all the while taking into account changes to the overall network security.

Security requires the integration of people, process, and technology, but should also include prevention, detection, and response, and all three are needed for a comprehensive and robust security framework. Within the network framework, admonition plays a key part in the prevention, detection, and response needed by system and network administrators to elude a potential threat to the network. Prevention addresses the likelihood of harm whether internal or external. Detection and response are generally used to limit damage once a security threat has occurred.

Admonition in prevention may be offset by strengths in detection and response. Security warnings and cautions in reality should deter network users from commiting acts that will endanger the network. This is not to say that these warnings will be enough to deter the user from proceeding with harmful acts. The use of admonition software may or may not be effective in preventing the act from being committed. Policies and procedures have been overlooked in the past depending the skillfulness of the user to circumvent the system. As a whole the most we can do is to provide the level of security needed to protect the network.

Ensure that we continually update our policies and procedures keeping up to date with the latest security updates. An effective training program to ensure that all users are being trained properly about the dangers to the network and what to do in the event of a potential threat, as well as setting a standard for all to comply with. Implementation of these aspects can have an enormous effect on a company’s strategy for “IT” security as a whole and should be practiced continousally. References: 1. Mark Miller’s “Computer Security: Fact Forum Framework” [http://www. caplet. com/security/taxonomy/index. tml] 2. Sean Boran’s “Overview of Corporate Information Security”, a good general discussion of overall security issues: [http://www. windowsecurity. com/whitepaper/An_Overview_of_Corporate_Information_Security_. html or http://www. boran. com/security/sp/security_space. html] 3. Effectiveness of security by admonition: a case study of security warnings in a web browser setting. Christian Seifert, Ian Welch, Peter Komisarczuk School of Mathematics, Statistics & Computer Science – Te Kura Tatau Victoria University of Wellington – Te Whare W? ananga o te ? Upoko o te Ika a M? ui {cseifert, ian. welch, peter. komisarczuk}@mcs. vuw. ac. nz October 16, 2006 [http://homepages. mcs. vuw. ac. nz/~cseifert/blog/images/seifert-security_by_admonition-draft. pdf] 4. http://transit-safety. volpe. dot. gov/Security/SecurityInitiatives/DesignConsiderations/CD/sec4. h tm 5. Krause, M. , Tipton, H. G. (2004). Handbook of Information Security. Auerbach Publishers [available at http://www. cccure. org/Documents/HISM/ewtoc. html] 6. InfoSec – Information Security Strategy Booklet http://www. ffiec. gov/ffiecinfobase/booklets/information_security/03_info_sec_strategy. htm 7.

How to cite this assignment

Choose cite format:
Intorduction to It Security - Assignment. (2018, Aug 08). Retrieved December 3, 2021, from