Company can ask them to complete a personal information form, allow the HR department to have a background check.
Each staff in the company should have their own profile, user name and password to access into the company operation.
IT department and manger should check each individual task.
UB already has an IT department to manage all students account access. Normally student can only access to other account if they have the other’s id and password , or someone else forgot to log-off from public computer.
How do you think the Information Security department at UB is structured?
UB should have a Service desk, who answer all enquires; IT manager, who operate the internal
system; technical team, whom write programs, database security, and fixing problems.
Termination should be one thing UB should concern about. When employee leaves organization, there are a number of security-related issues. Key is protection of all information to which employee had access. Once cleared, the former employee should be escorted for premises. Many organizations use an exit interview to remind former employee of contractual obligations and to obtain feedback.
About Me
Thursday, 5 November 2009
week 10, Section 10
When a company looking for outsourcing, they have to do lots of budgeting concern, such as if it’s worthy to hire someone and spend money and time to train them, or spend same amount of money to hire someone already been trained.
There are different benefits between contractor and sub-contractor, also another thing for the company to concern.
Just as some organizations, outsource IT operations, organizations can outsource part or all of their information security programs.
When an organization has outsourced IT services, information security should be part of the contract arrangement with the outsourcer.
Because of the complex nature of outsourcing, the bests advice is to hire the best outsourcing specialists, and then have the best attorney possible negotiate and verify the legal and technical intricacies of the outsourcing contract.
RFP is when the company sends a specific detailed proposal to its suppliers. This can show suppliers risks and benefits, and make sure it will suit both parties’ requirements.
Evaluation, before the company starting outsourcing, they have to make sure that a clear sub-contract is ready to process. Lots of company has failed to do such things, result came out with lots of refund and repair to the customers after the service has been completed.
Contract award, Manager will agree with the 3rd party after negotiation.
Exit Strategy, Contract between customer and outsourcer. A solution for when the service fail.
Company has many reasons for why they are hiring outsourcing, both internal and external problems. In almost all the service industry, WOM is the most important marketing strategy for the image of the brand. Failure will damage the brand image, and decrease the reputation of the company.
There are different benefits between contractor and sub-contractor, also another thing for the company to concern.
Just as some organizations, outsource IT operations, organizations can outsource part or all of their information security programs.
When an organization has outsourced IT services, information security should be part of the contract arrangement with the outsourcer.
Because of the complex nature of outsourcing, the bests advice is to hire the best outsourcing specialists, and then have the best attorney possible negotiate and verify the legal and technical intricacies of the outsourcing contract.
RFP is when the company sends a specific detailed proposal to its suppliers. This can show suppliers risks and benefits, and make sure it will suit both parties’ requirements.
Evaluation, before the company starting outsourcing, they have to make sure that a clear sub-contract is ready to process. Lots of company has failed to do such things, result came out with lots of refund and repair to the customers after the service has been completed.
Contract award, Manager will agree with the 3rd party after negotiation.
Exit Strategy, Contract between customer and outsourcer. A solution for when the service fail.
Company has many reasons for why they are hiring outsourcing, both internal and external problems. In almost all the service industry, WOM is the most important marketing strategy for the image of the brand. Failure will damage the brand image, and decrease the reputation of the company.
Week 9, Section 9
How safe is the data on your computer, especially if your computer is lost or stolen? If you were working for a large multinational business or government department, what measures do think might be in place to mitigate the risks of physical theft or loss?
I don’t have too much important data in my personal computer, I stored most of them in my external hard drive, which means if my computer crushed, I will not worry about losing those data.
I do have secure code in my external hard drive, in case if I lose it or someone steals it.
I am currently working in a multination business organization. They have CCTV set up behind the counter; it can view the whole office, staff s actives and clients presentation. The whole company is monitor from the head office in their IT department. Every single activates in the company can be watched. Each worker in here has their own user name and password to log into the company system, the IT department can see who does what and when.
Each branch manager has a great responsibility to manage his workers, and monitor their works. But there is still something the company needs to improve in the information security system, because of the budgeting problems, and the worthiness of the data, spending money on the insurance is a better option for increase security system.
I don’t have too much important data in my personal computer, I stored most of them in my external hard drive, which means if my computer crushed, I will not worry about losing those data.
I do have secure code in my external hard drive, in case if I lose it or someone steals it.
I am currently working in a multination business organization. They have CCTV set up behind the counter; it can view the whole office, staff s actives and clients presentation. The whole company is monitor from the head office in their IT department. Every single activates in the company can be watched. Each worker in here has their own user name and password to log into the company system, the IT department can see who does what and when.
Each branch manager has a great responsibility to manage his workers, and monitor their works. But there is still something the company needs to improve in the information security system, because of the budgeting problems, and the worthiness of the data, spending money on the insurance is a better option for increase security system.
Week 6,7,8, Section 6,7,8
1.Which architecture for deploying a firewall is most commonly used in businesses today? Why?
Screened Subnet Firewalls (with DMZ) is most commonly used in businesses today.
The dominant architecture used today, the screened subnet firewall provides a DMZ. The DMZ can be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet.
A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network:
Connections from the outside or untrusted network are routed through an external filtering router.
Connections from the outside or untrusted network are routed into—and then out of—a routing firewall to the separate network segment known as the DMZ.
Connections into the trusted internal network are allowed only from the DMZ bastion host servers.
The screened subnet is an entire network segment that performs two functions:
· It protects the DMZ systems and information from outside threats by providing a
network of intermediate security.
· It protects the internal networks by limiting how external connections can gain access to internal systems.
DMZs can also create extranets, segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
Installing internetwork connections requires using leased lines or other data channels provided by common carriers, and therefore these connections are usually permanent and secured under the requirements of a formal service agreement.
In the past, organizations provided remote connections exclusively through dial-up services like Remote Authentication Service (RAS).
Since the Internet has become more widespread in recent years, other options, such as Virtual Private Networks (VPNs), have become more popular.
3.Will biometrics involve encryption?
How are biometric technologies dependent on the use of cryptography?
Biometrics must use encryption to secure their digital data.
When user trying to log in to the system, that’s when they need cryptography.
Screened Subnet Firewalls (with DMZ) is most commonly used in businesses today.
The dominant architecture used today, the screened subnet firewall provides a DMZ. The DMZ can be a dedicated port on the firewall device linking a single bastion host, or it can be connected to a screened subnet.
A common arrangement finds the subnet firewall consisting of two or more internal bastion hosts behind a packet filtering router, with each host protecting the trusted network:
Connections from the outside or untrusted network are routed through an external filtering router.
Connections from the outside or untrusted network are routed into—and then out of—a routing firewall to the separate network segment known as the DMZ.
Connections into the trusted internal network are allowed only from the DMZ bastion host servers.
The screened subnet is an entire network segment that performs two functions:
· It protects the DMZ systems and information from outside threats by providing a
network of intermediate security.
· It protects the internal networks by limiting how external connections can gain access to internal systems.
DMZs can also create extranets, segments of the DMZ where additional authentication and authorization controls are put into place to provide services that are not available to the general public.
2.What are the reasons that VPN technology has become the dominant method for remote workers to connect to the organizational network?
Installing internetwork connections requires using leased lines or other data channels provided by common carriers, and therefore these connections are usually permanent and secured under the requirements of a formal service agreement.
In the past, organizations provided remote connections exclusively through dial-up services like Remote Authentication Service (RAS).
Since the Internet has become more widespread in recent years, other options, such as Virtual Private Networks (VPNs), have become more popular.
3.Will biometrics involve encryption?
How are biometric technologies dependent on the use of cryptography?
Biometrics must use encryption to secure their digital data.
When user trying to log in to the system, that’s when they need cryptography.
Monday, 2 November 2009
Week 6, Section 4
What is the best value that should be assessed when evaluating the worth of an information asset to the organization - replacement cost or lost income while repairing ?
Replacement cost will be the most important when a company purchases new asset, such as factory machines, which cost more than the parts.
What is the likelihood value of a vulnerability that no longer must be considered?
What is the likelihood value of a vulnerability that no longer must be considered?
Process works best when people with diverse backgrounds within organization work iteratively in a series of brainstorming sessions, this kind of workers are no longer be considered as a risk.
In what instances is baselining or benchmarking superior to cost benefit analysis?
Benchmarking – an alternative strategy to the cost benefit analysis and its attempt to place a hard dollar figure on each information asset is to approach risk management from a different angle.
Benchmarking is process of seeking out and studying practices in other organizations that one’s own organization desires to duplicate.
How can we find out what an organization's risk appetite is? Why is this important?
We must identify, examine and understand the information, and system, currently in place. In order to protect our assets, defined here as the information and the systems that use store, and transmit it, we have to understand everything about the information.
It is important because a risk management strategy calls on us to “know ourselves” by identifying classifying, and prioritizing the organization’s information assets.
Subscribe to:
Posts (Atom)