Intro to Security

In: Business and Management

Submitted By jean9
Words 3210
Pages 13
SUMMARY

EXECUTIVE SUMMARY

The Maryland Public Safety Education and Training Center is located in Sykesville, Maryland. The physical plant is generally divided into two areas on grounds totaling approx. 700 acres. The firearms Training Facility (FTF) and the Drivers Training Facility (DTF) are co-located approx. 2 miles from the Academic Center. These training areas are un-fenced, and goes through public roadway and to several residential communities; closest houses being approx. . . .25 miles. The FTF facility has staff offices, classrooms, armory, weapon cleaning area and outdoor ranges which is approx. 25 miles from the FTF.
The Academic and administrative Complex (AAC) is located on the ground of the Maryland Springfield State (Mental) hospital, and hosts approx. 400 patients. AAC has offices and classrooms, computer labs, a food preparation area and dining hall, and shops. Two residential dorms for overnight guests/students, a physical training center and it include offices, classrooms, basketball gym, weight room, and swimming pool.
PSETC has 122 staff members, including DTF, FTF, and there is currently no security for PSETC. The hours of operation are 7:30 am to 5:00 pm, Monday through Friday for all facilities and it has about 450 students daily in law enforcement and correctional training programs. 150 guests/students can stay overnight; there is a contractor who prepares food, for them. The record maintenance for all administrative reports for PSETC members, approx. 30,000 personnel.
Janitorial services for the PSETC are performed by minimum security inmates from a local correctional institution, and they work under supervision of correctional officers. INTRODUCTION

Currently, colleges, universities and training centers are among society’s most vulnerable and exploitable targets for individuals and organizations seeking to cause harm…...

Similar Documents

Intro to Information Security Notes

...Responses on port 80= a web service is running. HTTP Port 443- HTTPS To run port scans all you need is access to the LAN and/or subnet Technet.microsoft.com/en-us/security/advisory Mitigate vulnerabilities Threats are things you have to respond to effectively. Threats are controllable Risks are manageable Vulnerabilities can be mitigated All affect the CIA triad Not all threats are intentional Confidentiality, integrity, accessibility = CIA Starting on pg 161 DAC- only as secure as the individuals understanding. Access determined by owner. MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it. Non DAC- third party determines the permissions. Role based- pg 166. Access determined on the job of the user. Rule based- variation of DAC. Rules are created and access is based on the rules created. Week of 4/17/13 Starts on pg 146 Project- search SSCP CBK on the library under 24/7 Each of the 7 domains, vulnerabilities in each, security used in each to control, For lab 5--- Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp. Will need 3 machines. Student, Target, ubuntu 1 Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows. Command prompt from student to ubuntu. Try to log in. Do questions. Question 9, focus on SSH and what traffic you are......

Words: 907 - Pages: 4

Intro to Computer Security

...CSS150 – Introduction to Information Security Phase 5 Individual Project Kenneth A. Crawford Dr. Shawn P. Murray June 23, 2013 Table of Contents Phase 1 Discussion Board 2 3 Phase 1 Individual Project 5 Phase 2 Discussion Board 8 Richmond Investments: Remote Access Policy 8 Phase 2 Individual Project 11 Richmond Investments: LAN-to-WAN, Internet, and Web Surfing Acceptable Use Policy 11 Phase 3 Discussion Board: Blaster Worm 17 Phase 3 Individual Project 19 Phase 4 Individual Project: 4 Methods to Keeping Systems Secure 22 1. Keep all software up to date: 22 2. Surf the web cautiously: 22 3. Be cautious with e-mail: 22 4. Anti-Virus Software: 23 Phase 5 Individual Project: 4 Methods to Keeping Systems Secure 24 1. Firewalls: 24 2. System Backups: 24 3. Passwords: 25 4. File Sharing: 26 References 27 Phase 1 Discussion Board 2 The “Internal Use Only” (IUO) data classification includes all data and information not intended for public access. The best way to describe this classification is all company and client information that we do not want to see in a newspaper or on the internet. Some examples of this are: Client lists, Client account numbers, Human Resource files, Payroll files, E-Mails, and many others. This data classification affects all seven IT domains. The first and most important IT domain that the IUO affects is the “User Domain”. The users have to be taught general security and proper use of the......

Words: 5085 - Pages: 21

Intro to Information Security

...Into To security Project Part 1: Multi-Layered Security Plan: As part of my report, below is my outline for Richman Investments Multi-Layered Security Plan: User Domains: Since Users can access systems, applications and data depending on their roles and rights, an employee must conform to the staff manual and policies also known as the Acceptable Use Policy (AUP). The department manager or human resources manager is usually in charge of making sure that employee and in certain cases third party vendors, contractors ect sign and follow the AUP. To ensure that these threats and vulnerabilities can be avoided, a good policy would be to conduct security awareness training, update the employee manual and discuss the handbook, during performance reviews, disable internal CD drives and USB ports and enable automatic antivirus scans for inserted media drives, files, and email attachments, and lastly restrict access for users to only those systems, applications, and data needed to perform their jobs. Workstation Domains: These users configuring hardware, ensuring that all computers have the latest software revisions, security patches, and system configurations. To ensure that there are no threats with our software, enforce defined standards to ensure the integrity of user workstation and data, enable password protections on workstations for access, and auto screen lockout for inactive times, use content filtering and antivirus scanning at Internet, define......

Words: 727 - Pages: 3

Intro to Computer Security

...Name 4 Security Tips that the end user can implement. For this week`s task we have been asked to name four security tips that users can do themselves to help protect their computers. The four security tips that I have selected to discuss are; update Windows software, use strong passwords, run a virus scan on a schedule, and update virus definitions daily. Describe the goal of each security tip. Windows update should be run to make sure that your computer has the latest patches. These updates are designed to close security holes that have been found in the operating system and hopefully will help guard your computer from getting infected or hacked. Strong passwords can be very helpful in slowing down or even defeating different attack methods of compromising the user`s computer. Users should think of passwords like a lock on their door, a strong password will make a strong lock. A hacker`s software toolkit will most likely include an offline dictionary, this automated program can quickly identify simple and commonly used passwords. Running a scheduled virus scan should be done by anyone who has a computer. If the user is running AVG for their anti-virus it is pretty easy to set up a scheduled scan. The user can just right click the AVG icon in the system tray, select the tools menu > advanced settings > schedules. From here the user can set the day and time for the schedule to run. It can be set to run a scan once a week or each day. This software scans for any......

Words: 803 - Pages: 4

Intro to Info Security Project Part 1

...User Domain Risk, Threat, or Vulnerability Lack of user awareness • Conduct security awareness training display security awareness posters, insert reminders in banner greetings, and send e-mail reminders to employees. User apathy toward policies • Conduct annual security awareness training, implement acceptable use policy, update staff manual and handbook, discuss dring performance reviews. Workstation Domain Risk, Threat, or Vulnerability Unauthorized access to workstation • Enable password protection on workstations for access. Enable auto screen lockout for inactive time. Unauthorized access to systems, applications, and data • Define strict access control policies, standards, procedures, and guidelines. Implement a second-level test to verify a user’s right to gain access. Account Policies | Password, lockout, and Kerberos settings. | Local Policies | Audit, user rights, and security options. ("Security Options" consist primarily of security-relevant registry values.) | Event Log | Settings for system, application, security and directory service logs. | Restricted Groups | Policy regarding group membership. | System Services | Startup modes and access control for system services. | Registry | Access control for registry keys. | File System | Access control for folders and files. | LAN Multilayer Security * Coverage considerations for wireless LAN (WLAN) users in a branch office * Distance considerations from the closet to......

Words: 726 - Pages: 3

Intro to Information Security

...or to a common connection medium. Network connection mediums can include wires, fiber optic cables, or radio waves. 4. A LAN-TO-WAN Domain is where the IT infrastructure links to a wide area network and the Internet. In this domain: • The firewall controls, prevents, and monitors incoming and outgoing network access. It’s the firewall’s job to prevent unauthorized network access, both inside and out the network. Depending on the type of firewall, data packets sent to and from the network pass through the firewall. All this data can be checked for whether it is allowed for transfer. • There are two main types of firewalls: network firewalls and host-based firewalls. Network firewalls, such as the software-based Microsoft’s Internet Security and Acceleration (ISA) Server or the hardware-based Nortel Networks Alteon Switched Firewall System, protect the perimeter of a network by watching traffic that enters and leaves. Host-based firewalls, such as Internet Connection Firewall (ICF—included with Windows XP and Windows Server 2003), protect an individual computer regardless of the network it’s connected to. 5. Wide Area Network (WAN) DOMAIN connects remote locations. WAN services include dedicated Internet access and managed services for routers and firewalls. Networks, routers, and equipment require continuous monitoring and management to keep WAN service available. 6. Remote Access Domain connects remote users to the organization’s IT infrastructure. The scope......

Words: 363 - Pages: 2

Cmgt 400 Intro to Information Assurance & Security

...Introduction These past few years have been distinct by several malicious applications that have increasingly targeted online activities. As the number of online activities continues to grow strong, ease of Internet use and increasing use base has perfected the criminal targets. Therefore, attacks on numerous users can be achieved at a single click. The methods utilized in breaching Internet security vary. However, these methods have increasingly become complicated and sophisticated over time. With the increase in threat levels, stronger legislations are being increasingly issued to prevent further attacks. Most of these measures have been aimed at increasing the security of Internet information. Among these methods, the most prominent approach is security authentication and protection. This paper comprehensively evaluates the security authentication process. The paper also introduces security systems that help provide resistance against common attacks. Security Authentication Process Authentication is the process that has increasingly been utilized in verification of the entity or person. Therefore, this is the process utilized in determining whether something or someone is what it is declared to be (LaRoche, 2008). Authentication hence acts as part of numerous online applications. Before accessing an email account, the authentication process is incorporated in identification of the foreign program. Therefore, the most common authentication application is done through......

Words: 1123 - Pages: 5

Intro to Comuter Security 3

...Chapter 3 questions 1. Laws are rules that mandate or prohibit certain behavior. Ethics define socially acceptable behaviors. 2. Civil law comprises a wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organizational entities and people. 3. Criminal, administrative, and constitutional law. 4. National information infrastructure protection act of 1996, modified several sections of the pervious act and increased the penalties for selected crimes. 5. Security and freedom through encryption act of 1997. 6. In this context is not absolute freedom from obeservation, but rather is a more precise "state of being free from us sanctioned intrusion." 7. health insurance portability and accountability act of 1996, requires organizations to use information security mechanisms,a swell as policies and procedures. 8. Gramm-Leach-Bliley Act of 1999; requires due notice to customers, so they can request that their information not be shared with third party organizations. 9. Provides law enforcement agencies with broader latitude in order to combat terrorism-related activities. 10. No electronic theft act 11. IP is the ideas of controls over the tangible or virtual representation of those ideas. It is afforded the same protection in al the countries. The US and Europe contributed The Digital Millennium Copyright Act. 12. Enforces accountability for executives at publicly traded companies. ...

Words: 353 - Pages: 2

Cmgt 400 - Intro to Information Assurance & Security

...(Individual) - Risky Situations CMGT 400 Week 1 Assignment (Team) - Kudler Fine Foods IT Security Report -Kudler System Review CMGT 400 Week 1 Discussion Question # 1- How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. CMGT 400 Week 1 Discussion Question # 2- What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? CMGT 400 WEEK 2 CMGT 400 Week 2 Assignment (Individual) - Common Information Security Threats CMGT 400 Week 2 Assignment (Learning Team) - Kudler Fine Foods IT Security Report -Top Threats CMGT 400 Week 2 Discussion Question # 1- Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? CMGT 400 Week 2 Discussion Question # 2- Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? CMGT 400 WEEK 3 CMGT 400 Week 3 Assignment (Individual) - Disaster Securing and Protecting Information CMGT 400 Week 3 Assignment (Learning Team) - Kudler Fine Foods IT Security Report - Security Considerations CMGT 400 Week 3 Discussion Question # 1- How can a company protect data......

Words: 627 - Pages: 3

Intro to Info Security

...Multi-Layered Security Plan User Domain Risk, Threat, or Vulnerability: Lack of awareness, Apathy toward policies, Security policy violations, Personal CD’s and USB drives with photos, music and videos, Download photos, music and videos, Destruction of systems, applications, or data, Employee blackmail or extortion. Mitigation: Conduct annual security awareness training, Place employee on probation, Disable internal CD drives and USB ports, Enable content filtering. Restrict user access, Track and monitor abnormal employee behavior, Enable Intrusion detection system/Intrusion prevention system (IDS/IPS). Workstation Domain Risk, Threat, or Vulnerability: Unauthorized access to workstation, Unauthorized access to systems, applications, and data, Desktop or Laptop computer operating system software vulnerabilities, Viruses, malicious code or malware infects a workstation or laptop. Mitigation: Enable password protection, Define strict access control policies, standards, procedures and guidelines, Use workstation antivirus and malicious code policies, LAN Domain Risk, Threat, or Vulnerability: Unauthorized access to LAN, Unauthorized access to system, applications, and data, LAN server operating system/application software vulnerabilities, Rogue users on WLANs gain unauthorized access. Mitigation: Define strict access control policies, standards, procedures and guidelines, Make sure wiring closets, data centers, and computer rooms are secure. LAN to WAN Domain Risk,......

Words: 364 - Pages: 2

Intro to It Security

...TECHNOLOGY SECURITY Importance of IT Security Table of Contents Introduction .................................................................................................................................................. 2 e-commerce Trends ...................................................................................................................................... 2 Risks .............................................................................................................................................................. 4 Cost of Cybercrime........................................................................................................................................ 6 Prevention Steps ........................................................................................................................................... 7 Conclusion ................................................................................................................................................... 10 References .................................................................................................................................................. 11 1 Importance of IT Security Introduction For the business professional information technology (IT) security is of upmost importance. The reliance that companies have on information systems in conducting everyday business transactions has facilitated the need for increased security......

Words: 1863 - Pages: 8

Cmgt 400 Intro to Information Assurance & Security

...CMGT 400 Intro To Information Assurance & Security Purchase Here: http://www.homeworkprinciples.com/downloads/cmgt-400-intro-to-information-assurance-security/ CMGT 400 Week 1 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? CMGT 400 Week 1 DQ 2 How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. CMGT 400 Week 1 Kudler Fine Foods IT Security Report & Presentation-Kudler System Review, CMGT 400 Week 1-Ind. Assignment Risky Situations CMGT 400 Week 2 CMGT 400 Week 2 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? CMGT 400 Week 2 DQ 2 Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? CMGT 400 Week 2 Assignment-Kudler Fine Foods IT Security Report & Presentation-Top Threats CMGT 400 Week 2 Individual Assignment-Common Information Security Threats (1100+......

Words: 624 - Pages: 3

Cmgt 400 Intro to Info Assurance & Security

...CMGT 400 Intro to Info Assurance & Security http://www.tutoriallance.com/shop/uncategorized/cmgt-400-intro-to-info-assurance-security/ For any inquiry email us: Tutoriallance@gmail.com Visit Website For More Tutorials : http://www.tutoriallance.com/ WEEK 1 Week 1 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? Week 1 DQ 2 How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. CMGT 400 Week 1 Kudler Fine Foods IT Security Report & Presentation-Kudler System Review, CMGT 400 Week 1-Ind. Assignment Risky Situations, Week 2 Week 2 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? Week 2 DQ 2 Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? CMGT 400 Week 2 Assignment-Kudler Fine Foods IT Security Report & Presentation-Top Threats CMGT 400 Week 2 Individual......

Words: 624 - Pages: 3

Cmgt 400 Intro to Info Assurance & Security

...CMGT 400 Intro to Info Assurance & Security http://www.tutoriallance.com/shop/uncategorized/cmgt-400-intro-to-info-assurance-security/ For any inquiry email us: Tutoriallance@gmail.com Visit Website For More Tutorials : http://www.tutoriallance.com/ WEEK 1 Week 1 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. What is the mindset required to properly protect information? What role does reasoned paranoia play in the minded and how can an individual keep the proper balance between protecting information and enabling business? Week 1 DQ 2 How can information be an asset in a company? Discuss three different examples of information that should be protected by a company and not exposed. Include several examples of what management could do to protect each example. CMGT 400 Week 1 Kudler Fine Foods IT Security Report & Presentation-Kudler System Review, CMGT 400 Week 1-Ind. Assignment Risky Situations, Week 2 Week 2 DQ 1 Post a 150-200-word response to the following discussion question by clicking on Reply. Why do you think one of the methods in the Heimerl (2010) article would be the most effective way for an organization to save money? Week 2 DQ 2 Which of the threats from social networking in the Horn (2010) article also apply to other businesses? Which do not? Why do you think so? CMGT 400 Week 2 Assignment-Kudler Fine Foods IT Security Report & Presentation-Top Threats CMGT 400 Week 2 Individual......

Words: 624 - Pages: 3

Intro to System Security

...1.0 Overview Standards for network access and authentication are highly required to the company's information security. Any user accessing the company's computer systems has the ability to compromise the security of all users of the network. Appropriate Network Access and Authentication Policy decrees the chances of a security breache by requiring application authentication and access standards across the network in all locations. 2.0 Purpose The purpose of this policy is to illustrate what must be done to ensure that users connecting to the corporate network are authorized users in compliance with company standards, and are given the least amount of access required to perform their job function. 3.0 Scope The scope of this policy includes all users who have access to company provided computers or require access to the corporate network and systems. This policy applies not only to employees, but also to guests, contractors, and anyone requiring access to the corporate network. Public accesses to the company’s externally-reachable systems, such as its corporate website or public web applications, are specifically excluded from this policy. 4.0 Policy 4.1 Account Setup During initial account setup, certain checks must be performed maintain the integrity of the process. The following policies apply to account setup: • Positive ID with Human Resources • Users will be granted least amount of network access required to perform his or her job function...

Words: 937 - Pages: 4