Importance of Security Planning
Importance of Security Plans
William Kepke
DeVry University
SEC 440
10 / 08 / 12
There are several possible threats that can affect the integrity of any organizational network. Many of these threats can come internally from the users of the system. Internal attacks can be intentional, accidental, or simple human error. Some examples of accidental infection can come from a user opening an email containing a virus, installing new software, altering desktop configuration, visiting precarious web sites, leaving the area of their desktop without logging out of their account, or simply losing or leaving their personal wireless device unattended. Organizations should have specific policies covering each of these topics defined within their security plan document. Also, standard operating procedures should be available for technicians to follow whether performing day to day tasks, or responding to an incident. It is a fact that emails are commonly used to perform what is known as social engineering. According to Dictionary.com, the aim of social engineering is to trick people into revealing passwords or other information that compromises a target systems security. Because of this fact, organizations must create a user policy strictly dedicated to email use conducted within their network. Employees must understand that any communication created through email should follow the same considerations as correspondence containing an official corporate letterhead. It must also be made aware that any email composed and sent through an organizational email server falls under the responsibility of the company. This means that the company may be held liable for the actions and contents of the email. Although emails follow many of the same rules as postal mail, voice mail, or faxes, there are some significant differences which must be considered regarding the security of information. The route that an email takes can be somewhat unpredictable, meaning that it
William Kepke
DeVry University
SEC 440
10 / 08 / 12
There are several possible threats that can affect the integrity of any organizational network. Many of these threats can come internally from the users of the system. Internal attacks can be intentional, accidental, or simple human error. Some examples of accidental infection can come from a user opening an email containing a virus, installing new software, altering desktop configuration, visiting precarious web sites, leaving the area of their desktop without logging out of their account, or simply losing or leaving their personal wireless device unattended. Organizations should have specific policies covering each of these topics defined within their security plan document. Also, standard operating procedures should be available for technicians to follow whether performing day to day tasks, or responding to an incident. It is a fact that emails are commonly used to perform what is known as social engineering. According to Dictionary.com, the aim of social engineering is to trick people into revealing passwords or other information that compromises a target systems security. Because of this fact, organizations must create a user policy strictly dedicated to email use conducted within their network. Employees must understand that any communication created through email should follow the same considerations as correspondence containing an official corporate letterhead. It must also be made aware that any email composed and sent through an organizational email server falls under the responsibility of the company. This means that the company may be held liable for the actions and contents of the email. Although emails follow many of the same rules as postal mail, voice mail, or faxes, there are some significant differences which must be considered regarding the security of information. The route that an email takes can be somewhat unpredictable, meaning that it
References: Easttom, C. (2006). Network defense and countermeasures: principles and practices. Upper Saddle River, NJ: Pearson Prentice Hall. Greene, S. S. (2006). Security policies and procedures: principles and practices. Upper Saddle River, NJ: Pearson Prentice Hall. Social Engineering. Retrieved October 5, 2012, from http://dictionary.reference.com/browse/social+engineering?s=t