Is a document that identifies an expected level of performance. It identifies the minimum uptime or the maximum downtime. Organizations use SLAs as contracts between a service provider and a customer. An SLA can identify monetary penalties if the terms are not met. Also at the bare minimum is should be the organizational Mission. If your organization has SLAs with other organizations, these should be included in the risk management review. You should pay special attention to monetary penalties. For example, an SLA could specify a maximum downtime of four hours. After four hours, hourly penalties will start to accrue. You can relate this to the maximum acceptable outage (MAO).
2. Using the USER domain, define risks associated with users and explain what can be done to mitigate them. Are related to social engineering. Users can be conned and tricked. A social engineer tries to trick a user into giving up information or performing an unsafe action. You can try to minimize these risks by raising user awareness. Implement acceptable use policies (AUPs) to ensure users know what they should and should not be doing. Use logon banners to remind users of the AUP. Send out occasional e-mails with security tidbits to keep security in their minds. Use posters in employee areas.
3. Using the WORKSTATION domain, define risks associated within that domain and explain what can be done to reduce risks in that domain.
These are related to malware and Viruses. Users can bring malware from home on Universal Serial Bus (USB) flash disks. They can accidentally download malware from Web sites. They can also install malware from malicious e-mails. The primary protection is to ensure that you install antivirus (AV) software. Additionally, you need to update AV signatures regularly. You can’t depend on the users to keep their signatures up to date. Instead, you must take control of the process. Many AV vendors provide tools to automatically install and update AV software on workstations. You must also be sure to keep operating systems up to date. When security patches become available, they should be evaluated and deployed when needed. Many of these security patches remove vulnerabilities. Without the patch, the systems remain vulnerable.
4. List four compliance laws, regulations, or mandates and explain them.
a. GLBA This is a standard for any organization dealing with Financials like a BANK
b. HIPPA HIPAA applies to any organization that handles health information. The obvious organizations that handle health information are hospitals and doctor’s offices. However, HIPAA reaches much farther than the medical industry. Health information includes any data that relates to the health of individuals
c. SOX is a standard for any organization that deals with Trade and Exchange.
d. ERPA = Is a set standard for educational Organizations which protect children from the age of 13 an below from viewing potential disturbing images on the Internet.
5. Define risk with a formula. Explain what each variable means.
The formula for risk is as follows:
Vulnerability X Threat = RISKS
A Vulnerability can be an open port that shouldn’t be open, Which can be exploited. Furthermore Vulnerability can be software as well as Physical access to a computer or server that shouldn’t be accessible.
A Threat can be a disgruntle employee can has the capability to do harm to an IT infrastructure.
Risks is when there’s an assessment performed and that can be determined the possibility or Potential Exploitation of Vulnerability by the Potential Threat. Also risk can be rated as High, Medium, and Low.
You May Also Find These Documents Helpful
-
2. How can these strategies help minimize risk and improve quality? Provide specific examples to support your answers.…
- 407 Words
- 2 Pages
Satisfactory Essays -
The User Domain is made up of the employees that have access to the organizations equipment and network and is the weakest link in any IT infrastructure, including the one here at Richman Investments. The amount of social networking and the errors that are made by employees may end be detrimental to the network and cause data to be lost, tampered with, or stolen. The best way to avoid this would be to implement an Acceptable Use Policy (AUP). This will inform the employees what they can and cannot do with company information, resources, and equipment. Anyone that abuses the AUP will be held accountable for their actions. Employees must have their individual permissions for what they can and cannot do in order to make them accountable. It is the responsibility of the HR to check the background of each employee thoroughly and follow with regular evaluations. It is also important that security control audits are performed to secure the system against risks and threats.…
- 789 Words
- 4 Pages
Satisfactory Essays -
We will educate employees on how to properly secure information by user ID and password management training. Instructing them on how to…
- 492 Words
- 2 Pages
Satisfactory Essays -
To develop network security strategies that will ensure that the organization's network is protected from both internal and external security risks. A summary of the steps I can take to mitigate the risk in the following areas: Denial-of-Service attacks (DoS), Distributed Denial-of-Service attacks (DDoS), Masquerading and IP Spoofing, Smurf attacks, Land.c attacks, Man-in-the-Middle attacks.…
- 577 Words
- 3 Pages
Good Essays -
3. Define three of the responsibilities that an Incident Response Team would have. List them and describe the responsibilities.…
- 218 Words
- 2 Pages
Satisfactory Essays -
3. Malware Install antivirus software Theft Lock computer to desk or encrypt hard drive Network attacks Implement firewall…
- 347 Words
- 2 Pages
Satisfactory Essays -
This can be through a desktop, company laptops, tablets, or any device that connects to the network. Employees should always remember to log off their workstations to avoid unauthorized use as well as not giving out their passwords to co-workers. A good idea is to enable the screen lockout when the desktop is idle. Also block or limit user rights to download, install software, and their access to certain files on the web. This can decrease the threat of viruses, malware, and any harmful files being seen, downloaded, and installed into the system through the workstation. It is very easy for threats to spread throughout the network so it is very important to have a top shelf Anti-virus in place and enable it to scan any CD, DVD, or USB drives inserted into the…
- 501 Words
- 3 Pages
Satisfactory Essays -
3. All of the following led to an unprecedented level of IT investments in the 1990s…
- 806 Words
- 4 Pages
Satisfactory Essays -
10. The Clean Air Act requires states to work in conjunction with the federal government to develop a(n) _________ to bring air quality into compliance with national standards. (Points : 1)…
- 519 Words
- 4 Pages
Satisfactory Essays -
What would you most commonly do to reduce the potential risk from a threat/vulnerability pair?…
- 320 Words
- 2 Pages
Satisfactory Essays -
In this file of SOC 313 Week 5 Quiz you will find the next information: 1. An important consideration regarding assistive devices is that…
- 649 Words
- 3 Pages
Satisfactory Essays -
Unauthorized access to data centers, computer rooms and wiring closets, servers must be shut down occasionally for maintenance causing network downtime, data can be easily lost or corrupt and recovering critical business functions may take too long to be useful.…
- 1001 Words
- 3 Pages
Satisfactory Essays -
Out of all of the 16 arguments, I think that the first and the eleventh are the most compelling. The reason for this is because freedom of speech is important, and giving opinions would not only be helpful to certain things, but it is only fair. Another reason is that practicality and wisdom are both very good to have, and it would come in handy when it comes to voting and things such as that.…
- 332 Words
- 2 Pages
Satisfactory Essays -
Which of the following can you use to help you during the take-home essay midterm or take-home essay final?…
- 298 Words
- 3 Pages
Satisfactory Essays -
7. What must you explain to executive management when defining RTO and RPO objectives for the BIA?…
- 293 Words
- 2 Pages
Satisfactory Essays