Preview

Security Self Assessment

Powerful Essays
Open Document
Open Document
1535 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Security Self Assessment
Security Self-Assessment Report
Hasan Almomani

Security Self-Assessment Report
Introduction
This report is a derivative of security self-assessment based on the National Institute of Standards and Technology (NIST) special publication 800-26 (SP 800-26) (Swanson). The organization being assessed is an electronics and computer manufacturer’s technical support division technical and physical controls to support the information technology security. We will refer to this organization as Tech Inc., which is a fictitious name for this company. The support facility is one of three facilities. One located in Canada, another in India, and the chief facility located within the state of Florida. It employs approximately 700 personnel. The
…show more content…
Employees answer customer’s questions and solve their software problems based on information from Expert Solution (ES), which is proprietary software that saves solutions in a database. The importance of ES is that if the employee does not have access to the database or it is corrupted, and then customer’s computer must be shipped to be repaired at a facility in California. This process cost much more than if the customer could perform the simple repair on their own, other costs are the inconvenience of the time for repair to the customer and the organization’s …show more content…
It all starts at the hiring point, where every employee’s background is checked as well as substance abuse. Then is the training period, where new employees must take thirty-day training, the training includes the usual job training but also includes security briefings, as what to do and what not to do, finally the policy is reviewed with new hires, and they must sign it to acknowledge policy. Policy is enforced all the time and there is a full investigation for any employee who violates policy and procedure, which may or may not lead to disciplinary action or dismissal from the organization.
There is not any periodic security training for employees other than the initial training at the time of hire; some employees have been working at the same facility for a year, which may indicate a problem that needs to be addressed. This lack of employee security updates might be the highest vulnerability and threat at same time I could identify.
There are periodical meetings about one every ninety days to remind employees about ethical and unethical behavior, and they are encouraged to report any illegal or unethical

You May Also Find These Documents Helpful

  • Powerful Essays

    Main Security Concerns: As a rapidly growing business that primarily utilizes IT resources for intranet company communications between and among a single home office and three satellite offices; internal network access controls and remote employee user’s access controls seem to be of primary importance. Priority number one should be hardening and the safeguarding of access and data integrity of the Oracle database servers housed as the main office in Reston, VA. And separately at the San Diego satellite office A comprehensive security policy will be developed and approved by management that will detail the specific guidelines administrators must follow when allowed admin access to company IT resources and services, and when and how those permissions should be denied or allowed. Additionally, auditing and logging of critical events should be implemented utilizing a reliable SEIM (Security Information and Event Management) system. Moreover, control of user access from remote sites via the company intranet via VPN’s and remote access via RADIUS should be strengthened and monitored for both qualitative and quantitate analysis and measuring. Cryptographic techniques will be enhanced and login and password requirements will be strengthened. Of significant importance is the company web presence and corporate access to its knowledge base portal within the company intranet. The company web presence is of vital importance to allow customers to access information concerning the company’s products and services. The knowledge portal is vital for company employees to have access to propriety information while protecting their confidentiality, integrity, and availability of the data. We will separate and hardened both the web server and the knowledge portal via…

    • 2606 Words
    • 11 Pages
    Powerful Essays
  • Powerful Essays

    IS3110 U5L1

    • 912 Words
    • 4 Pages

    One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.…

    • 912 Words
    • 4 Pages
    Powerful Essays
  • Satisfactory Essays

    Itt 255 IT255 Instructor Lab Manual LABORATORY Instructor Lab Manual IT255 Fundamentals of Information Systems Security Copyright © 2012 Jones & Bartlett Learning, LLC www.jblearning.com All Rights Reserved. Current Version Date: 12/06/2010 -1- IT255 Instructor Lab Manual LABORATORY ISS Curriculum Overview............................................................................................................................. 5 Ethics and Code of Conduct.......................................................................................................................... 6 ISS Mock IT Infrastructure ...........................................................................................................................…

    • 33056 Words
    • 133 Pages
    Satisfactory Essays
  • Good Essays

    This report gives a brief description the general security solutions planned for the safety of data and information that belongs to the organization. The outline will provide elements of a multi-layered security plan, and will indicate a general security solution for each of the seven domains of a typical IT infrastructure. Also I will describe a layer of security for each of the seven domains.…

    • 801 Words
    • 4 Pages
    Good Essays
  • Powerful Essays

    IS3550 Final Project

    • 4998 Words
    • 19 Pages

    The purpose of this paper is to develop an information security policy that defines the requirements to make our organization's computer network compliant with National Institute of Standards and Technology (NIST) Security Standards. NIST regulations and instructions were reviewed in order to develop the requirements that are stated in this policy. The source documents used can be found in the references section.…

    • 4998 Words
    • 19 Pages
    Powerful Essays
  • Good Essays

    Product lines include VPN, Firewall, Wireless LAN, Biometrics, and Access Control. Using the two sites that contain evaluated products (www.commoncriteriaportal.org or http://www.niap-ccevs.org/cc-scheme/) identify the products that will provide Sony with the optimal solution and use the Security Targets to describe the security functionality it provides, and state how this product reduces the potential risks identified in the media.…

    • 394 Words
    • 2 Pages
    Good Essays
  • Powerful Essays

    Full Assignment Unit 202

    • 2104 Words
    • 10 Pages

    A legislation is a law made by the government that dictate the general rules. The code of practice is more like how to put in to practice the legislation setting up the standards and the ethics. The work place policies are “rules” made by the employer that may be different from an employer to another but never in contrast to the legislation or the code of practice.…

    • 2104 Words
    • 10 Pages
    Powerful Essays
  • Satisfactory Essays

    NT2580

    • 1232 Words
    • 14 Pages

    ISS Information Systems Information NT2580 Introduction to Information Security © ITT Educational Services, Inc. All rights reserved. Page 5…

    • 1232 Words
    • 14 Pages
    Satisfactory Essays
  • Good Essays

    Security Assessment

    • 824 Words
    • 4 Pages

    Choose one of the Facts for Consideration sections from Ch. 3 of the text and list the page number for the section you chose. Then, complete the following table. List five threats appropriate to the environment from the section you chose. Rate the risk for each threat from 0 (low) to 10 (high). Then, list five appropriate countermeasures. Once you complete the table, write a brief explanation of the countermeasures for the two threats with the highest risk total, stating how the countermeasure reduces the risk associated with that threat.…

    • 824 Words
    • 4 Pages
    Good Essays
  • Good Essays

    References: Clifford, M. (2004). Identifying and Exploring Security Essentials. Upper Saddle River, NJ: Pearson Prentice-Hall…

    • 705 Words
    • 3 Pages
    Good Essays
  • Better Essays

    Est1 Task 1

    • 1477 Words
    • 6 Pages

    Encourage other employees to embrace code of ethics and report any knowledge of others not adhering to code of ethics. ( Any information provided to management will remain confidential , retaliation toward informant is prohibited)…

    • 1477 Words
    • 6 Pages
    Better Essays
  • Good Essays

    is hired they should be aware of the Employee Standards and Code of Conduct which requires…

    • 1023 Words
    • 5 Pages
    Good Essays
  • Satisfactory Essays

    cyp 33 1.2

    • 639 Words
    • 3 Pages

    It is important that all staff know the correct policies and procedures if they have cause for concern, finding ways to do this is updating safeguarding polices regularly and retraining staff often to ensure this. Also setting up a CAF (common assessment framework) and…

    • 639 Words
    • 3 Pages
    Satisfactory Essays
  • Good Essays

    A computer security career is a highly diverse and important position, where you could work anywhere from a College Campus to a Hospital Administration building, all the way up to the Government Agencies all over the world. With so many new businesses’ opening daily, worldwide, the job market will be forever expanding. Whenever a business’s computer system acts up it’s the job of their computer security specialist to carefully take all the required steps to identify and resolve the specific issue, combining many people into one, saving the company lots of money. These specialists have and exceptional and advanced overall knowledge of all things computer.…

    • 525 Words
    • 3 Pages
    Good Essays
  • Powerful Essays

    Security clearance for all staff – All new staff go through a strict security screening process to ensure they are of good character and do not present an obvious risk of criminality, nor are they connected to any criminal elements through family etc.…

    • 2527 Words
    • 11 Pages
    Powerful Essays