Week 5 you decide
Week 5 You Decide
Security is an ever moving target that must be continually managed and refined to ensure appropriate confidentiality, integrity, and availability of services and systems that are critical to business, as well as the valuable data.
Waves of targeted email attacks, often called phishing, are exploiting client side vulnerabilities in commonly used programs such as Adobe PDF Quick Time, Adobe Flash, and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have access to the internet and the network.
Social engineering attacks are another concern for our company. People tend to use sites like Facebook in order to communicate with other employees, family, and friends. It is in our best interest to have strict policies constantly in place to validate the uniqueness of the user prior to a password reset being made.
Insiders have caused damage to networks being terminated or remain in a position to provide information to the outside. They can set up fake websites that look like a real product or supplier but are actually malicious sites designed to attack the computer and add malicious code to the key log, use contact lists, steal data, and other malicious purposes.
Vulnerability scanners can help determine patching policy. Once we know what vulnerabilities are exposed, we can make decisions about what can and cannot be tolerated in the network environment. Knowing our typical network behavior can highlight common activity that we might want to stop via policy or other tools. Both of these technologies provide visibility into network traffic. Network risk mapping can find vulnerable data and network device configurations and help us prioritize which issues to resolve first. Data can be based on defined nodes, directly vulnerable hosts, non-secured configuration of network equipment, and the end users most susceptible compromises.
By
Security is an ever moving target that must be continually managed and refined to ensure appropriate confidentiality, integrity, and availability of services and systems that are critical to business, as well as the valuable data.
Waves of targeted email attacks, often called phishing, are exploiting client side vulnerabilities in commonly used programs such as Adobe PDF Quick Time, Adobe Flash, and Microsoft Office. This is currently the primary initial infection vector used to compromise computers that have access to the internet and the network.
Social engineering attacks are another concern for our company. People tend to use sites like Facebook in order to communicate with other employees, family, and friends. It is in our best interest to have strict policies constantly in place to validate the uniqueness of the user prior to a password reset being made.
Insiders have caused damage to networks being terminated or remain in a position to provide information to the outside. They can set up fake websites that look like a real product or supplier but are actually malicious sites designed to attack the computer and add malicious code to the key log, use contact lists, steal data, and other malicious purposes.
Vulnerability scanners can help determine patching policy. Once we know what vulnerabilities are exposed, we can make decisions about what can and cannot be tolerated in the network environment. Knowing our typical network behavior can highlight common activity that we might want to stop via policy or other tools. Both of these technologies provide visibility into network traffic. Network risk mapping can find vulnerable data and network device configurations and help us prioritize which issues to resolve first. Data can be based on defined nodes, directly vulnerable hosts, non-secured configuration of network equipment, and the end users most susceptible compromises.
By