Free Essay

Information Security Project

In: Computers and Technology

Submitted By msjuicyfruit
Words 625
Pages 3
Information Security Project
This assignment is designed to help you understand how an incident response plan is put into place. In an IT environment, it is typical for multiple members of the IT Department to be part of the planning and response efforts for many security incidents. Because of this, it will be helpful that you understand how the process works. Please be sure that your response to the incident make sense and are developed by your own research on how to respond to the incident. Details on what should be included in the Incident Response Plan are below. For the deliverable, use Calibri font, Size 14. This should be in your own words. Plagiarism goes against school policy and will result in a zero for the assignment. Please note that this is 21% of your grade for the class; take the time to be detailed and I expect questions from you about it. After all, this project is all about you learning how the process works.
Phase 1: Week 5
Step 1: Choose an incident type to create a response plan with. I’ve supplied a list for you below.
Step 2: Find supporting materials on how to respond to the incident. You should be able to use a common search engine and find this.
Phase 2
Step 3: Develop a summary of the incident that occurred; recommended 1-2 paragraphs; can be brief. If you can find an incident online that matches your project choice, you can use this summary. Make up a business name of the company that you work for. The sky is the limit in terms of what business type and name you use. Please be sure that, if your incident is one you’ve researched online, that you use a different business name than you’ve found. Step 4: Develop a detailed response plan on how to respond to the incident type. Your incident response plan should have at least 10-15 steps to it. The following should be included: 1. What departments and important individuals are involved in the response? Be sure to clearly state this before the steps in the response procedures. 2. What initial steps are taken as soon as the security incident is discovered. Should the computer, server, or device be immediately shut down… or left running? 3. What departments will be involved? IT Department? Management? 4. Who all should be notified? What departments, what members of management, customers, regulators? Specifically, who method of communication will be used to notify? 5. Was information compromised? If so, customers/patients will have to be notified. Note: These are not preventative measures and projects to take on before or after the incident. This is a “What do I do immediately?” type of scenario. Incident Response Choices 1. Corporate Account Takeover 2. Phishing, Vishing, or Smshing Attack on Customers (choose one) 3. Spear Phishing Attack on Employee(s) 4. Trojan Horse Virus/Keylogger Attack on Workstation/Server 5. Advanced Persistent Threat 6. Distributed Denial-of-Service Attack (DDoS) 7. Denial-of-Service (DoS) Attack 8. Company Laptop Stolen Containing 200 Customer/Patient Social Security Numbers 9. Former IT Staff Remotely Accesses Systems with “Admin” Password 10. Network Breach Detected By IDS (IDS NOT IPS) 11. Network Breach Detected by IPS, Router Password to One Business Location Compromised; Vulnerability Scan Ran Afterward Says Password Was Factory Default 12. Network Administrator Leaves After Heated Dispute with Management Grading Rubric Summary 15 points Are all departments involved clearly identified? 15 points Who is notified 20 points Is the plan logical and based on best practices? 30 points (research is key!!) Do response procedures match incident chosen? 10 points Is the plan detailed enough to be used as a response to an actual incident? 10 points…...

Similar Documents

Premium Essay

Information Security

...The Importance of Information Systems Security Mario M. Brooks Webster University SECR 5080 – Information Systems Security November 17, 2012 Abstract Information System Security is critical to the protection of vital information against unauthorized disclosure for legal and competitive reasons. All critical information must be protected against accidental and deliberate modification. The establishment and maintenance of documents that have been created, sent, and received will be the cornerstone of all financial establishments in modern society. Poor security practices and weak security policies lead to damages to systems. Criminal or civil proceedings can be the result if the perpetuators are caught and if third parties are harmed via those compromised systems. In this paper, Information System will be defined. The paper will also discuss the lapses, vulnerabilities, and the various ways of improving the system. It is very important that the make-up of Information Systems Security and their capabilities are understood. Information Systems can be a combination of information technology and the people that support operations, management, and decision-making. Information Security, is the protection of information and information systems from unauthorized access, disclosure, use, disruption, modification, inspection, recording, or destruction. The terms Information Security, Computer Security, and Information Assurance are frequently used......

Words: 1133 - Pages: 5

Premium Essay

Information Security Project 1

...Project: Information Security Project 1 Name: Ashiqul Abir Class: NT2580 Date: 02/28/2013 Information security best practice project: The information security best project was housed within the Oxford University computer emergency response team. The project sought build on the knowledge, commentary and information gathered during the 2009 self-assessment exercise. One of the main objectives of the project was to develop an information security toolkit, which includes the policies, guidelines, documentation and education and awareness programmers. Information security: In a devolved environment, such as a collegiate university, it is imperative that policy should not go into retail about how those objectives should be met. It also defines the scope of the policy and identifies roles and responsibilities for security. Information security toolkit: The example polies can be tailored to suit the individual needs of your department, college or hall. The toolkit focuses on some areas like, IT management Operations Network Management Physical Security Building on the 2009 self-Assessment: The 2009 Self-Assessment exercise asked unit within the collegiate university to assess their current approach to IT operations, management and security against recommended best practice guidelines. The information gathered helped the advisory group to understand where further attention, resource, and best......

Words: 280 - Pages: 2

Premium Essay

Information Security

...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or......

Words: 25969 - Pages: 104

Premium Essay

Information Security

...Information security means protecting information and information systems from unauthorized access, use, disclosure, modification or destruction. Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. For over twenty years, information security has held confidentiality, integrity and availability as the core principles of information security. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. In information security, integrity means that data cannot be modified without authorization. When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls. Administrative controls form the framework for running the business and managing people. Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. Physical controls monitor and control the environment of the work place and computing facilities. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called......

Words: 4064 - Pages: 17

Premium Essay

Information Security

...production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.” The Need for Security Our bad neighbor makes us early stirrers, Which is both healthful and good......

Words: 24411 - Pages: 98

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a......

Words: 5786 - Pages: 24

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see......

Words: 1422 - Pages: 6

Premium Essay

Information Security

...Assessment Information Management Dovile Vebraite B00044098 Department of Business School of Business & Humanities Institute of Technology, Blanchardstown Dublin 15. Higher Certificate of Business Information Management 20/08/2014 Contents What is Information Security? ........................................................................ 3 What are the Goals of Information Systems Security? ….……………………………. 4 How big is the Security Problem? ………………………………………………………………. 5 Information Security Threats ……………………………………………………………………… 6 How to Secure the Information Systems? ………………………………………………….. 7 Conclusion …………………………………………………………………………………………………. 8 Bibliography ………………………………………………………………………………………………. 9 What is information security? ‘’Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.’’ (Whitman, Mattord, 2011). Information security is the protection of information and information systems from unauthorised access, modification, disruption, destruction, disclosure, or use. In other words it handles the risk management. The definition of information security is based on the concept that if there is a loss of CIA (confidentiality, integrity and availability) of information, then the person or business will suffer harm. What are the goals of......

Words: 1543 - Pages: 7

Premium Essay

Information Security

...Principles of Information Security, Fourth Edition Chapter 3 Legal, Ethical, and Professional Issues in Information Security Learning Objectives • Upon completion of this material, you should be able to: – Describe the functions of and relationships among laws, regulations, and professional organizations in information security – Differentiate between laws and ethics – Identify major national laws that affect the practice of information security – Explain the role of culture as it applies to ethics in information security Principles of Information Security, 4th Edition 2 Introduction • You must understand scope of an organization’s legal and ethical responsibilities • To minimize liabilities/reduce risks, the information security practitioner must: – Understand current legal environment – Stay current with laws and regulations – Watch for new issues that emerge Principles of Information Security, 4th Edition 3 Law and Ethics in Information Security • Laws: rules that mandate or prohibit certain societal behavior • Ethics: define socially acceptable behavior • Cultural mores: fixed moral attitudes or customs of a particular group; ethics based on these • Laws carry sanctions of a governing authority; ethics do not Principles of Information Security, 4th Edition 4 Organizational Liability and the Need for Counsel • Liability: legal obligation of an entity extending beyond criminal or contract law; includes legal obligation to make restitution...

Words: 2389 - Pages: 10

Free Essay

Information Security

...usability because of powerful strains demonstrated to withstand mechanical creation and store network • Cost preferences because of item steadiness Client advantages • Top-score client administration • Service clients through whole commercialization process • Proven accomplishment on huge volume orders for probiotic item advancement. 3. Determine the Alternatives ProBac has a demonstrated reputation with its long haul accomplice model, which is intended to profit both sides. The model has been created together with accomplices over 15 years. Our current well being recommendation is centered on six fundamental zones with the taking after demonstrated medical advantages illustrated: •Immune - Improved guard/ resistance/ security - Reduced frosty/ influenza side effects, lessened length of cool/ influenza, lessened number of chilly/ influenza scenes •Stress Recovery - Recovery after anxiety, hostile to oxidative limit •Sports Recovery - Recovery after activity, against oxidative limit • Female Nutrient ingestion * Iron up take •Cardiovascular Health/Metabolic - Reduced danger for cardiovascular sickness, cholesterol, fibrinogen, leptin, pulse - Anti-aggravation How ProBac? The interest for items that fall into the zone between conventional nourishments and pharmaceuticals is broad. The proportional element for these items is their useful wellbeing impacts. In the region of Functional Food, probiotic ideas exist......

Words: 3556 - Pages: 15

Free Essay

Information Security

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Analyzing Man-in-the-Browser (MITB) Attacks The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware do not have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. AD Copyright SANS Institute Author Retains Full Rights Analyzing Man in the Browser Attacks | 1 Analyzing Man-in-the-Browser (MITB) Attacks GIAC (GCFA) Gold Certification Author: Chris Cain, cicain08@gmail.com Advisor: Dominicus Adriyanto Accepted: December 22nd 2014 Abstract The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware don’t have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. No one is safe......

Words: 5973 - Pages: 24

Premium Essay

Information Security

...Human differences Human beings are prone to certain characteristics that tend to affect their relation to information security. Information security refers to the ability of an individual to ensure that information is free from any kind of access by unwarranted individuals. There are several human inadequacies that affect the level of information security. However, this discussion is going to concentrate on three major human characteristics that affect information security. These include: acts of omission, acts of commission and acts of sequence. These three acts are important in to information security because they are not related to distortion of information but they increase the challenges in regard to making information secure. Information security involves the ability of an individual to access certain preserved information with ease. Information security does not involve distortion of information. These reasons make these three acts to be a concern to stakeholders within the information security sector. These three acts have distinct influence on the level of security in regard to information. Parsons et.al (2010) argues that acts of omission involve the inability to execute important activities when dealing with information. There are certain requirements in the field of information that require constant activities. For example, it is recommended that one should change his passwords regularly to reduce cases of illegal access by unwarranted individuals (Parsons et.al...

Words: 974 - Pages: 4

Premium Essay

Information Security

...implementing the information security management standards, plus potential metrics for measuring and reporting the status of information security, both referenced against the ISO/IEC standards. Scope This guidance covers all 39 control objectives listed in sections 5 through 15 of ISO/IEC 27002 plus, for completeness, the preceding section 4 on risk assessment and treatment.  Purpose This document is meant to help others who are implementing or planning to implement the ISO/IEC information security management standards.  Like the ISO/IEC standards, it is generic and needs to be tailored to your specific requirements. Copyright This work is copyright © 2010, ISO27k Forum, some rights reserved.  It is licensed under the Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.  You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k Forum at www.ISO27001security.com, and (c) derivative works are shared under the same terms as this. Ref. | Subject | Implementation tips | Potential metrics | 4. Risk assessment and treatment | 4.1 | Assessing security risks | Can use any information security risk management method, with a preference for documented, structured and generally accepted methods such as OCTAVE, MEHARI, ISO TR 13335 or BS 7799 Part 3. See ISO/IEC 27005 for general advice. | Information security risk......

Words: 4537 - Pages: 19

Premium Essay

Information Security

...COM656 Group Project Security Plan Chunlin Yang Yunzhen Li Peng Yu Yun-Chen Tsao Coleman University COM656 Group Project Security Plan A brief description of the company Company size, employees numbers, Customers Canon Inc is a multinational corporation specialized in the manufacture of imaging and optical products, including cameras, camcorders, photocopiers, computer printers and medical equipment. It has about 190,000 employees worldwide by end of 2015. Canon has Personal, Office, Professional, Industry business sectors, provide products and services to many millions of customers in each sector globally. History Summary From its humble beginnings in a 1933 Tokyo apartment, Canon has grown to become a monolith in the field of imaging. Once only a maker of high-quality cameras, Canon now produces personal as well as multifunction copy machines, laser and inkjet printers, toner and canon ink cartridges, and calculators— all in addition to their high-quality cameras. Canon began under the name Precision Optical Instruments Laboratory with the goal of developing a high-end Japanese camera to compete with the European brands flooding the market. That first camera was named Kwanon after the Buddhist Goddess of mercy. Just a short time later, Precision Optical Instruments Laboratory created the first-ever 35mm focal-plane shutter camera called the Hansa Canon—and thus the Canon brand was born. But it wasn't until 1947 that the company officially changed......

Words: 3908 - Pages: 16

Premium Essay

Information Security

...GM 5991: Leadership and Organizational Behavior Project Proposal Overview of Organization The organization that I will be discussing about in my final project paper is Lone Wright Comprehensive Behavioral Center. Lone Wright is a health center that deals with a mix of mental health, halfway house, and substance abuse services. Lone Wright is a not-for-profit community based healthcare organization providing quality patient care and services. As a partner with the Austin Community, Wright Behavioral Center is committed to promoting wellness, education and diversity in a holistic and safe environment. We primarily treat people with mental issues and those who are addicted to substance abuse. I have been an application developer with Wrigth since 2004. We design and develop custom interface that keeps track of inventory and billing and maintaining patient accounts, speeding up business process and improving application effectiveness. Like many other healthcare industry, Lone Wright is faced with numerous challenges trying to meet up with all new requirements from Health and Human Services department due to the new Healthcare Reform law. We currently use an older technology that doesn’t strengthen the privacy and security of health information this has made most of our patient’s health information accessible just to anyone; also when doing data transmission with respect to PHI, Wright doesn’t clarify who qualifies as business associates according to the new HHS......

Words: 366 - Pages: 2