This action might not be possible to undo. Are you sure you want to continue?
Threat Assessment When a security expert of an Information Technology (IT) division is elevated to head of security officer in a social service organization, his main task is to direct an appraisal of the threats being experienced by the information system of the agency. Being a head of security officer for the
accessibility. comprehension of the targets.IT division it is essential that the vulnerabilities of the computer network are distinguished and safety measures should be created to avoid hackers. The head of security officer is also responsible in administering the classifieds and security of the organization its customers and associates. kinds of events. viruses. artificial and natural calamities that could impair the system. The appraisal of the agency will incorporate legitimate issues in information protection. Assessment Goals An evaluation of the agency’s information system is essential to give the agency initiative in determining their position as well as the direction that they will choose in order to improve the system to suit the requirements of the organization. inspect the safety measures. recognizing probable agents. determining vulnerabilities. Being the head of the security officer of the IT division the objectives of the system evaluation as decribed in chapter 8 by Eric Maiwald (2004) in his book Fundamentals of Network Security are: • • To figure out the importance of the information possessions To figure out the threats to the privacy. dangers to the organization. tending to the risks. and create a plan to block all harm should it happen. and the customers. honesty. procedure for information protection. and/or accountability of those possessions . the ruining of the system.
This organization should secure and ensure the information they obtain from customers and clients. weatherization.• To figure out the current vulnerabilities innate in the present practices of the agency • To recognize the potential dangers to the agency when it comes to information possessions • To suggest modifications to present practice in order to decrease the dangers to a satisfactory level • To furnish an establishment on which to create a proper security plan The Organization The agency to be evaluated is a federal subsidized agency. . stores. They should make this information classified and private. shelter. 2011). Community Action Agency of New Haven gathers. The appraisal type or technique utilized to evaluate the information system of the Community Action Agency is the organization-wide hazard evaluation. federal office and social service organizations across Connecticut. food storage. This kind of evaluation determines absolute threats to the information system. Community Action Agency of New Haven in Connecticut is a federal subsidized agency that serves roughly 25.000 customers annually. family and education programs (Community Action Agency of New Haven. furnishing energy help. and trades information with the merchants.
policies for worker’s . Workers are the primary human line of security in computer protection. aims and objectives. and trading of information. Assessment The appraisal process includes knowing the agency by questioning employees. Collecting Information The personnel of the agency have more knowledge to the information system and computer section.distinguishes the information systems accountabilities and checks all types of electronic and tangible sharing of information. and privacy of the agency. Reports such as safety. and conducting a physical investigation of the information system. sharing. A reasonable and unbiased communication of ideas and dialogue on the daily activities of the staff can help the security administrator in knowing what kind of security procedures to proceed or what safety measures to establish for the safety. telecommuting and information procedures. The evaluation will offer the Head of Security of the IT division with a vivid view of the present information system and empower the agency to conform to the necessities and requests of the agency’s procedures. assessing records of the agency. The head of security officer should scrutinize all records that relate to the gathering. calamity recovery and incident reaction methods. worker handbook.
organizational diagrams. authorization measures. or artificial threats. security workers. plans. These documentations include safety pertinent strategies. Physical Security A stroll in the office is suitable. customs and traditions of the organization (Maiwald. standards. and dead zones are significant parts of the evaluation process. Preventative Measures . system design and firewall base. 2004). the PC stations. vital areas. software development procedures. key controllers. Education and Awareness The security in-charge who is evaluating the agency must examine the information administration and the training of staff on information administration. investigating the edifices. deterrent measures. The measures are studied three ways.termination. power supply. router channels and system diagrams should be inspected for suitability. Learning the security ventures of the organization including access management. and the PC center searching for any weakness’ that may put the agency in danger of normal. and incentive procedures. unnatural. guaranteeing the most existing documents are usable.
The security in-charge has the authority of evaluating the policies. and guaranteeing that they are upheld with consistency as a means to inspire workers to be security minded to secure the agency and the assets of the . Implementation is one technique used to guarantee that the guidelines and practices of the agency are followed. and retributions will be the consequence when workers will not succeed in pursuing the policies and guidelines. and stress on the significance of safety measures within the organization. The safekeeping policies and traditions of the agency are worthless without implementation measures. or deferred if the employees of the agency will be responsible enough in taking part in the protection effort and work sensibly. classes and seminars on how to defend the PC. Commonly employees become at ease with utilizing similar passwords and traditions therefore an evaluation to recognize the consequences and awful habits is convenient to not only distinguish the issues but to make the alterations essential to countermeasure the weaknesses prior to the chance when a violation will occur. distinguishing whom to call if there is doubtful violation in security. Simple deterrent measures like preventing to reveal the passwords to employees. and customs in the office. Enforcement Measures The agency’s procedures are set up as a way to set the standards.Generally security risks on the organization are abolished. circulation of security strategies and customs. discouraged. techniques to build up strong passwords.
and unpredicted incidents that can endanger the protection and security of the organization.agency. Issues to give careful consideration to according to Maiwald (2004) are. Preliminary measures must be inspected to verify the organizations preparation to take action on dangers. types of retributions for each defiance. Implementation measures that are evaluated distinguished the conceivable violations. breaches. schemes of examination. • What backup strategy is being utilized? What files are backed up and how frequently? Where are the backups saved? How regularly are the backups transferred to storage? Have the backups ever been checked? • • • • . The backup and adversity safeguard are critical because the conglomeration must have a practical and reasonable preparation to eliminate risks from normal and unnatural incidents that can devastate or immobilize the information system. The two essential safeguards for the system are backup and adversity. and furnishing staff with written documents expressing the strategies of the agency’s protection and authorization policies. screening employee conducts. Precautionary measures.
hazards.• How regularly should backups be utilized? Have backups ever been unsuccessful? How regularly does information require to be backed up? The Network The conglomerations network is the door to the conglomerations • • information. and present helpfulness. The network should be inspected to verify the adequacy. The network illustration is a document that can in some cases be antiquated or erroneous hence the illustration must be scrutinized to guarantee that the server areas. and crashes within the system. web admission points. procedures utilized on the network. wireless admission points. working and upgraded (Maiwald. and firewalls are set up. operating system and editions. areas of FTP servers. Internet servers. admission points to other conglomerations. PC systems. varieties and quantities of systems on the network. Consistent to Maiwald . 2004). dial-in admission points. and mail gateways. Network Protection Securing the network is very important and the head of security officer has the authority of evaluating network assurance and guaranteeing the correct countermeasures are set up to deal with breaches. connectivity. the weaknesses.
New York. In closing the Head of Security in the IT division must conduct an appraisal of the information system and the office to increase his comprehension of the assets that are to be ensured. and customs that offers a secure environment for all individuals’ assets and possessions of the organization. encryption devices utilized to defend portable PCs.(2004) areas of apprehension that are part of the appraisal are “router admission control records and firewall controls on all Internet admission points.). The appraisal once finished is a guide to creating policies. and message systems. E. anti-virus systems set up on servers. and server protection setups” (pg. countermeasures. (1eth ed. The appraisal will recognize the present health of the organization and distinguish weaknesses. PCs. para. threats and hazard. New York: McGraw-Hill. Fundamentals of Network Security. 17). encryption devices utilized to transfer and save information. validation devices used for remote access. security devices on admission points to other organizations. (2004). References Maiwald. . 1.
Programs and Services. Community Action Agency of New Haven.caanh. Retrieved from http://www.(2011).net/programs_and_services .
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.