Professional Documents
Culture Documents
Ais3 Chap 1 5
Ais3 Chap 1 5
4. Archiving
2. Classification
5. Deletion
3. Analysis
Security of information
Online selling,
More profit, third-party
more customers food couriers
Or if you want to speed up cashier
transactions, then you might want to try
acquiring a Point-of-Sale (POS) System.
It is about prioritizing
which IT projects should
come first.
3. Managing Electronic Risk
One high-risk issue that often surfaces is endpoint security. An
“endpoint” is a computer system on your network used by an
individual to interact with computer servers or applications.
Endpoints can include:
PCs, laptops, smartphones, tablets, and
specialized components such as POS
terminals.
Endpoints are vulnerable because humans are vulnerable:
a. They will blindly click on a link in an email.
Beware of whatever they are sending us such as links. Those
links might lead us to a fake bank website than can phish our
confidential information such as usernames and passwords.
There are already reports about bank accounts and even
Facebook accounts that are hacked.
b. People will connect a laptop to an unfamiliar Wi-Fi network.
-Free Wi-Fi is great right? But be careful when connecting to
public Wi-Fis. These networks can hack and access our
personal and browsing information on our gadgets.
Follow these tips:
Stick with HTTPS when browsing. Chrome will usually prompt
you when the site you are visiting uses an unencrypted HTTP
connection rather than an encrypted HTTPS encryption by
labeling HTTP "Not Secure."
Do not give too much info such as e-mail address and phone
number. Stores and restaurants that do this want to be able to
recognize you across multiple Wi-Fi hotspots and tailor their
marketing accordingly
Limit AirDrop and File Sharing
Read the attached terms and conditions
Use a VPN
All these innocent mistakes can lead to a loss or compromise of
sensitive data for an organization, and, therefore, might require a
public acknowledgment of breach by the company. As a part of
your security program, ensure your endpoint devices are well
protected.
Anti-virus is a must for most desktop and laptop systems.
Security patches are released monthly, or more frequently, and
should be applied quickly and in accordance with your
organization’s established framework and procedures.
Cloud Storage
Another high-risk security issue that should be evaluated is the
security of third parties responsible for storing, processing, or
transmitting data on your behalf such as Onedrive and Google
Drive. (Our MS Teams is using OneDrive)
These services offer convenience by integrating with endpoint
devices to seamlessly copy data from the computer’s hard drive
to a server somewhere on the Internet. In this way, the data is
now easily accessible by other devices such as a smartphone or
tablet.
These free services do not provide any guarantee of security over
the data stored on the service, and your organization cannot be
sure sensitive data pushed to one of these “cloud-based”
services won’t be seen by unauthorized individuals.
Therefore, your company should have a clearly defined policy
regarding how file-sharing services should be used and
employees should be trained accordingly.
Also, you should establish a vendor management process to
ensure all third parties who store, process or transmit data on
behalf of your organization have a contractual obligation to apply
an appropriate degree of security to your data and that they
periodically provide evidence (such as a Service Organization
Control report) confirming their controls are in place and
functioning.
4. Measuring IT
Performance
Metrics can play an important
role in achieving excellence as
they force the organization to
pay attention to their
performance and prompt
management to make
adjustments when goals are
not being achieved.
Critical Metrics for IT Success
1. Operational Metrics
-system performance
2. Organizational Metrics
-employee performance
3. Financial Metrics
-cost control performance
Operational Metrics
1. Online application performance -
The average time it takes to load a
screen or page.
2. Online application availability - The
percentage of time the application is
functioning properly.
3. Batch SLAs (Service Level Agreement)
met - The percentage of key batch
jobs that finish on time.
4. Production incidents - The number of
production problems by severity.
Organizational metrics
1. Attrition - The percentage of
employees who move to other jobs.
Exclude involuntary separations so
that managers will not retain poor
performers. Differentiate between
employees who leave the company
versus those that leave to take
another position within the company.
2. Performance reviews - The
percentage of employees with
current written reviews.
Financial metrics
1. Budget variance - Actual costs
compared to budgeted costs. This
should be done for both direct
expenses and inter-company
expenses since direct expenses are
more controllable.
2. Resource cost - The average cost of a
technology resource. This provides a
good view of how well managers are
controlling costs by using cheaper
outsourcing labor or higher priced
temporary labor and managing an
organization that is not top heavy
with expensive employees.
IT Tools for Business
Internet
1. Internet - The internet is a global computer network
providing a variety of information and communication
facilities, consisting of interconnected networks using
standardized communication protocols.
What composes the internet are:
Or ISP
To summarize:
1. Switch – connects devices in a
local area network (LAN)
2. Router – connects LANs;
connects to a modem
3. Modem – connects Router to
internet service provider (ISP)
Multi-factor
authentication
(MFA)
Security
Engineering
Vulnerability Assessment
Penetration Testing
Network Intrusion Detection System (NIDS)
Password Salt and Peppering
Random values are
attached to the password
Virtual Private Network (VPN)
An encrypted connection
over the Internet from a
device to a network.
Honeypots
Decoy databases that
attract hackers but do not
house any important
information.
Application Whitelisting
Prevents unauthorized apps from
running on a computer
Firewalls
Block unauthorized access to a
network or data interceptions
Antivirus Software
A program or set of programs
that are designed to prevent,
search for, detect, and remove
software viruses, and other
malicious software.
Encryption
Decoding data, in transit or at
rest, including end-to-end
encryption often used in
messaging apps and platforms
that only allows encrypted
messages to be read by sender
and receiver.
Malwares
Short for malicious software
Malware is any piece of
software that was written with
the intent of damaging devices,
stealing data, and generally
causing a mess. Malwares
Virus
Infects files then replicates to
infect other files
Can spread uncontrollably,
damaging a system’s core
functionality by deleting or
corrupting files. Examples of Malware
Usually appear as an executable
file (.exe)
Worms
Acts like a virus
But viruses needed a “trigger”
to start infecting such as when a
person opens an exe file of a
virus
Worms can self-replicate as soon
Examples of Malware
as they have breached the
system without a trigger
Trojans
Disguises itself as legitimate
software or is hidden in
legitimate software that has
been tampered with.
Acts unnoticeably and create
backdoors in your security to let Examples of Malware
other malware in.
Spyware
Designed to spy on you
Hides in the background
Records what you do online,
including passwords, credit card
numbers, surfing habits, etc.
Examples of Malware
Ransomware
Typically locks down your
computer and your files or a
website and threatens to erase
everything unless you pay a
ransom.
Examples of Malware
Adware
Not always malicious in nature
But aggressive advertising
software can destabilize your
security just to serve you ads
which can give other malware an
easy way in. Examples of Malware
Pop-ups are really annoying.
Botnets
Networks of infected computers
that are made to work together
under the control of an attacker
Examples of Malware
IT Disaster
Recovery Plan
IT Disaster Recovery Plan
A critical process that can help
an organization survive and
recover in case of disaster –
whether a natural disaster,
accidental data loss, or
malicious cyberattack.
What does the organization
aims to achieve?
Target Recovery Time
Maximum downtime
allowed for each critical
system Goals
Maximum amount of
acceptable data loss
Who is responsible for
executing the plan?
Personnel
List hardware and
software assets, their
criticality, and whether
they are leased, owned, IT inventory
or used a service
How and where (exactly on
which devices and in which
folders) each data resource Backup
is backed up, and how to Procedures
recover from backup.
Emergency response to
minimize damages, last-
minute backups, mitigation, Recovery
and eradication (for Procedures
cybersecurity threats).
A robust plan should
include a hot disaster
recovery site – an
alternative data center in a
remote location that has all
critical systems, with data
Recovery
replicated or frequently Sites
backed up to them.
Operations can be switched
over to the hot site when
disaster strikes.
Procedures for recovering from
complete systems loss to full
operations Restoration