MGIT412

Patricia Mae F. Belen

BSAIS 4-Y1-1 IRREG

1. Discuss why wireless networks are more susceptible to security problems and how businesses can
protect them.

ANSWER:

Now a days wireless networks are very common everywhere. The network of companies is equally
vulnerable to various cyber-attacks and if not properly secured may cost the company tremendous loss of
information and money. The following are the types of unauthorized access generally found at companies
networks:

Accidental Association: Unauthorized access to company wireless and wired networks can come from a
number of different methods and intents.
Malicious Association: “Malicious associations” are when wireless devices can be actively made by
crackers to connect to a company network through their cracking laptop instead of a company access
point (AP).
Ad-Hoc Networks: Ad-hoc networks are defined as peer-to-peer networks between wireless computers
that do not have an access point in between them.
Non-Traditional Networks: Non-traditional networks such as personal network Bluetooth devices are not
safe from cracking and should be regarded as a security risk. Even bar code scanners, handheld PDAs and
wireless printers and copiers should be secured
Identity Theft (MAC Spoofing): Identity theft occurs when a cracker is able to listen in on network traffic
and identify the MAC address of a computer with network privileges. It allows a computer to pretend it
has any MAC address that the cracker desires, and the cracker can easily get around that hurdle.
Man-In-The-Middle Attacks: A man-in-the-middle attack is one of the more sophisticated attacks that
have been cleverly thought up by crackers. This attack revolves around the attacker enticing computers to
log into his/her computer which is set up as a soft AP.
Denial of Service: A Denial-of-service attack occurs when an attacker continually bombards a targeted
AP or network with bogus requests, premature successful connection messages, failure messages, and/or
other commands.
Network Injection: A cracker can make use of AP points that are exposed to non-filtered network traffic.
The cracker injects bogus networking re-configuration commands that affect routers, switches, and
intelligent hubs.
 2. Discuss the security issues associated with cloud computing and what cloud users should do
about them.
There are many issues associated with cloud computing:
Data Breaches: Some hacker could access our data and misuse that data. As the data is present in the
servers of the service provide, so it is always at risk.
Hijacking of Accounts: The whole account could be hijacked and data could be misused.
Insider Threat: Someone from inside the organization could access our data and misuse it.
Malware Injection: malicious code can be injected into or account and to us it would appear like software
or service that is running within the cloud.
Insecure APIs: API can cause threat to the clous services due to their very nature. If the API becomes
better, the risks also increase.
There is not much a user can do as he can't control the services provided. What a user can do is collect
information about all service providers and use the services of the provider which is most safe and has
good reputation.

3. Discuss the threat employees pose to information system security.

Endpoint security threats

Negligent or careless employees who do not follow security policies – 78% Personal devices connected to
the network (BYOD) – 68% Employees' use of commercial cloud applications in the workplace – 66%

4. Discuss three laws recently passed by the U.S. government that created electronic records
management obligations for businesses.
(ESGNCA)
ESGNCA is among the current United States laws on electronic management that deal with
business obligation. The above law is an important part of the legislative. It is cautious and conservatives.
Besides, gives individuals or the marketers a chance of making their own decision without influence from
anybody. In addition, it tends to focus on the marketing system to make to shape the use and application
of the electronic system and not the other way round.
Uniform Electronic Transaction Act (UETA)
The manner of application and administering of UETA seems to be similar to ESGNCA. The
above law eliminates the section of the United States commerce law that relates to the process of
transferable records and the possible use of electronic recording system by the government officials.
Besides, it helps eliminates any kind of doubt about the enforceability of transaction done electronically
to remove any barriers to their applications in the public, business and in the government sectors.
Electronic System and Records Management (ERM) Act
The aim of ERM is to help utilize the commercial favorable practices in key government
business management. It is one of the current laws to help in administration and in the general operations
of government transactions of financial matters. Besides, the above act plays a key role when it comes to
public and marketing office management with the purpose that government electronic and recording
system is created and the maintenance is inconsistency with the transparency

5. Discuss the elements of a good security policy that every business should have.

Security policies are a critical component of any information security program and must be carefully
crafted, implemented, and enforced. A good security policy should include the following components:
1. Clearly defined goals and objectives
This is especially important when it comes to program policies. Keep in mind that many employees are
unaware of security threats and may regard any type of security control as a burden. A clear mission
statement or purpose stated at the top of a security policy should assist the entire organization in
understanding the importance of information security.
2. Applicability and scope
Every security policy, regardless of type, should include a scope or statement of applicability that
specifies who is covered by the policy. This can be based on a geographic region, a business unit, a job
role, or any other organizational concept that is properly defined.
3. Senior management commitment
Security policies are intended to communicate senior management's intent, ideally at the C-suite or board
level. Any security program is doomed to fail unless this level of leadership buys in. To be successful,
your policies must be communicated to employees, updated on a regular basis, and consistently enforced.
All of this is made difficult, if not impossible, by a lack of management support.
4. Policies that are realistic and enforceable
While it may be tempting to base your security policy on a perfect model, keep in mind that your
employees live in the real world. A policy that is overly burdensome is unlikely to be widely adopted.
Similarly, a policy with no mechanism for enforcement could be easily ignored by a large number of
employees.
5. Important terms are defined clearly.
Keep in mind that the audience for a security policy is frequently non-technical. Concise, jargon-free
language is essential, and any technical terms in the document should be defined clearly.

6. tailored to the risk tolerance of the organization

Risk can never be completely eliminated, but it is up to the management of each organization to
determine what level of risk is acceptable. This risk appetite must be considered when developing a
security policy, as it will influence the types of topics covered.
7. current information
Updating security policies is critical to maintaining effectiveness. While the program or master policy
may not require frequent changes, it should be reviewed on a regular basis. As technology, workforce
trends, and other factors change, issue-specific policies will need to be updated more frequently. You may
discover that new policies are required over time: BYOD and remote access policies are excellent
examples of policies that have only become commonplace in the last decade.