"Actually Secure." IT Protection-A Developing MS Theory: MS Degree Capella: Miss. Bayo Elizabeth Cary, AA, BA, MLIS


11-9-2017



Unit 5 Discussion 2 Response 1

Response from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS



To: Facility Director

Director,

After a recent audit of security controls and policies, it is clear that we have some vulnerabilities that need to be remediated. Below is the list of vulnerabilities and solutions for each of them.

Vulnerabilities:

1.      Unauthorized personnel attempting to gain access using an employee access card

2.      Users password was written and posted on desk

3.      Users leaving computer unattended while logged on

4.      Employees leaving sensitive company information on desk

5.      Employees leaving sensitive information on top of filing cabinet

6.      Employees leaving sensitive information in copier

7.      Employees not disposing of sensitive information properly

8.      Employees leaving secure area doors unlocked

9.      Employees propping open server room door

10.  Employees not following maintenance schedules ( outdated fire extinguisher)

Solutions:

1.      Add photo of employee on access cards, have security issue new access card & deactivate old card

2.      Have all employees with password written down to reset password & be counseled on password management

3.      Adjust settings that after 60 seconds of inactivity the computer locks

4.      Counsel employees with sensitive information left on desk & reinforce punishments for violating the handling of sensitive information

5.      Same as number 4

6.      Place and label copiers for sensitive information in restricted/secure area. Post sign saying to remove original from copy machine

7.      Designate locate in a restricted area to place shredder and give two employees in security the task of gathering and disposing of waste daily.

8.      Upgrade to doors that will automatically close, lock and beep if left open for more than 45 seconds

9.      Same as 8

10.  Counsel employees that are responsible for performing maintenance and have management perform regular checks to ensure employees are performing their duties.



V/R

David



Response from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS



          I think the list of violations, and the list of corrective solutions, are good corrections. It depends on the level of security, that a business wants-what the security measures, should be. There are: low, medium, and higher levels, of security, that can be enacted-to be protected IT information. There are some basics, that will always be necessary, such as: changing passwords, on a regular basis. Businesses, must weigh, the required: costs, and time, for increasing IT security measures-some levels of security, are outside of an average budget.

         IT security risks are real. There may be ways, to manage security risks, in a-cost-effective ways, while still raising the security protocols, to the highest levels? I think it would be, an interesting and useful thesis, for my MS degree, at Capella-to engineer my own: “discounted,” high security, IT perimeters systems (360 degrees), to test the: software, and other equipment-establishing-an almost impenetrable barrier (Smith, 2005, p. 14). A question, a hypothesis, becomes a respectable: “theory,” when a researcher proves, that the proposed, is actually-possible:

First, of the three things that are subject to certification (compliance)– people, process, and product – product seems to be the most immediately relevant. Second, if we focus on product, testing seems insufficient; as Dijkstra famously noted, testing can reveal the presence flaws, but not their absence. (Mclean, 2007, p. 1)

I think that IT security, at the very root, is a working experiment. The goal, and aim, will always be-full compliance, with all, US: laws, statutes, rules, and regulations. What we read in class, is only “theory.” The best part, about being a researcher, and studying at the graduate level, is testing the theories, and then-creating my own solutions. Many IT specialists, have come and gone, and sometimes-the reality of IT security: the improvements, make the situations worse, and some of the improvements-only help a little. I think, that I can offer something better, something fresher, and more innovative: “Actually Secure.”







References



Heitmeyer, C., Archer, M., Leonard, E., and McLean, J. (2007). Applying Formal Methods to a

Certifiably Secure Software System: IEEE Transactions on Software Engineering, forthcoming. Information and Technology Division, US Naval Research Laboratory. ACM 978-1-59593-887-9/07/0011.



Smith, Randy Franklin. (2005). Defense-in Depth. Windows IT Security. Vol. 5, No. 11. p. 13-15. Retrieved from www.windowsitpro.com/windowssecurity

Comments

Post a Comment

Popular posts from this blog

Unit 8 Assignment-Locked Out of Group Chat-Forced To Work Alone-Dr. Susan Ferebee-Capella University-Trying To Illegally Flunk Me!

Massive Data Loss, and Recovery Plan-Risk Management-Reality: Global Financial Threats- Information Drains 12-3-2017 Unit 8 Final Assignment Completed By: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Capella IAS5002 MS NSA Training Dr. Susan Ferebee NSA MS Student: Miss. Bayo Elizabeth Cary, AA, BA, MLIS 400 NW 1 st Avenue, Apartment: 410, Gainesville, FL 32601 Email: bayo_caryg1@yahoo.com Cell: 857-218-0146 USA 12-3-2017 Unit 8 Assignment: Not A Group Project By Myself, from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS BC/ DRP Strategy and Directions: BC/ DRP Strategy: “Draft Project Description and Scoring Guide” for more detailed information about the project, of which this assignment is a part. On page 326 of your  Essentials of Business Communication  text, review Figure 10.24, "Components of Informal and Formal Reports." Based on the information in the Overview and Scenario in...
Read more

Complaint RE: Dr. Susan Ferebee: Flunking Me-After an IP Address Lock Out, to: Academic Coach: Scribner at Capella University

12-09-2017 Dear Ms. Scribner,       I have been a little over-whelmed. The end of the semester is here. I am sorry, that I missed your phone call, on November 21, 2017-I was traveling, for a minor court citation-I feel asleep, in an airport in Maryland, while waiting for a flight. I am back, at an apartment, in Gainesville, FL. I am having some problems, in my class, and need your help. My IP address, was locked out of the group chat, and discussion group. I was forced to complete assignment 8, on my own. I spoke to IT, about the problem, and switching to Google Chrome, was not helpful enough.       I have explained the situation to Dr. Susan Ferebee. Dr. Ferebee, is trying to flunk me, for not working in a group-and, it is not possible. I completed assignment 8, and turned it in on time. I completed every aspect, that was due last week. I have already logged a complaint, through student services, and Dr. Ferebee-has not respon...
Read more

Unit 2 Discussion 2

10-18-2017 From: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Unit 2 Discussion 2: Assignment: Based on the Radical Rewrite: Watch Your Tone! (Guffey & Loewy, 2016, p. 58), review the scenario and provide at least five specific writing errors. Include examples: Radical Re-writes: Basic Guidelines: "How can you make this message more courteous, positive, and precise? In addition, think about using familiar words and developing the 'you' view" (Guffey& Loewy, 2016, p. 58). Your tone of voice-either: positively or negatively, effects-how your messages are received. When communications, are: abrupt, truncated, emphatic, understated, etc.-and that is not the clear intention, of the writing-then, the intended reader, will not get your message. Tone of voice, encompasses, more-than just, a consideration, as to: how you are communicating, and who your intended audience is. The tone of voice chosen, communicates the formal professional nature, of your information, as well...
Read more