IT Security As It Relates To Methods Of Communications Channels Chosen


10-29-2017





Communications Channels, and the

Contemporary Intl Businesses:

Risks, Vulnerabilities, and Security Potentials-

What may be possible?







Unit 3 Assignment 1: MS Degree Capella University:

Miss. Bayo Elizabeth Cary, AA, BA, MLIS

Professor: Susan Ferebee











1215 N.W. 4th Street

Gainesville, FL 32601

Email: bayo_caryg1@yahoo.com

10-29-2017



Unit 3 Assignment 1 and Directions, Followed By: Outlined Response: Due: 10-29-2017

Response From: Miss. Bayo Elizabeth Cary, AA, BA, MLIS

  • Scenario: Your company has experienced a major breach in Internet security. Your CSO has contacted the IAS department to develop a series of IAS security communications that acknowledges the problem, lists the potential impacts, and reminds every one of the policies and procedures for IAS and Internet usage.

For this assignment, you will develop a network security communication strategy using various message-types. Utilizing the readings in Chapter 5 (Guffey & Loewy), you will develop a 2–4 page summary of the following types of communications:

Body of Research Paper:


·         E-mail for leadership and employees;

·         Text message for employees;

·         Podcast information;

·         Blog creation and content;

·         Social media tool.

For each type of communication, you will include:

·         Problems (Unauthorized access by hackers);

·         Types of vulnerabilities, including risks that exist within the type of communication;


·         Current IAS policies on unauthorized use of Internet and social media platforms;

·         Describe the company's access control and Internet policies and procedures;

·         Conclusion.



References

·         Include at least 2 academic and 2 non-academic sources to support your assignment:



Unit 3 Assignment 1: Research Paper:







Communications Channels

and Persisting Security Vulnerabilities



Body of Research Paper:

Introduction:

Remember that nothing posted online is truly hidden, secure or private--and that doesn't pertain only to the Internet; information from apps, smartphones and tablets can also be accessed. Take extra steps to keep financial information, passwords, e-mail addresses and other personal information secure.

                                                                                  (Don’t Be a Hack, 2016)

Based on the serious nature, of an information breach, for an IT company-I think, more than the basic written communications channels are necessary, to address, and to remedy the situation. Various communications channels, have vulnerabilities, related to clearly imparting the full message, with no misunderstandings, or room for guessing. Guffey (n.d.), in her text: Business Communications the 10th Ed., provides a list of various communications methods, based on the: “Richness or Leaness,” of a message (p. 44).

        According to Guffey (n.d), a “Rich” communications channel, provides the intended audience-with the complete message, without losing any of the required, and vital information (p. 44). The Guffey (n.d.) “Rich,” to “Lean,” communications channel scale-from: “Rich,” to “Lean” (p. 44):

1.      Face-to-Face Communications;

2.      Telephone;

3.      Video Chat;

4.      Email;

5.      IM;

6.      Letters;

7.      Memo;

8.      Blog;

9.      Report;

10.  Wiki. (Guffey, n.d., p. 44)

·         E-mail for Leadership and Employees& Problems with Unauthorized Hackers and Other Vulnerabilities and Risks:



        





        Email communications, are presently considered, and advantageous and reliable way, to communicate quickly, and effectively, in an inner office environment:



§  Efficient;

§  Portable;

§  Permanent and Retrievable;

§  Monitored for Appropriate Content and Viruses/Worms.

                                                (Ackmann, Email, Slide 5)



There are specific guidelines, for the use of professional email communications, in the workplace. The notification, of an inner office crisis-such as a: security breach, is a sensitive matter, that must be addressed formally-formatting and message:



§  Subject line: Summarize the main idea in condensed form;

§  Opening: Reveal the main idea immediately but in expanded form;

§  Body: Explain and justify the main idea using headings, bulleted lists, and other high-skim     techniques when appropriate;

§  Closing: Include (a) action information, dates, or deadlines; (b) a summary of the message; or (c) a closing thought. (Guffey, n.d., p. 120)



Following formal rules, and etiquette-helps to shape the easy to read format, and appropriate inner office communications, that will both: effectively share information, and protect against liabilities, and unwanted litigations. Email communications, are regulated by several agencies, in the US, to support US laws and regulations, and to combat the spread, of unwanted: viruses, worms, and other cyber security risks:



·         NSA

·         FERPA

·         HIPAA

·         FTC

·         SEC

·         OSHA (Ackmann, Email, Slide 20).



Monitoring online email communications, is just the beginning-when it comes to protecting vulnerable data stored, on office computers and servers. Email accounts can be hacked. Employees should be reminded, to keep passwords private, to use passwords that are difficult to discover, and, to change their passwords, on a regular basis.



·         Text Message for Employees& Problems with Unauthorized Hackers and Other Vulnerabilities:



     Text messaging and IM communications, in an inner office setting, are generally less formal than an office email, or memo, and are utilized for quick, real-time communications-to deliver information, as fast as possible. There are a number, of popular, and frequently used, inner-office Text, and IM Apps and programs-that, are currently being exploited, in the US, for example:





Popular Text/and IM Apps.:
Popular Text/and IM Programs:

·         Cloud Collaboration;
·         Software as Service Applications;
·         Freemium Enterprises Networking Services;
·         Twitter for the Office. (Ackmann, Social Networks, Slide 2)

·         Slack;
·         Yammer;
·         Unison;
·         Skype (For Business);
·         High;
·         Desk Away. (Ackmann, Social Networks, Slide 3)



Although, text messaging and IM, are less formal way, of communicating-in a professional environment, there are still etiquette guidelines-that must be followed, for: safe, and appropriate communications-between professional co-workers. The most readily used IM apps, free, and available as downloads from: Google Play Store, are as follows:



·         Skype;

·         Facebook Messenger;

·         WhatsApp;

·         Hangouts. (Guffey, n.d., p. 120)



Text messaging and IM, have changed the face, of the modern Intl business market, with fast interactivity, and immediate response. There are, however, risks and vulnerabilities, associated with all communications channels, and Text messaging and IM-are no exception. “IT directors worried about security risks posed by free consumer IM services, with loss of sensitive business data a primary concern” (Guffey, n.d., p. 120). IT companies, will always have to worry, about serious breach problems, that could cause-massive information loss, and exposure, from:

·         Phishing (fraudulent schemes);

·         Viruses;

·         Malware, and;

·         Spim. (Guffey, n.d., p. 120)





·         Podcast Information& Problems with Unauthorized Hackers and Other Vulnerabilities:



           Podcasts, are easy to create, and even easier to protect, with a: creative commons copyright tool-which are available online, to protect your original creation, for the work place, or for your own personal enjoyment (Creative Commons, n.d.). There do not seem to be, any major security risks, with Podcasts. As-long-as you copyright your work-you are legally endowed with required accurate attribution, for your work. The Podcast, is not an on-going conversation, like an: email, or Text messaging, and an IM-it is a finished and final product.



          Podcasts, are most readily used, in the contemporary business environment, as instructional videos, for training employees. Podcasts can be used, on a variety of electronic devices, for quick fast access, and stored or later, as a series of downloads-for an employee to watch later, when they have more free time. Podcasts can be: funny, interesting, entertaining, and at the same time educational-without losing a professional edge. Major media, in the US: ABC, NBC, CBS, Fox, etc. and Internationally: BBC, France 24/7, etc., take advantage-and back-log programming, as podcast files, that can be accessed as archived news, on YouTube, Vimeo, etc (Guffey, n.d., 120):



·         TED (Technology, Education, and Design)

·         Apple’s iTunes;

·         NPR (National Public Radio). (Guffey, n.d., p. 120)



·         Blog Creation and Content& Problems with Unauthorized Hackers and Other Vulnerabilities:



        US businesses use Bloggs, to advertise the benefits of their products, and to market, their philanthropic contributions. Bloggs, are a vital portion, of how major International businesses, project a: clean, positive, working image, to the rest of the world. Bloggs, can also be used at a company-internally, for posting long messages, reports, or summary findings-regarding various aspects of the businesses, progression, through: inspections, accreditations, International expansions, Outsourcing processes, etc.:



§  Public Relations;

§  Customer Relations;

§  Crisis Communication;

§  Market Research;

§  Viral marketing;

§  Internal communication, and;

§  Recruiting, etc. (Guffey, n.d., p. 120)



A Blog, requires the maintenance, by an author, or by a series of authors-who are well educated-not just in the English language-for America, also in what capabilities, and features, a Blog can be activated, to perform. In other words, actively managing a successful Blog, for a multinational corporation, requires formal education, training, and practice. There is room, to respond, to most Bloggs posted online.



         The response, in an office setting, will differ a great deal-from what is said, by someone outside the company, who is reading what is posted. I think the biggest security risk, for a Blog, is related to the nature, of what is being discussed-when people are easily offended, the negative feedback, from the general audience, can be scary, and offensive. A business, has-to-be concerned, about the public image, that is being projected. To maintain a strong bottom line, and to attack and retain investors, a business should try to evoke, a positive response, from a: general-public.



·         Social Media Tools Online& Problems with Unauthorized Hackers and Other Vulnerabilities:



          Social media, and online communications, are vulnerable to hackers. Firewall, and encryption technologies are improved, and then-there is another serious information breach, and software protecting IT information, must be improved, and upgraded on computer hardware systems again. It is important to know, that: “privacy,” is a theory, and a concept to be: appreciated, reflected upon, worked towards, and respected-and not a reality. Information shared online, will never be perfectly safe.



            Hackers have the ability, to work against the improvements, and advantages, added to the newest and most advanced security software programs. Information is money, therefore, the US government, is not the only country-that illegally tries, to: manipulate, own, and control-the constant flow, of online information. While, IT companies, have a legal obligation, to enact reasonable measures, to protect the data and IT information, of: employees, customers, clients, and other professional business contacts-nothing posted online, will ever be safe enough.



            Companies, who choose to engage in online social networking, knowing accept the risks, of associated with: hackers, information loss, security breach, and other dangers inherent, with the use, and participation, of online social networking services. Most International companies, have decided, that the benefits, of logging online, to participate, in social networking companies like:



Internal Online Social Networking:
External Online Social Networking:

·         Yammer;
·         Salesforce;
·         Chatter;
·         Jive;
·         Facebook for Business;
·         Twitter for Business. (Guffey, n.d., p. 120)

·         Facebook;
·         Twitter;
·         Linkdin;
·         Instagram;
·         YouTube;
·         Google+.



. . .outweighs, the risks-of any possible vulnerabilities, that online social networking presents.



Possible Solutions:



·         Tools, Techniques, and Methods-that can be Utilized, to Resolve Communications Channels Issues Related To: Clarity, Reception, and Breach of Security-Hacker Attacks-Cyber Security:



                  Many US companies, has strict: Email, Online, Texting/IM policies, related to how much access, and employee may have, for personal use, during the work day, and through official work-related communications channels. A business, must be concerned, about their, professional reputation. When personnel access the Internet, and: social network, and email for personal reasons, from a place of employment-the communications, are not ever private, and what is being said, could very easily, mis-represent and embarrass the business-to such an extent, that it could become, a legal liability. The following, is a list of: “safe practices,” related to online communications:



·         Follow company policies: netiquette rules, code of conduct, ethics guidelines, as well as harassment and discrimination policies;

·         Don’t disclose sensitive financial, company, customer, employee, or executive data;

·         Don’t forward or link to inappropriate photos, videos, and art;

·         Don’t text or IM while driving a car; pull over if you must read or send a message;

·         Separate business contacts from family and friends;

·         Avoid unnecessary chitchat and know when to say goodbye;

·         Keep your presence status up-to-date, and make yourself unavailable when you need to meet a deadline;

·         Use good grammar and correct spelling;

·         Shun jargon, slang, and abbreviations, which can be confusing and appear unprofessional. (Guffey, n.d., p. 120)   



·         Current IAS Policies on Unauthorized use of Internet and Social Media Platforms:



                       At present, there are almost no rules, laws, or regulations, in the US-related to the Internet, and data conservation. While, in theory, there are US government agencies, concerned about serious security breaches, and the consequences thereof. In reality-there is very little, that can be done, to: “Police,” the Internet-or online activities. The information transfer online is vast. People jump on and offline, from almost anywhere in the world, uploading, downloading, and transferring information.



              A computer’s Ping, can be refracted, to over a dozen different endpoint servers. GPS trackers-are not always accurate. Professionals, who deal on the: Intl “Black markets,” and who travel afar, to trade stolen information-become specialized, in their trade, and in their thefts. The Business Communications Text Book, by: Guffey (n.d.), provided a little support, and only a little evidence, that the US government, intends to regulate traffic, on the Internet (p. 120):



US Rules and Regulators/Regulations-Related To: Texting and IM Communications Channels:



§  NASD

§  SEC

§  NYSE



Wall Street regulatory agencies NASD, SEC, and NYSE require that IM exchanged between brokers and clients be retained for three years, much like e-mail and printed documents.  Businesses must track and store messaging conversations to comply with legal requirements. Finally, IM and texting have been implicated in inappropriate uses such as bullying and the notorious sexting.

(Guffey, n.d., p. 120)



·         Describe the Company's Access Control and Internet Policies and Procedures:



                 Access control, and information flow policies, are based on encryption techniques, and the related security measures, and theories. Any given IT company, and or Intl entity, must choose, for themselves-which access controls, for management, and the mitigation of: risks and vulnerabilities, are best suited, for their specific needs-there is some choice. Data safety and security, begins with analyzing, the security: software, and programming, that already exists, and testing-then, re-testing, for weaknesses-IT vulnerabilities and risks, have to be pro-actively, and defensively managed (Backes& Shunter, 2003, p. 67):



Numerous frameworks for managing risks to information and technology resources abound, ranging from:



1)      ISO-series on risk management [ISO 31000, ISO 31010] and information security management [ISO 27000 series];

2)      COSO-The Committee of Sponsoring Organizations of the Treadway Commission;

3)      CoBiT;

4)      NIST-standards for risk management and information security, and others.



These standards and frameworks share many similarities in that information risks must be identified, assessed, and managed. (Patterson, et. al., 2014, p. 5:2)



According to: Patterson, et. al. (2014)-there will always be risks, and vulnerabilities, with the IT world, and the goal, is to manage the risk, by: controlling, and mitigating vulnerabilities-a constant battle (p. 5:2). A company can choose, to handle some of the risks themselves, by micro-managing: computer, software, and server services-constant monitoring, to double-check, for any unusual activities, that may indicate, a security breach. Many IT companies, choose, to outsource, some of the responsibilities, associated, with protecting, and securing confidential data, and, to purchase computer software, and applications, that are automated-that scan, and search through large pools of information-looking for any outliers (Patterson, et. al., 2014, p. 5:2).



        Security systems, theories, and new software programming, related to: preventing, reducing, and mitigating the risks, of IT networking, and information preservation, are ever evolving. The US NIST initially set standards, to cryptography languages, related to encryption, and variations on coded computer languages, for protecting IT data, within the US, such as, online: medical records, banking, Internet purchases, etc. (NIST, 2014, p. 31):





1.      DES-Data Encryption Standard;

2.      AES-Advanced Encryption Standard;

3.      SHA-Secure Hash Algorithm;

4.      RBAC-Roles Based Access Control;

5.      Roles Based Access Controls Evolve;

6.      SCAP-Security Content Automation Protocol. (NIST, 2014, p. 31-37)

     

Computer encryption languages-codes designed to protect America’s most sensitive information, must: grow, change, evolve, and continue to face the challenges, of an International market, and growing world, of IT business, and commerce. The United States, maintains, a national database, of security risks and vulnerabilities data: NVD (National Vulnerabilities Database, related to permutations, of: software, and computer programming (NIST, 2014, p. 36) IT professionals, are challenged, to access the files stored there, and to build stronger, and more defensive encryption codes-to continue to protect America Intl IT networks (NIST, 2014, p. 36).



·         Conclusion:



                  In conclusion, there are a variety of communications tools, at the disposal, of any given business entity, in the US. Communications channels, are important, because of constant needs, for: reliability, validity, speed, responsiveness, professional presentation, information and security risks, possible security breaches, company ethos and, overall company reputation, etc. The communications channel that is chosen, must be specific to the need, that is being met. The choice, of: how, when, and what method of communications to utilize, needs to be, decided, on a case-by-case basis. Critical thinking, is always required, for an IT working environment.



             There are no communication channels, that are perfectly private, and there are no communications channels, that are perfect for every occasion. There are there are security risks, vulnerabilities, and possibilities for information loss, and breach of confidential data-any time, businesses chose to communicate, through: electronic, and digital communications channels, based on computer software, and or-the Internet. US companies, are required, to remain updated, with the latest government regulations, regarding: storing, and protecting-IT data, and other, personal, private, and confidential information.

























References





Ackmann, Allen. (). Slide Show: Interacting Via Email. Writing Rhetoric, and Discourse.

   DePaul University. Slide 1-36. Retrieved from www.alanackmann.com





Ackmann, Alan. (). Slide Show: Internal Social Networks. Writing Rhetoric, and Discourse.

     DePaul University. Slide 1-17. Retrieved from www.alanackmann.com





Backes, Michael& Shunter, Matthias. (2003). From Absence from Certain Vulnerabilities

  Towards Security Proofs: Pushing the Limits of Formal Verification. IBM Zurich Research

   Lab: New Security Paradigms Workshop. p. 67-74.





Burr, William, Hildegard, Ferraiolo& Waltermire, David. (2014). NIST Contributions to IT:

           NIST and Computer Security. US National Institutes of Standards and Technology: IEEE

           Computer Society. p. 31-37. Retrieved from






Creative Commons. (2016). Discover State of The Commons 2016. Creative Commons Online

          Copyright Resources. Retrieved from https://creativecommons.org/





Don't Be A hack: Cybersecurity expert provides tips to prevent social media hacking.




Guffey, Mary E. (n.d.) Essentials of Business Communication, 10th Edition. Cengage Learning, 20150101. VitalBook file. Retrieved from www.cengage.com



Patterson, Raymond A., Rolland, Erik, Ulmer, Jackie Rees& Yeo, Lisa M. (2014). Risk Mitigation Decisions for IT Security. ACM Transactions on Management Information Systems, 5, 1. p. 5:1-5:21.










Comments

Post a Comment

Popular posts from this blog

Unit 8 Assignment-Locked Out of Group Chat-Forced To Work Alone-Dr. Susan Ferebee-Capella University-Trying To Illegally Flunk Me!

Massive Data Loss, and Recovery Plan-Risk Management-Reality: Global Financial Threats- Information Drains 12-3-2017 Unit 8 Final Assignment Completed By: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Capella IAS5002 MS NSA Training Dr. Susan Ferebee NSA MS Student: Miss. Bayo Elizabeth Cary, AA, BA, MLIS 400 NW 1 st Avenue, Apartment: 410, Gainesville, FL 32601 Email: bayo_caryg1@yahoo.com Cell: 857-218-0146 USA 12-3-2017 Unit 8 Assignment: Not A Group Project By Myself, from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS BC/ DRP Strategy and Directions: BC/ DRP Strategy: “Draft Project Description and Scoring Guide” for more detailed information about the project, of which this assignment is a part. On page 326 of your  Essentials of Business Communication  text, review Figure 10.24, "Components of Informal and Formal Reports." Based on the information in the Overview and Scenario in...
Read more

Complaint RE: Dr. Susan Ferebee: Flunking Me-After an IP Address Lock Out, to: Academic Coach: Scribner at Capella University

12-09-2017 Dear Ms. Scribner,       I have been a little over-whelmed. The end of the semester is here. I am sorry, that I missed your phone call, on November 21, 2017-I was traveling, for a minor court citation-I feel asleep, in an airport in Maryland, while waiting for a flight. I am back, at an apartment, in Gainesville, FL. I am having some problems, in my class, and need your help. My IP address, was locked out of the group chat, and discussion group. I was forced to complete assignment 8, on my own. I spoke to IT, about the problem, and switching to Google Chrome, was not helpful enough.       I have explained the situation to Dr. Susan Ferebee. Dr. Ferebee, is trying to flunk me, for not working in a group-and, it is not possible. I completed assignment 8, and turned it in on time. I completed every aspect, that was due last week. I have already logged a complaint, through student services, and Dr. Ferebee-has not respon...
Read more

Unit 2 Discussion 2

10-18-2017 From: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Unit 2 Discussion 2: Assignment: Based on the Radical Rewrite: Watch Your Tone! (Guffey & Loewy, 2016, p. 58), review the scenario and provide at least five specific writing errors. Include examples: Radical Re-writes: Basic Guidelines: "How can you make this message more courteous, positive, and precise? In addition, think about using familiar words and developing the 'you' view" (Guffey& Loewy, 2016, p. 58). Your tone of voice-either: positively or negatively, effects-how your messages are received. When communications, are: abrupt, truncated, emphatic, understated, etc.-and that is not the clear intention, of the writing-then, the intended reader, will not get your message. Tone of voice, encompasses, more-than just, a consideration, as to: how you are communicating, and who your intended audience is. The tone of voice chosen, communicates the formal professional nature, of your information, as well...
Read more