Required By US Federal Laws IT Compliancy Audit Mandated


11-8-2017



Unit 5 Discussion 2

Response by: Miss. Bayo Elizabeth Cary, AA, BA, MLIS



Directions: Identification of Office Security Violations:

"Today's state-of-the-art network security appliances do a great job of keeping the cyber monsters from invading your business. But what do you do when the monster is actually inside the security perimeter? Unfortunately, all of the crosses, garlic, wooden stakes, and silver bullets in the world have little effect on today's most nefarious cyber creatures" (Manky, 2010).

Review the Office Security Violations media and identify at least 10 security violations. For each violation, describe a remediation strategy. As the auditor, develop an e-mail for the director of this facility and include the violations as well as the remediation strategies along with a date for a second audit.

Reference

Manky, D. (2010). Top 10 vulnerabilities inside the network. Network World. Retrieved from http://www.networkworld.com/article/2193965/tech-primers/top-10-vulnerabilities-inside-the-network.html



Email: Security Violations and Independent Audit:

           By: Miss. Bayo Elizabeth Cary, AA, BA, MLIS


To: Staff/Listserv

From: CEO, Director, and President: Miss. Bayo Elizabeth Cary, AA, BA, MLIS

Date: November 8, 2017

Subject:  Initial IT Security Audit













. . .Companies have ethical obligations to improve information security arising out of a duty to avoid knowingly causing harm to others and, potentially, a duty to exercise unique capabilities for the greater social good and to buttress stable functioning of social institutions. (Matwyshyn, 2009, p. 579)





To Whom It May Concern:



Introduction: Results of My Initial IT Security Audit:



      Thank you, for inviting me to your professional offices, for a formal walk-through, and initial IT security audit. The “threat analysis, is the first actions required, to setting up, a clear, and well-defined, line of defense, to protect IT information (Smith, 2005, p. 13). Below, I have provided a list, of what I have identified, as the most obvious security violations, that require your attention. It must be a priority, of your company, to repair, and to fix, any-and-all IT: security and management risks, that have left you, out of current compliance. Below, is the guidance and suggestions, that I can provide, regard bringing, your company back into, the legally required compliance, to protect, the: data stored:



List of Inter-Office IT Security Violations: As Per Initial Audit #1-14 Examples:

(Allour, et., al., Security Violations, n.d.)



1.      Unauthorized Access at Entrance/Exit:



     Entrance and exit can be controlled, with: CCTV cameras, office guards, and a complicated security entrance. Key entrances, and key pad entrances, are easy to violate-the information, is often duplicated, and shared. There are newer, high security entrance pads, that require a thumb print, or iris verification. The admissibility of evidence, from a CCTV recording, is dependent upon, the general evidence admissibility rules, that are applicable, to any evidence, submitted to court, in-order-to support-or to refute, any given legal argument (Murphy, 1999, p. 385).

      





2.      Visible Sensitive Private Documents, Paperwork:



        Paperwork, must be kept confidential, and private at-all-times. File cabinets, need to be locked. Desk drawers need to have locks. At no time-ever, should office employees, be permitted, to take their computers, or files home with them-to work, outside of the office (George, 2009, p. 39). All company work: communications, hard copy files, and computer data files, are legally bound, to remain-at the company’s offices, and in the inter-office setting.



3.      Confidential Inter-Office Information on Whiteboard:



        Confidential information, should never be written, on the office Whiteboard. The office Whiteboard, is for “public” information-i.e.: a reminder not to smoke, anywhere in, or around the building. Inter-office emails, memos, and other communications, must be kept, private, and confidential, and can be discussed, during conference times, or-replied to online, and only on the company computers (George, 2009, p. 39).



4.      Paper that Requires Shredding:



          Paper, that is waiting to be shredded, must be kept, in a closed, and locked container. It is against company policy, to hire-out, for a third party, to handle any confidential documents disposal. Disposal of confidential documents, can only happen, in the copy room, and not anywhere else in the office space.



5.      Shredded Paper Left in Waste Basket:



        Shredded documents, cannot be left in a garbage can, or other unsecured, or open container. Shredded documents, still contain confidential information, and are not fully disposed of, after shredding. Shredded documents, need to be fully disposed of, and taken to the basement, and burned in the broiler, in the boiler room.



6.      Papers Left in the Copy Room:



        At no time, should any lose papers, be left in the copy room. If you have taken the time, to make copies, then, remove those papers with your person, when you exit the copy room-unless, you need to add paper, to the sealed container, for confidential documents, that will be shredded.



7.      Computer Manuals the Are Left Available:

              Computer, server, and other operational manuals, are to be treated, as a security risks, if left available on tables, or desks-unattended. Operations manuals, that provide information, regarding how to access data, or how to access electronic appliances, that store, company information, are to be stored-under lock, and key, in the company library, and under the constant watch, of our research librarian.

8.      Server Room/Conference Door Left Ajar:



        Doors, must be kept closed, and locked-at-all-times. If there is a meeting, in session, then, the attendants, must close the door. Each individual attending, should enter the meeting room, one person at a time. The inter-office security systems, will not permit multiple entrances, based on one thumbprint, or one iris scan.

    

9.      Company and Office Operations Books Left in Break room:



          The breakroom, is for eating only. The break room, is not for: “water cooler,” professional conversations, or for reading confidential inter-office communications, or other materials, borrowed, from the company library. It is important, that company finances, are not wasted, replacing: journals, books, or other manuals, and confidential materials, that have been: damaged-in, or stolen-from the break room.



10.  Out-of-date Fire Extinguisher:



      An out-of-date, fire extinguisher, is a US fire code violation. The number, on the tag, of the old fire extinguisher, must be called. The fire extinguisher, is certified, and is registered, and must be kept, up-to-date, based on the US fire codes-or, it might not work, in the state, of an emergency. The US fire department, authorizes unannounced, fire safety checks, and inspections. From 2000-2007, the United States experienced an exponential increase, in terror attacks, that were acts of arson (Alexander, 2008, p. 104).



11.  Front Door and back Door Security Officer Missing:



       There are a number, of different barriers, that can be appropriately applied, to protect the IT information, stored. The safety, that both: front and back door, security officers provide, ensures, that a physical body, has the opportunity, to confront those, who would attempt to violate the security measures, of the company premises.



12.  Unrestricted Access to Elevator:



       Elevator access, needs to be restricted. Elevator access, to any floor, above the 1st floor, can be restricted, with a thumbprint, or iris specific key-just like the: front and back door, all the hallways, the break room, the server room door, the library, and any of the conference rooms. It is not enough, to restrict entrance, at the front and back doors. IT information, is valuable, and, must be protected, with more than a basic: lock, and key-that can be easily reproduced, or, a key pad entrance-that can be shared.





13.  Cubicle Office Design:



        The cubicle office lay-out desk plan, does not allow for enough privacy. Conversations, can be easily heard, and repeated, and the desk itself, and the computer sitting on it, are not safe enough either. People walking by, can lean into a cubicle, and steal paper work, or log into, someone else’s computer-the password protection, will never be enough, to keep computer data safe (Smith, 2005, p. 15).



14.  Doors Missing on Office Hallways:



         Anywhere that there is a doorway, there needs to be a secured door. The more difficult it is, to make it in, and then back out of the building-the safer the IT information, inside will be. CCTV cameras, and the office front and back door guards, are online the 1st defense, in keeping the data, and information stored at the company’s offices-safer: “multiple barriers” (Brooke, 2001, p. 75).    



Date and Time Intended for Second Audit:



TO: Office Staff/Listserv

FROM: CEO, Director, and President: Miss. Bayo Elizabeth Cary, AA, BA, MLIS

DATE: December 8, 2017

SUBJECT: Second Audit: Security Walk-Through: Compliance Check.



Closing Message: Regarding the Follow-Up Appointment, for Compliance Check:



            It is imperative, that, where security weakness have been identified, that corrections are made, as prelegal compliancy requirements, for US standards. I will return, in exactly 1 month’s-time, if, at any-given point in time, between now, and my return visit, the office requires additional information, regarding US IT compliancy requirements: “The US Federal Information Security Management ACT, and the 17 areas of mandated controls,” please do not hesitate, to contact me (Dreger, 2009, p. 34).









References



Alexander, Dean. (2008). Contemporary and Future Terror Arson Threats. Security. Vol. 45, No. 3. p. 104. Retrieved from www.securitymag.com



Allour, Kathleen, Braithwaite, Graame, Meyer, Danielle, Kaardal, Taylor, Matt, Thompson, Andrea& Roudenko, Fira. (n.d.). Office Security Violations. Capella University Online. Retrieved from https://media.capella.edu/CourseMedia/IAS5002/OfficeSecurityViolations/transcript.asp



Brooke, Paul. (2001). Building and in-Depth Defense. Network Computing: Workshop Security. Vol. 12. No. 14. p. 75-77. Retrieved from www.networkcomputing.com



Dreger, Richard. (2009). 5 Key Steps to Cyber Security: Technologies like DLP, crypto, and strong access controls help lock down info. Information Week. Vol. 1251. p. 34. Retrieved from www.cybersecurityweek.com



George, Randy. (2009). An Ounce of Loss Prevention: Our survey shows the regulatory climate is heating up sales of DLP suites. Information Week: Analytics Data Loss Prevention. Vol. 1235. p. 39-40. Retrieved from www.informationweek.com



Matwyshyn, Andrea M. (2010). CSR and the Corporate Cyborg: Ethical Corporate Information Security Practices. Journal of Business Ethics. Vol. 88. p. 579-594. DOI 10.1007/s10551-009-0312-9



Murphy, Thomas. (1999). The Admissibility of CCTV Evidence in Criminal Proceedings. International Review of Law Computers and Technology. Vol. 13, No. 3. p. 383-404. Taylor and Francis, Ltd. ISSN: 1369-0869



Smith, Randy Franklin. (2005). Core Concepts: Defense in Depth. Windows It Security. Vol. 5, No. 11. p. 13-15. Retrieved from www.windowsitpro.com/windowssecurity








Comments

Post a Comment

Popular posts from this blog

Unit 8 Assignment-Locked Out of Group Chat-Forced To Work Alone-Dr. Susan Ferebee-Capella University-Trying To Illegally Flunk Me!

Massive Data Loss, and Recovery Plan-Risk Management-Reality: Global Financial Threats- Information Drains 12-3-2017 Unit 8 Final Assignment Completed By: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Capella IAS5002 MS NSA Training Dr. Susan Ferebee NSA MS Student: Miss. Bayo Elizabeth Cary, AA, BA, MLIS 400 NW 1 st Avenue, Apartment: 410, Gainesville, FL 32601 Email: bayo_caryg1@yahoo.com Cell: 857-218-0146 USA 12-3-2017 Unit 8 Assignment: Not A Group Project By Myself, from: Miss. Bayo Elizabeth Cary, AA, BA, MLIS BC/ DRP Strategy and Directions: BC/ DRP Strategy: “Draft Project Description and Scoring Guide” for more detailed information about the project, of which this assignment is a part. On page 326 of your  Essentials of Business Communication  text, review Figure 10.24, "Components of Informal and Formal Reports." Based on the information in the Overview and Scenario in...
Read more

Complaint RE: Dr. Susan Ferebee: Flunking Me-After an IP Address Lock Out, to: Academic Coach: Scribner at Capella University

12-09-2017 Dear Ms. Scribner,       I have been a little over-whelmed. The end of the semester is here. I am sorry, that I missed your phone call, on November 21, 2017-I was traveling, for a minor court citation-I feel asleep, in an airport in Maryland, while waiting for a flight. I am back, at an apartment, in Gainesville, FL. I am having some problems, in my class, and need your help. My IP address, was locked out of the group chat, and discussion group. I was forced to complete assignment 8, on my own. I spoke to IT, about the problem, and switching to Google Chrome, was not helpful enough.       I have explained the situation to Dr. Susan Ferebee. Dr. Ferebee, is trying to flunk me, for not working in a group-and, it is not possible. I completed assignment 8, and turned it in on time. I completed every aspect, that was due last week. I have already logged a complaint, through student services, and Dr. Ferebee-has not respon...
Read more

Unit 2 Discussion 2

10-18-2017 From: Miss. Bayo Elizabeth Cary, AA, BA, MLIS Unit 2 Discussion 2: Assignment: Based on the Radical Rewrite: Watch Your Tone! (Guffey & Loewy, 2016, p. 58), review the scenario and provide at least five specific writing errors. Include examples: Radical Re-writes: Basic Guidelines: "How can you make this message more courteous, positive, and precise? In addition, think about using familiar words and developing the 'you' view" (Guffey& Loewy, 2016, p. 58). Your tone of voice-either: positively or negatively, effects-how your messages are received. When communications, are: abrupt, truncated, emphatic, understated, etc.-and that is not the clear intention, of the writing-then, the intended reader, will not get your message. Tone of voice, encompasses, more-than just, a consideration, as to: how you are communicating, and who your intended audience is. The tone of voice chosen, communicates the formal professional nature, of your information, as well...
Read more