Question

In: Operations Management

"Today's state-of-the-art network security appliances do a great job of keeping the cyber monsters from invading...

"Today's state-of-the-art network security appliances do a great job of keeping the cyber monsters from invading your business. But what do you do when the monster is actually inside the security perimeter? Unfortunately, all of the crosses, garlic, wooden stakes, and silver bullets in the world have little effect on today's most nefarious cyber creatures" (Manky, 2010). Review the Office Security Violations media and identify at least 10 security violations. For each violation, describe a remediation strategy. As the auditor, develop an e-mail for the director of this facility and include the violations as well as the remediation strategies along with a date for a second audit. expanding on the identified violations and strategies in their initial posts.

Solutions

Expert Solution

To : [email protected]

Subject: Violations of cyber security measures at the facility

Dear Sir,

Please find below the findings of the first cyber security audit with remedial measures that need to be taken to prevent potential breach of cyber security measures.

S.No. Violation of of cyber security Remedial measures
1 Unattended systems with account logged in Formation of guidelines and need to educate / train the employees
2 Outside devices being run on the system Prevention of use of outside / personal storage devices on the systems
3 Potentially harmful sites being opened on the system Issue internet use policy at the workplace. Use of filters for eliminating these sites
4 Login credentials shared by the employees Form policy of maintaining confidentiality of personal rights and privileges
5 Ambiguity in the roles to implement cyber security within the company Clear assignment of roles and responsibilities to individuals
6 No policy to classify, store and maintain backup of the data Data must be classified, access controlled and backup measures be in place.
7 Crisis response policy not in palce. Form the policy to respond to a incident of cyber attack with defined roles and responsibilities
8 No vendor compliance policy in place Policy and guidelines regarding third party vendors with complete control of access, both physical and virtual
9 Lack of physical security of systems at places Installation of CCTV cameras or such security devices to monitor and check the unauthorised access
10 Software usage policy is not in line with licenscing agreements with companies Re design the policy to comply with the licencing agreements and prevent the incidents of breach

Kindly ensure complaince to / resolution of the above mentioned issues. We will conduct the second audit after six weeks, i.e. on Monday June 4th 2018.

Sincerely yours

MNO


Related Solutions

(cyber security ) What is the difference between Cyber Espionage and Nation State Hacking? Explain the...
(cyber security ) What is the difference between Cyber Espionage and Nation State Hacking? Explain the differences with the help of appropriate examples. Please provide your own words. No copy from the internet. 150 to 200 words.
From the security aspect of client/browser, connecting to a secure web site/server, From the cyber security...
From the security aspect of client/browser, connecting to a secure web site/server, From the cyber security perspective, what browser features should be examined for valid certificates. What are the risks of using expired web certificates
A cyber security engineer is installing a WAF to protect the company's website from malicious web...
A cyber security engineer is installing a WAF to protect the company's website from malicious web requests over SSL. Which of the following is needed to meet the objective? A. A reverse proxy B. A decryption certificate C. A split-tunnel VPN D. Load-balanced servers     A cyber security consultant was asked to revise the security baselines that are utilized by a large organization. Although the company provides different platforms for its staff, including desktops, laptops, and mobile devices, the...
I am completing some online labs for a cyber security course. We are meant to do...
I am completing some online labs for a cyber security course. We are meant to do specific tasks. For this task we have a compromised virtual machine in an activity titled "compromised host" . "The attacker has deployed the ‘mimikatz’ tool to attempt to capture plaintext passwords." I am not sure what a mimikatz tool is, but upon research online it is used in malicious attacks. We are meant to find the filename of the executable for this mimikatz tool...
1.Do you think cyber insurance is necessary? If a company has strong enough security policies and...
1.Do you think cyber insurance is necessary? If a company has strong enough security policies and technology-based protection, does it need cyber insurance? 2. What types of events (risks) do you think a cyber insurance policy should cover? 3. If you were an underwriter for a cyber insurance policy, and your job is to evaluate a company's security risks, what are some of the things you would look at and look for, both positive and negative.
Overview A cyber-security company called UltraHackz is interested in finding talented computer science students. To do...
Overview A cyber-security company called UltraHackz is interested in finding talented computer science students. To do so, they post a challenge you find very interesting. They upload a txt file that contains 100 records containing information about 100 system accounts. Each record has a username, a salt value, and a hashed password. Each record is stored as follows: <username>,<salt value>,<hashed password> That is, there is one line per record in the file, where the three values are separated by commas....
Computer/Network Security How do you implement write access through web server?
Computer/Network Security How do you implement write access through web server?
The protections from the security software must continue when the device is taken off the network,...
The protections from the security software must continue when the device is taken off the network, such as when it is off-grid, or in airplane mode and similar. Still, much of the time, software writers can expect the device to be online and connected, not only to a local network but to the World Wide Web, as well. Web traffic, as we have seen, has its own peculiar set of security challenges. What are the challenges for an always connected,...
Based on information from the National Cyber Security Alliance, 93% of computer owners believe that they have antivirus programs installed on
Based on information from the National Cyber Security Alliance, 93% of computer owners believe that they have antivirus programs installed on their computers. In a random sample of 400 scanned computers, it is found that 380 of them (or 95%) actually have antivirus programs. Use the sample data from the scanned computers to test the claim that 93% of computers have antivirus programs.  
"That’s Great! Not only did our salespeople do a good job in meeting the sales budget...
"That’s Great! Not only did our salespeople do a good job in meeting the sales budget this year, but our production people did a good job controlling costs as well," said Kimberly Donn, president of Potter Company. "Our $18,300 overall manufacturing cost variance is only 1.2% of the $1,536,000 budgeted cost of products made during the year. That's well within the 3% parameter set by management for acceptable variances. It looks like everyone will be in line for a bonus...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT