Type: Process Essays
Sample donated: Teresa Matthews
Last updated: October 1, 2019
Introduction The purpose of this report is to provideassistance for an organisation to train staff and to formulate a workingstrategy for computer, network and information security. I have highlighted themain threats and possible vulnerabilities and explained about managing to havea balance between accessibility and security, I have also mentioned how an SMEnetwork operates and the roles that need to be secured as well as explainingthe physical security that needs to be in place. ComputerSecurityWhen somewhere or something has privateinformation that could be used against an individual or a group of individualsit always needs to be protected as this information could be used against anindividual or group, when looking at breaches of data/information there aremany large scale events that can be referred to such as the Sony 2014 databreach where data including employee information “This data included personalinformation about Sony Pictures employees and their families, e-mails betweenemployees, information about executive salaries at the company” (‘Sony Pictureshack’, 2017).
This was in response to a movie that was planned for release bySony known as “The Interview” a comedy starring Seth Rogen and James Franco inwhich the characters the stars play try to assassinate North Korean leader KimJong-Un, the North Koreans were unhappy about this film and ordered a ban onthe release of the film from the United States government and failure to do sowould be “an act of war” (McCurry, 2014).The example above shows how a company suchas Sony which of May 2017 has a net worth of 40.4 billion dollars (Forbes, nodate) can still have major data breaches and can be held hostage, in responseto this attack Sony did invest $15 million in to security after both the 2011 attackand the 2014 attack (Raywood, 2015), thousands of employees at Sony could havehad their personal information leaked on the web which could be used for smallthings such as cold calls or spam email or something severe such as identitytheft.
There aren’t only external threats thereare also internal threats that are just as much of an issue there are manyexamples of this happening such as a network engineer at EnerVest “committeddata sabotage after learning he was going to be terminated” (von Ogden) in thisexample the engineer “reset all network servers to factory default settings anddisconnected remote backups” this ended up costing EnerVest an excess of $1million and was unable to conduct operations for 30 days (von Ogden). Anotherexample includes “disgruntled employee exposed the protected details of India’snew Scorpene submarines” (von Ogden) “some 24,000″ pages of classifiedinformation were exposed” (von Ogden). These examples show how vital it is tomake sure it is monitored what employees can access and what they do access sothat examples like this do not happen but the problem with this will be that anexcessive amount of security makes it very inconvenient for employees who aredoing their job to access that data and can slow down work productivity.To ensure the security of company data isto have different accounts and login details for different services, forexample, one login username and password for getting into the PC and thenanother username and password to login to the system server to access serverwide files and programs. There are also devices called security tokens, one ofthese is an “entrust security token” which provide a series of numbers on alittle keyring sized screen that is a generated password which will expire aftera certain amount of time therefore making it very difficult to predict/guessthe password and since it is not a constant password it is harder to hack.NetworkSecurityPacket filtering firewalls, which is on thenetwork level of the OSI model, scans every packet to drop or allow through tothe firewall, this allows a firewall to stop some potentially harmful packetsfrom damaging systems.
A user can allow certain programs access to bypass thefirewall if the firewall had attempted to block any of the packets comingthrough, although this is typically at home whereas at a workplace it would bea technician/admin, the risk in doing that is that some programs might bedeceiving the user or trying to mask as a different popular program when all itis doing is damage to the system/user.A packet filtering firewall filter based offrules that have been set by the network administrator this is commonly known asan Access Control List, an Access Control List is created on the packetattributes, protocols and address and packets that are dropped are logged.Since one of the biggest advantages to using packet filtering firewalls is itscost and low resource usage it is best for small networks. When it comes to thedisadvantages of packet filtering firewall would be that you need a lot ofknowledge and a proper aim to have it configured correctly and once it isconfigured it is tough to test all the aspects of the filter.InformationSecurityData encryption happens when passingsensitive information across the internet such as your full name or your bankaccount information etc.
During this process of passing information the datathat is contained will become locked, this then becomes encrypted, this datacan only be viewed if you have access to a key or password that will allow youto decrypt it. When it comes to entering these details online if the websitehas “https” in the URL instead of “http” then the data will automatically byencrypted when connecting to a server. ReferencesForbesGlobal 2000: Top Regarded Companies (no date)Available at: https://www.forbes.com/companies/sony/(Accessed 19 December 2017).McCurry, J.
(2014) ‘North Korea threatens ‘merciless’ response overSeth Rogen film’, North Korea section of TheGuardian, 25 June Online. Available at: https://www.theguardian.com/world/2014/jun/25/north-korea-merciless-response-us-kim-jong-un-film (Accessed: 18 December 2017).Raywood, D. (2015) IsSony’s $15 million cyber security investment enough for the job? Available at: https://www.itproportal.
com/2015/02/18/sonys-15-million-cyber-security-invesment-enough-job/ (Accessed 19December 2017)’Sony Pictures Hack, (2017) Wikipedia. Available at: https://en.wikipedia.org/wiki/Sony_Pictures_hack(Accessed 18 December 2017)Von Ogden, J (2016) 8 Examples of Internal-Caused Data Breaches Available at: https://www.cimcor.com/blog/8-examples-of-insider-internal-caused-data-breaches(accessed 19 December 2017)