Summarize risks that are more significant to enterprises than to individuals. (L

Question

Summarize risks that are more significant to enterprises than to individuals. (List the risks according to the five general types of attacks and describe the enterprise risks associated with each.)

Describe three techniques to help reduce the insider threat.

List five types of security policy directives often published by organizations.

Briefly describe six different types of security audits.

What is the purpose of a background investigation? Do enterprises perform such investigations on all new employees?

Describe methods and techniques used to improve software security.

Explanation / Answer

Techniques to reduce insiders threats:

1.    Authorizing people only for the resources they need to do their jobs.

2.   Determining its critical assets, then defining a risk management strategy for   protecting those assets

3. Implement strict password and account management policies and practices

4. Bottom of Form

Logging, periodic monitoring, and auditing provide an organization the opportunity to discover and investigate suspicious insider actions before more serious consequences

5. Monitor and respond to suspicious or disruptive behavior.

            In addition to monitoring online actions, organizations should closely monitor other suspicious or disruptive behavior by employees in the workplace. Policies and procedures should be in place for employees to report such behavior when they observe it in coworkers, with required follow-up by management

Types of security Audit:

Financial Audit

It is an independent evaluation performed for the purpose of attesting to the fairness, accuracy, and reliability of financial data.

Operational Audit

A future-oriented, systematic, and independent evaluation of organizational activities. Financial data may be used, but the primary sources of evidence are the operational policies and achievements related to organizational objectives.

Department Review

A current period analysis of administrative functions, to evaluate the adequacy of controls, safeguarding of assets, efficient use of resources, compliance with related laws, regulations and University policy and integrity of financial information.

Integrated Audit

This is a combination of an operational audit, department review, and IS audit application controls review.

Investigative Audit

This is an audit that takes place as a result of a report of unusual or suspicious activity on the part of an individual or a department. It is usually focused on specific aspects of the work of a department or individual.

What is the purpose of a background investigation?

A background investigation is conducted to ensure that the candidate is suitable for employment, i.e. reliable, trustworthy, of good conduct and character

Now a days all organizations are performing background checks on existing employees as well as new employees.

Methods to improve software security

1.Periodically checking all the network devices in the organization.Running vulnerability scans at least weekly.

2.Implementing filters at network connection points to allow use of only those ports and protocols with a documented business need.

3.Setting up audit logs to record dates, time stamps and source and destination addresses for each piece of software.

4.checking the expired passwords and revoking accessing of ex_employees.

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.