Sherood Associates is an IT consulting firmt hat develops new systems and mainta

Question

Sherood Associates is an IT consulting firmt hat develops new systems and maintains older systems for its clients. Sherwood recently was hired to address security concerns regarding an existing system that was developed by another firm. The client is concerned about the security of customer information. They recently terminated several employees for poor performance, and they worried that confidential data migh have been compromised. Also, after an extensive audit, several laptops seem to be missing. Tasks 1. What IT security measures should the firm adopt? Prepare a security checklist, and be sure to consider all six security levels. 2. What physical security measures can be implemented to safeguard equipment? 3. How would you suggest that mobile devices be secured? 4. How can the firm keep its data secure?

Explanation / Answer

IT security measures include:

1. Use a strong password

A strong password is the best way to protect yourself against identity theft and unauthorized access to your confidential information.

2. Protect confidential information

Students, staff, and faculty all have access to information that must not be shared, including your password. Familiarize yourself with the applicable laws and policies which govern these records and act accordingly.

3. Make sure your operating system and virus protection are up-to-date

That way, you'll avoid becoming vulnerable to hackers and others looking to steal information. You are required to do this before you can connect to the HSU wireless network.

4. Use secure and supported applications

Any software you install has the potential to be exploited by hackers, so be very careful to only install applications from a trusted source.

5. Be wary of suspicious e-mails

Don't become a phishing victim. Learn how to recognize the signs of a hidden attack. Never click on a link in an email; if you're tempted, cut and paste the url into your browser. That way, there's a good chance your browser will block the page if it's bad. And don't open email attachments until you've verified their legitimacy with the sender.

6. Store confidential information only on HSU servers

CDs, DVDs, and USB drives are all convenient ways to store data; the trouble is, they're just as convenient for thieves as for you. Wherever possible, store confidential information in your network folder or other protected central space. If you must store confidential information locally, you must encrypt it and then delete it as soon as you no longer need it.

7. Back up your data … and make sure you can restore it

If your computer becomes infected ot the hardware fails, you may be unable to retrieve important information. So make sure your data is backed up regularly - and test that backup from time to time to make the the restore works correctly. Check with your ITC or the Technology Help Desk if you need help with this.

8. Protect information in all its forms

Protecting your digital data is important. But paper and the human voice remain important elements of the security mix. Keep confidential printed information in locked file cabinets and shredded when no longer required. If you're talking about confidential information on the phone, take appropriate steps to ensure you're not overheard.

Physical security measures include:

1.Lock up the server room

Even before you lock down the servers, in fact, before you even turn them on for the first time, you should ensure that there are good locks on the server room door. Of course, the best lock in the world does no good if it isn't used, so you also need policies requiring that those doors be locked any time the room is unoccupied, and the policies should set out who has the key or keycode to get in.

2.Set up surveillance

Locking the door to the server room is a good first step, but someone could break in, or someone who has authorized access could misuse that authority. You need a way to know who goes in and out and when. A log book for signing in and out is the most elemental way to accomplish this, but it has a lot of drawbacks. A person with malicious intent is likely to just bypass it.

3.Use rack mount servers

Rack mount servers not only take up less server room real estate; they are also easier to secure. Although smaller and arguably lighter than (some) tower systems, they can easily be locked into closed racks that, once loaded with several servers, can then be bolted to the floor, making the entire package almost impossible to move, much less to steal.

4. Pack up the backups

Backing up important data is an essential element in disaster recovery, but don't forget that the information on those backup tapes, disks, or discs can be stolen and used by someone outside the company. Many IT administrators keep the backups next to the server in the server room. They should be locked in a drawer or safe at the very least. Ideally, a set of backups should be kept off site, and you must take care to ensure that they are secured in that offsite location.

5.Protect your printers

You might not think about printers posing a security risk, but many of today's printers store document contents in their own on-board memories. If a hacker steals the printer and accesses that memory, he or she may be able to make copies of recently printed documents. Printers, like servers and workstations that store important information, should be located in secure locations and bolted down so nobody can walk off with them.

Mobile devices can be secured by:

Related Questions

Navigate

• Browse (All)
• Browse S
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.