Lab 1: Security Policies, Attacks and Plans (due Wed, Sep 02, 2015 at 11:59 pm e

ID: 667528 • Letter: L

Question

Lab 1: Security Policies, Attacks and Plans (due Wed, Sep 02, 2015 at 11:59 pm eastern time)

1. Reading

Text book

Online sources/references

2. Files

Use the Lab 1 Template provided by instructor on Canvas

3. Assignment Instructions

Part 1:

Choose an organization (software, cell-phone, bank, etc.) and identify its mission or objective.

Identify its motivation for security policy and the security policies they have. You could refer to the examples posted in Canvas. Note the security policy includes Enterprise InfoSec program policy, Issue-specific InfoSec policies, and Systems-specific InfoSec policies.

Attention: You should come with a security policy and provide a 1-2 page (single-spaced) summary of the security policy. Ensure to address the following:

Are the existing policies obsolete?

Does it need change to include current security developments?

For each change, please indicate why such change is necessary. How such changes facilitate the organization’s functionality.

Part 2:

Imagine that you are an information security consultant for a company that does a lot of electronic commerce. You are asked to write a report about denial of service attacks, or DOS (including distributed DOS attacks) so that the senior management can assess the risks posed by this attack to the company’s information security. Write a 3-5 page (single-spaced) report based on (at least) three sources. You must properly reference sources. Your report should be neither too technical nor vague and should cover the threats posed by DOS attacks and tools/strategies for detecting and containing the impact of DOS/DDOS attacks.

Part 3:

Write a 2-3 page (single-spaced) high-level plan for handling contingencies in a large bank with many branches in the United States. A detailed plan will be much longer; focus on only the high-level plan and include only those aspects that you think are required and feasible.

4. Deliverables

The submission should have your name, date and assignment title on the front page. Use headers and footers, and have your name and title on each page.

Layout and format. The layout and format for the assignment are defined in the Lab1 Template MS Word document template. Use the template! The paper should be single spaced.

References (optional). If you consult other references for the assignment, cite them here, using the APA style. See http://en.wikipedia.org/wiki/APA_style, specifically the Reference list section of the entry.

Explanation / Answer

Let us choose a computer organization:

ABA = Atlantic Business Artifacts incorporated.

They are huge, have branches all over the world. They make both hardware and software.

Mission and objectives:

They want to make branded PCs, laptops, handheld devices, palmtops.

They want to make operating systems, virus scanners, compilers, IDE (Integrated development environments), language tools, case tools, automated testing tools.

They want to employ about 200,000 employees working for them all over the world and 60% of their operations are to be sent for processing at offshore units.

ABA’s motivation for security policy:

The security policies already in place at ABA:

Enterprise InfoSec program policy:

Issue-specific InfoSec policies:

Systems-specific InfoSec policies:

The proposed security system should make sure to address physical security, Integrity of the data, security for the data, Denial of Service for illegal entries, Block sniffers, hackers and spoofers.

This also includes installing firewalls, security checking software, virus scanners, backing up the data periodically, sniffing prevention, encryption and decryption, removal of old and dormant accounts, use of smart cards, enforce password aging (insist users to change passwords once in 5 weeks for example), testing the strength of the security system by using tiger teams of hired hackers who will try to break into the system to see whether it is break proof.

Back up schemas:

Schema name

Back up frequency

Grandfather

Monthly backups

Father

Weekly backup

Son

Daily backup

Grand Son

Hourly backup

Commit and rollback techniques can be used in the case of backup and restore as well. In the case of system data issues, if you restore the hourly backup by using the Grandson medium, only an hour of work needs to be redone. Likewise daily backup will force you to redo a day’s work in the case of restoration from Son medium.

The firewall exists in between the client’s computer and the internet.

The other proposed security measures include the following security products:

The information security policies should make sure to cover the following protocols: Security for the server, application and network.

Network security measures should cover devices like switches, routers, Ethernet cards, blue tooth and wifi devices, wired and wireless communication devices, public and private key encryption.