INFO5301 Information Security Management

1. In this digital world, computers and electronic network devices are vulnerable to threats from the hackers and cyber criminals. Therefore, security for computer is necessary. The main path following which malwares or harmful attacks takes place to the system is the internet and the popular services that it provides (Carroll 2014). There are various ways to protect computers from outer threats as discussed below. However, none of the method is enough to ensure the computer’s security. There are layers of security that defends the computer from the threats. The more layers of defence is used, the more it is hard to break in to the system to manipulate it.

• Install Firewall – It acts like a security guard that creates a barrier between the device and any unauthorised third-party access.
• Install Anti-Virus – It protects the computer from any unauthorised code that can harm the computer.
• Install Anti-Spyware – Spywares are some programs that automatically collects information from the computer without the user’s knowledge and can steal the identity of the user.
• Use Complex Passwords – There is some malware that repeatedly tries to gain access putting random keywords as the password, and those keywords are most likely the dictionary words or the most commonly used passwords. Therefore, passwords that are more complex are needed to set so that it became much harder to guess the password.
• Check privacy settings of the Browser – Web browser’s default security and privacy settings are different. Hence, it is necessary to check which information or resource one wants to share.

2. When the computer security strategy comes most of the computer user give more importance to the software based security products. However, physical security is also as important that means protection towards the hardware in-use (Gaj 2015). Some essential security measures ensure the network and its components are protected at the physical level.

• Ensuring the server rooms are locked properly. It is the heart of the network. If anyway it gets damaged, the full network will collapse.
• Setting up hidden surveillance to monitor any suspicious activity.
• Placing all the vulnerable devices locked inside that secure room.
• Using rack mount servers to save server room space and get more security.
• Disconnect and remove any cable connected to the network but on the other end it is not connected to any office devices.
• Keeping intruders from opening the case by locking the hard drive inside the case so that without proper key it become impossible to open it.
• Protecting portable devices with motion sensing alarms that will alert if the devices are moved.
• Packing up the backup where backup files are also, vulnerable to be theft. Therefore, those are needed to be placed in a safe place.
• Disabling the ports and drives so that employees have restricted access.
• Securing Printers where half printed documents that contain confidential information should be destroyed or kept in secure place.

3. Three things can upgrade working framework security over an endeavour organise. To start with, provisioning of the servers on the system ought to be done once in one place, including the about many separate arrangements most associations require (Pieprzyk, Hardjono and Seberry 2013). This picture, or set of pictures, would then be able to be downloaded to the system, with the assistance of programming that computerises this procedure and wipes out the torment of doing it physically for every server. Also, regardless of the possibility that you had a direction sheet for these key designs, you wouldn't need neighbourhood managers to get to these key arrangements for every server, which is extremely unsafe. An ideal approach to do it is for the last time.

Once the system has been provisioned, overseers should have the capacity to check strategy consistency, which characterises client get to rights and guarantees that all setups are good. A specialist running on the system or remotely can screen every server ceaselessly, and such checking wouldn't meddle with common operations.

Second, account administration should be brought together to control access to the system and to guarantee that clients have fitting access to large businesses assets. Arrangements, tenets and knowledge ought to be situated in one place not on each container and ought to be pushed out from that point to compromise client frameworks with amending IDs and authorizations (Rothwell 2015). An ID life cycle chief can be utilised to robotise this procedure and lessen the torment of doing this physically.

Third, the working framework ought to be designed so it can be utilised to screen movement on the system efficiently and productively—uncovering who is and isn't making associations, and additionally bringing up potential security occasions leaving the working framework. Overseers can utilise a focal dashboard that screens these events progressively and alarms them to major issues in light of present relationships and sifting. Similarly, as critical, this checking framework ought to be set up with the goal that managers aren't overpowered by routine occasions that don't risk the organise security.

4. Organisations ought to likewise be requesting more secure frameworks from their tech providers, the roundtable heard. In any case, associations shouldn't "attempt to make everything immaculate", said a participant, alluding to the acquirement of IT frameworks (Stallings 2015). "On the off chance that you can't indicate an itemised security issue, don't trouble, only say: 'We'd like it secure.' Take short strides to improve yourself than you were yesterday."

"Enormous names don't convey security," said one member, sounding a note of alert, and different members concurred there is a market disappointment. "That is my item: take it or not," is the state of mind of the huge IT firms, said another participant. One member shared a story they were aware of a US government division asking for a worldwide tech mammoth to make one of their items more secure, yet the tech firm said no. "If the US government lacks the clout to do this, at that point which has?" For a large number of the representatives, in this manner, the most practical alternative for diminishing the danger of a digital assault depended upon correspondence and training. "Don't only make this about country states endeavouring to soften up and decimate the control organise," said one member (Williams, Dabirsiaghi and Sheridan 2014). "It's not by any stretch of the imagination significant to many individuals." Instead, it was recommended associations ought to teach their representatives, so they know how to ensure their information and gadgets, "so when they come to work, they're accustomed to being secure at home".

While the danger of digital assaults is developing, numerous associations battle to try and get the essential shields set up to ensure their framework and information. Handy safety efforts that rose up out of the roundtable included:

• routinely fixing firewalls
• refreshing firmware
• setting robust passwords
• changing the watchword your Wi-Fi switch accompanied
• asking representatives who utilise their particular gadgets at work to introduce hostile to infection programming and to turn on firewalls.

References

Carroll, J.M., 2014. Computer security. Butterworth-Heinemann.

Gaj, K., 2015. Computer Network Security.

Pieprzyk, J., Hardjono, T. and Seberry, J., 2013. Fundamentals of computer security. Springer Science & Business Media.

Rothwell, W.G., 2015. Computer protection against malware affection. U.S. Patent 9,129,111.

Stallings, W., 2015. Operating System Security.

Williams, J., Dabirsiaghi, A. and Sheridan, E., Contrast Security, Llc, 2014. Detection of vulnerabilities in computer systems. U.S. Patent 8,844,043.