Securing Higher Grades Costing Your Pocket? Book Your Assignment at The Lowest Price Now!
loader

Phone no. Missing!

Please enter phone for your order updates and other important order related communication.

Add File

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

Guaranteed Higher Grade!

MN604 IT Security Management

tag 0 Download 8 Pages / 1,812 Words tag 15-07-2021

Questions:

1.For the organization MIT, what are the controls (technical, physical or administrative) that you will implement to make it secure and fulfills the CIA triad within the university and departments and when contacting the internet? (Provide a figure for your controls and explain why using them). Please note that you have to mention technical/physical and administrative controls. 

2.What kind of risks that you might accept (not to implement controls for them) and why? For the risks that you either decided to accept, or for the unexpected risk, how do you plan to handle them?                           

3.Give an example of a duty of the Incident response planning, Disaster recovery planning and Business continuity planning when having an unexpected event.                                                               

4.Refer back to any resource to explain the difference between Host Intrusion Detection System(HIDS) and Network Intrusion Detection System (NIDS)? 

5.Literature review on signature based detection and anomaly based detection?   

Case Study (1): Victim of Social Engineering

Throughout the process, the auditor found countless examples of lax information security throughout the organization. There was a lack of a coordinated security policy, and the policies in place were not being followed. While reviewing the notes, the auditor noticed that a contractor requested the TMS server address over the phone. Further follow up revealed that a system administrator gave out the server address to a contractor because the contractors were in the middle of upgrading servers. The administrator also mentioned that the contractor requested the password, but the administrator didn’t feel comfortable sharing the password on the phone and asked the contractor to stop by the office – but the contractor was a no show. From the description of the events, the auditor felt it was a social engineering attempt. Social engineering is when a hacker attempts to gain access to sensitive information by tricking a person into giving it to them. The immediate recommendation of the auditor was to focus on the contractor’s activity in the organization.

Over the next few weeks the story unfolded and all the pieces of the puzzle were put together. It was eventually proven that the contractor stole the information. The contractor was hired to oversee the upgrade of servers on the storage network. While doing this, she learned about the transaction management system. She knew PII could be sold on the black market and thought the lax security at TKU would enable her to get away with stealing data without any repercussions. Her only obstacle was access. Since she only had access to the storage network, she needed a way to get access to the transaction management server. That’s when she called the system administrator and got the IP address and tried to get his login credentials. Once she got the IP address, she was able to utilize the free tools available on the Internet to scan the system and get the username and password with administrative access. It took her only a matter of minutes to get this information.

The password was only three characters long and didn’t use any numbers or special characters. With her new administrative permissions, she was able to export the PII.

Write a Memo that discusses the serious of the situation and highlight key breaches, including ITSec recommendations.

Case Study (2): Data Breach

Early one morning, Don was ushered into a closed door meeting with the Chief Finance Officer, the CIO, and an external security auditor he hadn’t met before. In the meeting Don learned that large amount of data, including the PII, was exported from the system. The previous day Gary was going through the logs to see if the patch he applied worked correctly, and he noticed that someone in the administrator group had exported a large amount of data at an odd time. Gary reasoned that no one should be accessing the system at 2am, and he was concerned because a large amount of data was exported. After bringing up the issue to management, it was decided that the Finance division would investigate the issue. Therefore, the responsibility to figure out exactly what happened fell on Don. He was asked to work with an auditor to find out exactly what happened.

Don left the meeting feeling overwhelmed and disconcerted; he knew nothing about security practices and he wasn’t happy about working with the auditor. He had recently inherited the system and didn’t know much about it. He did know that he had to find the source of the leak before more student information was lost and he knew his job might be on the line.

Download Sample Now

Earn back the money you have spent on the downloaded sample by uploading a unique assignment/study material/research material you have. After we assess the authenticity of the uploaded content, you will get 100% money back in your wallet within 7 days.

Upload
Unique Document

Document
Under Evaluation

Get Money
into Your Wallet

Total 8 pages

Cite This Work

To export a reference to this article please select a referencing stye below:

My Assignment Help. (2021). IT Security Management. Retrieved from https://myassignmenthelp.com/free-samples/mn604-it-security-management/administration-controls.html.

My Assignment Help (2021) IT Security Management [Online]. Available from: https://myassignmenthelp.com/free-samples/mn604-it-security-management/administration-controls.html
[Accessed 05 December 2022].

My Assignment Help. 'IT Security Management' (My Assignment Help, 2021) <https://myassignmenthelp.com/free-samples/mn604-it-security-management/administration-controls.html> accessed 05 December 2022.

My Assignment Help. IT Security Management [Internet]. My Assignment Help. 2021 [cited 05 December 2022]. Available from: https://myassignmenthelp.com/free-samples/mn604-it-security-management/administration-controls.html.


Stuck on Any Question

Our best expert will help you with the answer of your question with best explanation.

question
We will use e-mail only for:

arrow Communication regarding your orders

arrow To send you invoices, and other billing info

arrow To provide you with information of offers and other benefits

Phone no. Missing!

Please enter phone for your order updates and other important order related communication.

loader
250 words
Error goes here

Error goes here

Files Missing!

Please upload all relevant files for quick & complete assistance.

We Can Help!

Get top notch assistance from our best tutors !
Excel in your academics & career in one easy click!

icon

Other Samples

Content Removal Request

If you are the original writer of this content and no longer wish to have your work published on Myassignmenthelp.com then please raise the content removal request.

icon

5% Cashback

On APP - grab it while it lasts!

Download app now (or) Scan the QR code

*Offer eligible for first 3 orders ordered through app!

screener
ribbon
callback request mobile
Have any Query?