Total Pages: 4.5
Download All the Answers By Clicking Add To Cart.
Chapter 1 Case Exercises
Create a description of Data Mart’s network, based on the information given. If you need to make assumptions, do so and state them in your description.
The Data Mart network consists of servers and data storage devices that are accessed from different electronic devices from within the organization and from outside the organization by the clients. The network is utilized in many ways. The staff from within the organization use the network for setting up the user accounts and monitoring the different operations of the network devices like data storage, data analysis and also securing the network against any external and internal threats that might compromise the productivity of the network at Data Mart.
Create a list of the organization’s information assets. Again, state your assumptions.
Following is a list of the organization’s information Assets:
- Information about customers, staff, sales, marketing finances (Assumption: This information is stored in the different databases within the organization data network)
- Data files about the different events the clients initiate and end.
- The stored information by the clients and the files related to the analysis routines run by clients.
- Different software and operating systems utilized to run the network smoothly (assumption)
3. Create a list of the threats that Data Mart faces.
A productive computer network must be capable to identify the possible threats to its hard and soft resources (Kelley, Lahann & Mackey, 2004). Following is a List of the threats in the light of the information provided by Whitman & Michael. (2012) in their book:
- Malwares that might come to the organization network from client’s computers.
- Financial fraud by external attackers.
- Unauthorized access to the computer network.
- Exploits of the wireless networks if any.
- Exploits of user’s personal information.
- Viruses that might come from the user’s storage data.
- Power Irregularities.
Create a prioritized TVA worksheet listing assets against threats, with the most valuable assets on the left and the most dangerous threats at the top. With this spreadsheet, what should Data Mart focus on first with regard to protecting its most important assets?
Following is the Threats Vulnerabilities Assets (TVA) Worksheet:
|Malwares||Data storage devices||Operating systems||Network Software||Servers|
|Financial Frauds||User accounts||Financial databases|
|Unauthorized Access||Stored data||User accounts||Servers|
|Exploit of wireless network||All Assets|
|Power Irregularities||Network Hardware|
|Priority of Controls||Unauthorized Access||Malware||Exploit of Wireless Network||Viruses and Power Irregularities|
Chapter 2 Case Exercises
Create an ISSP for Employee Fair and Responsible Use of Data Mart Equipment using the outline specified in this chapter. If you’re having problems visualizing what the completed document will look like, use a Web browser to look for sample policies. Look for examples of organizational computer use or Web use policies, starting with your own institution.
Following is the Issue Specific Security Policy (ISSP) (Students DePaul):
Title: Fair and responsible use of Data Mart internal resources
Classification: Internal use only
Statement of Policy
This policy is about the fair use of the Data Mart resources by the staff members at the organization. This policy encompasses the hardware and software use related to all resources. The policy is only intended at the employees at Data Mart. All authorized users are expected to comply with the policies stated in this document.
All resources are expected to be appropriately used. No unauthorized access to any resource is not be exercised. All personnel must ask for the permission of the concerned person before making an attempt to use any resources not already under his/her jurisdiction. No equipment must be overused beyond what is required.
Violation of Policy
In the event of any violation, Data Matt reserve the right to take any disciplinary action appropriate to the situation. This could be the issuance of an oral or written warning or a suspension and/or termination. Legal actions will be taken if required.
Policy Review and Modification:
This policy is subject to review and modification by the Data Mart concerned administration on an annual basis or if necessary, by the modification of any technological resources at the organization.
Limitation of Liability
Data Mart assumes no liability for unauthorized acts that violate local, state or federal legislation. In the event that such an act occurs, Data Mart will immediately terminate its relationship with the violator and will provide no legal protection or assistance.
Begin a Managerial SysSP for the proposed firewall at Data Mart. You don’t have all the information to complete the document, but get started by using the outline provided in this chapter and completing as much information as possible. Questions you’ll need to make assumptions about include:
Managerial System-Specific Policy (SysPS) for the proposed firewall at Data Mart is as follows:
An Access Control List will be generate that will provide different controls and accesses to different employees at the organization. This will include login information for these employees to specific network resources at the organization.
Data Mart will employ an e-commerce serve for customer information.
Data Mart will consider using the e-mail servers provided by other Internet Service Provider like Google Email Services.
Data Mart will be accessing the e-commerce services and the e-mail servers externally. The users with email accounts with Data Mart Domain will use the email service on Google.
- Does Data Mart have its own Web server for customer information? How about an e-commerce server?
- Does Data Mart have its own e-mail server, or does it outsource this to its Internet Service Provider?
- Does Data Mart have other servers or services that need to be accessed internally or externally? What are they and who needs to access them?
Kelley, J., Lahann, J., & Mackey, D. (2004). U.S. Patent Application No. 10/947,575.
Retrieved from http://students.depaul.edu/~dmarkiew/coursework/is572/final/ISSP-WLAN.doc
Whitman, Michael. (2012) Guide to Firewalls and Network Security. 3rd edition, Course Technology,Cengage Learning. ISBN: 9781111135393.
Download All the Answers By Clicking Add To Cart.