| 1. mSCOPE |
| Information security |
| means protecting information and information systems from |
| unauthorized access, use, disclosure, disruption, modification or destruction. |
| The terms information security, computer security and information assurance are |
| frequently incorrectly used interchangeably. These fields ar e interrelated often and share |
| the common goals of protecting the confidentiality, integrity and availability of |
| information; however, there are some subtle differences between them. |
| These differences lie primarily in the approach to the subject, the methodologies used, |
| and the areas of concentration. Information security is concerned with the confidentiality, |
| integrity and availability of data regardless of the form the data may take: electronic, |
| print, or other forms. |
| Governments, military, corporate, financial institutions, hospitals, and private businesses |
| amass a great deal of confidential information about their employees, customers, |
| products, research, and financial status. Most of this information is now collected, |
| processed and stored on electronic computers and transmitted across networks to other |
| computers. |
| Should confidential information about a businesses customers or finances or new product |
| line fall into the hands of a competitor, such a breach of security could lead to lost |
| business, law suits or even bankruptcy of the business. Protecting confidential |
| information is a business requirement, and in many cases also an ethical and legal |
| requirement. |
| For the individual, information security has a significant effect on privacy, which is |
| viewed very differently in different cultures. |
| The field of information security has grown and evolved significantly in recent years. As |
| a career choice there are many ways of gaining entry into the field. It offers many areas |
| for specialization including, securing network(s) and allied infrastructure, securing |
| applications and databases, security testing, information systems auditing, business |
| continuity planning and digital forensics science, to name a few. |
| 2. Objective |
| An Information Security Policy usually has the following objectives: |
| To protect the organization's business information and any client or customer |
| I. |
| information within its custody or safekeeping by safeguarding its confidentiality, |
| integrity and availability. |
| To establish safeguards to protect the organization's information resources from |
| II. |
| theft, abuse, misuse and any form of damage. |
| To establish responsibility and accountability for Information Security in the |
| III. |
| organization. |
| To encourage management and staff to maintain an appropriate level of awareness, |
| IV. |
| knowledge and skill to allow them to minimize the occurrence and severity of |
| Information Security incidents. |
| 3. Responsibilities |
| • |
| Monitor to a reasonable level the use of the computer so as to detect breaches of |
| the system's security. In the event of a serious breach being detected, especially if |
| network security may have been compromised, CSD should be alerted so |
| institutional corrective measures can be taken. |
| • |
| All user ids on departmental computers must be provided to the CSD to enable |
| such users to be traced. |
| • |
| Ensure that each registered user is only allowed access to positively authorized |
| facilities; the default on all computers should be to bar access. |
| • • |
| Ensure that all software and/or data that are accessed via the computer are |
| • |
| properly licensed for such access. |
| 4. Implementation. |
| To aid departments who have a real need to run their own computers in this way the CSD |
| will: |
| Provide a designated contact to liaise with departmental system administrators. |
| • |
| Operate a closed security mailing list that is regularly updated with the latest |
| • |
| national and international information on hacking attempts, tools, etc. All |
| departmental system-administrators who are properly appointed and are recorded |
| as such with the CSD will be included in this list. |
| Provide regular training, advice and support to the designated departmental |
| • |
| system administrators. |
| Assist a departmental system-administrator to correct a security loophole or |
| • |
| breach, especially where the integrity of the University network may be at risk. |
| Periodically carry out checks, of its own and other network connected computers, |
| • |
| using tools provided by the industry or similar to those known to be available to |
| would be hackers. This will be done to search for the various types of security |
| problems that might exist. |
1 comments:
AOA!
I think the above given solution doesn't comply with the requirements of the question. It only provides you the general guideline which is already available in the lecture handouts but it is not the exact & correct answer.
Thanks!
Post a Comment