Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Network Security Plan: A Comprehensive Guide to Protecting Your Network

Verified

Added on 2024/05/31

AI Summary

This comprehensive network security plan outlines the essential policies, procedures, and strategies for safeguarding the First National University's network infrastructure. It covers a wide range of topics, including asset identification, risk analysis, threat assessment, security policies, disaster recovery, and business continuity. The plan aims to provide a robust framework for protecting the university's sensitive data, systems, and operations from unauthorized access, cyberattacks, and other threats.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Network Security Plan

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
Introduction..............................................................................................................................3
Objectives..................................................................................................................................6
Assumptions..............................................................................................................................7
Risk Analysis.............................................................................................................................9
Asset Identification and Assessment......................................................................................9
Risks.....................................................................................................................................10
Threats, Challenges, and Vulnerabilities..............................................................................21
Security Policies......................................................................................................................25
Acceptable Use Policies.......................................................................................................26
Network Security Policies....................................................................................................27
Physical Security Policies....................................................................................................31
Personnel Policies................................................................................................................32
Getting ready methods can moreover be connected as one of the devices for surveying the
accomplishment of the office's undertakings. A half of year after the approach will turn out
to be intense; the training division must confirm the technique..........................................37
Data Policies.........................................................................................................................37
System and Hardware Policies.............................................................................................38
Disaster Recovery and Business Continuity........................................................................39
Security Strategies and Recommended Controls (two pages)............................................45
Residual Risks.........................................................................................................................48
Resources................................................................................................................................49
Conclusion...............................................................................................................................51
References...............................................................................................................................52
1

Introduction
We all in today’s world are connected to one network or the other. But are these networks
secured? If yes, then how? What is network security? Anything or any measure which is
taken to secure a network from any known or unknown threats is known as Network Security.
Network security doesn’t deal only with network related aspects but it also deals with the
hardware and software components of the system for proper security. Basically, network
security manages access to the network.
How does it operate? Network security works on the basic principle of layer security, it
has different protected layers at the edge which goes all the way to the network layer. Now,
these various layers allow an authenticated user and block any unauthorized, malicious or
unknown user to access the network.
In a digitalized world, like we live in, it is very important to secure a network as everything
and everyone is connected to that network one way or the other. There are various ways in
which we can secure a network and hence there are various types of network security
available nowadays. Let’s have a look them (Carter, 2012):-
1. Protection from Unauthorized Access:-
Not everyone should have the access to your network or in other words, your network
shouldn’t be open to all. There should be a proper check on all the personals and the
devices which access the network and the network should have the knowledge to
differentiate between an authorized and an unauthorized device or user. By ensuring
the access we can make our network better and stable. This process is known as
Network Access Control (NAC).
2. Application Security:-
Securing a network is an essential thing but it is not the only thing which needs to be
secure. Sometimes the applications we use on the network can have some flaws which
may lead to unknown threats and in the end compromising the network itself.
3. E-mail Security:-
We are all aware of the virus and malware which we sometimes receive through the
E-mail. According to the IT R&D, e-mail is one of the most common and widely used
channels for threatening or compromising a network. There should be a proper check
and monitoring on the e-mails which are received over the network.
4. Firewall:-
As the name suggests the firewall literally acts as a barrier between the outside worlds
2

our personal network. Firewalls are responsible for detecting any unauthorized access
or breach into the network security. A firewall could be software or a hardware
component both, depending upon the need of the user.
5. Web Security:-
If a system or any device is connected to any network then it is obvious that the user
will use the services of World Wide Web. Now as useful as it is, the Web also needs
to be secured at all times to prevent any harmful intrusions from it as it houses one of
the most damaging threats a network can survive.
6. Network, in any environment, or organization, being a mediator between the internet
and the user, is prone to a lot of threats and security vulnerabilities one can imagine
of. As discussed above securing a network should be a prime concern and the primary
objective of establishing any other component of the system use. But the point is, how
far one can think of taking the network security and what are the future image of this
component, let’s see (Carter, 2012):-.
3

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Scope
As discussed above, network security is extremely important and a key factor in securing the
confidentiality and the trust of any organization/company. In today’s world, there is a wide
scope of network security and the application are also endless.
A network security should secure the networks from:-
1. Structured and unstructured attacks.
2. Phishing.
3. Dos and DDoS Attacks.
4. IP addresses spoofing.
5. Password attacks and many more.
To further understand the scope of Network Security, let’s take an organization into
consideration and analyze the threats that accompany it.
We are all aware of the E-commerce giant, Wall-mart. Now wall mart operates via physical
stores and online stores as well. On Wal-Mart's site, the organization sells almost all kinds of
products from different brands, to different places around the world. They have the option of
online payments via credit card, debit card or through net-banking. Running all these services
on the World Wide Web requires high encryption payment gateways and a secure network.
This is the part where network security comes into play. The following are the roles which
network security plays while securing Wal-Mart's network:-
• Firstly network security ensures that only authorized users can have access to the wall
mart’s site that means to make a purchase the user must have a registered password
and ID to log in. This makes it easier for the organization to keep track of purchases
and users who purchase it as well.
• After giving the access to the authorized user the security must ensure that user
doesn’t perform any unauthorized activity on the network. Meaning, the network
security must ensure the firewall’s integrity even after granting the access. So that no-
one can harm the network from within.
• While logging on the network the user provides sensitive information to the
organization such as name, address, phone details, credit card details, payment
information and a lot more. The analytical data and information security are also
ensured by the network security so as to prevent the interest of both, the user and the
organization(Carter, 2012).
4

• If a user chooses to pay online for the purchase then it is network security’s duty to
direct the details of payment from the site to the gateways and from the gateway to the
site again, no data loss is tolerable when it comes to payment details.
• In the end, the network security must hold and maintain the user's data and
information after it has logged out of the network so that it can be used in the future in
an intact manner (Varshney, 2006).
As seen above, it is not possible to operate a venture or any kind of work which involves the
use of sensitive information without the presence of network security options. Network
security does not only protect the network from outside threats but it also protects the
information and data stored on the network from getting out. Therefore it is evident that the
scope and usage of this component are unparalleled from any other component when it comes
to security and protection. As the network grows and more ventures come online it would be
getting important and prioritized to maintain and use network security on a regular basis. the
If network security is not implemented in any of organization network then anyone can attack
with enough computer skills and knowledge can break into a system and compromise the
network resulting into loss and leakage of data and company’ reputation at the same time.
The duplicity of movies, songs and other things we see on the internet is a result of poor
network security and lack of proper management of the network. To ensure the success and
reputation of any organization is very important to ensure a robust and good working network
security (Mitchell, 2017).
Objectives
Network security is the terms opt for the policies or the rules which are applied to the
network on which browses on. It provides a security against different threats which can attack
the network when you are on it and can breach your data through the attacks and also take
you very personal credentials and misuse it.
So network security is like a lock which provides a wall between the network and your data
or credentials so that no unauthorized person or threat can attack you while you are on the
network.
There 4 main objectives behind network security:
1) Confidentiality- the first objective of the network security specifies very important
rule about the network who or what the people to access information on the network
is. Basically, it means who is authorized and who is not, by keeping it confidential
5

means not showing the data to everyone only to the authorized one. Some
authorization methods are kept on the network which allows only those authorized
person who has the clearance to see their confidential details.
2) Integrity- it is made by both the confidentiality and availability of the data. The main
feature of the integrity is that not only it’s authorized the data but also checks that the
data which is stored on the network is not changed by any authorized person or saved
in such a way that it is not contaminated.
3) Availability- means that the data which is stored on the website or on the internet can
be only accessed by that person or that person who have the authorization for it.
Availability means that only those have authorization can check its data whereas
others who don’t have authorization would be blocked by the security on the network.
4) Nonrepudiation- is the newest and most and not widely used security option used for
integrity, availability, and confidentiality. It is the security option in which the person
has to give its digital signature for the authorization process rather than using a
password or anything else. It would be the best way to secure your data if it would be
used widely and perfectly. It’s basically used for the business purposes in the e-
commerce section to provide a perfect authorization and authentication (Carter,
2012):-
These were some of the security goals which should be achieved during the business and
technical areas. By achieving these goals it provides full protection against the intruders
or the malicious person or different threats.
There are many business and government organizations in the world which have it
departments. These it department deals with most of the security issues that the
organization is facing. If there is any security breach or any security issues arise in the
organization is being faced solved by this it departments. Solve in that way that it doesn’t
arise again with the same problem about the same security issue.
This was the main objective of the network security behind the business and technical
field (Mitchell, 2017).
Assumptions
It is very important for each and every organization to take some of the assumptions for
the security of those organizations. With the help of these assumptions, it makes it easier
to increase the security need of an organization. By proper surveying about the problems
6

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

that can come in the way is not solved by making assumptions and probability that it can
occur.
Some of the assumptions taken in an organization are:
 Assumptions that authentication is enough: assumptions are taken that the
security over login condition in the account or in laptops is enough. If there is
security on the authentication is put, it is assumed that no more security
required to put through further. Which is not true, further security is also
needed because only one security over authentication is not enough. There is
much another security breach through which threats can enter the network.
 The second assumption that some organization or person take is that firewall is
enough for the security purposes. They think that the firewall which creates a
wall between the network and the user through which security breaches are
made difficult but they do not understand that it not enough for security
purpose that is so not true. It is required for other securities also. Firewall is not
enough for the security purposes because it only protects the organization only
from some of the security threats not all. So it is required to make the security
strong and make sure that all the security threats are concerned but not only
one(Mitchell, 2017).
 Reactive posture is one of the best useful assumptions that are taken for the
security purpose. As the user has known that only authentication and firewall is
not enough for the security threats so it uses reactive posture.in a reactive
posture, it takes out the holes in the security and rectifies it before any hacker
or threat attack through it. It is one of the best ways because it takes out before
only what are the things which are remaining in securing the network so that no
lope holes are there. If there is any then it should notify and then rectify the
damage.
 The last one and the final one is that whenever a security breach is going to
occur or any threats which are going to occur the security will notify the user
before only through which the user can know what are threats which are going
to attack o him or her during networking. By this notification, the user can
easily outcome this threat and rectify the loopholes which he did not know it
before. It is one of the best assumptions because every time threats are going to
come the user will come to know beforehand and the user can upgrade its
7

security system so that he or she doesn’t face any of these attacks. But some of
the attacks which are new to the networking area will not notify you and can
attack, so to avoid this situation you should always update the software or
applications so that no new cyber threats can bring harm to you.
Risk Analysis
Asset Identification and Assessment
The asset identification and assessment comes under risk assessment. In fact, the initial
process in risk management is a risk assessment. In order to determine the risk associated
with the IT system and also if there are any potential threats then the organization uses risk
assessment. The risk assessment helps in determining the extent to which the IT system of an
organization is affected and helps in estimating the right techniques also with appropriate
technologies in order to overcome the risk.
A risk can be defined as the result of a potential threat that can have an adverse impact on an
organization and its work. A risk is determined by multiplying threat with asset and
vulnerability.
Risk = Threat x Asset x Vulnerability
In identification and analysis of asset in risk assessment, the assets can be divided into two
parts:
 Physical Assets
 Non-physical Assets
In this, the assets are characterized according to their type whether physical or non-physical.
In physical assets include all the hardware like the computer desktop, printer, scanner, LAN
and WAN wires, etc. The non-physical assets include all the system related data, data, and
information, system interfaces, etc. The system related information of assets helps in defining
the scope the effort, the identification of the IT system and providing information that is
important for defining risk. A deep understanding of the system’s environment is necessary
for the identification of system related risks (Mitchell, 2017).
Physical assets
The physical assets in the risk assessment and analysis are given below:
 Hardware
 Computer/ Desktop
8

 Laptop
 Printer
 Scanner
 Shredder
 Beamer
 Connecting wires
Non-physical Assets
The non-physical assets in the risk assessment and analysis are given below:
 Software
 Data and Information
 System Interfaces
Risks
The risk may be defined as the net negative impact of exercise or weakness or vulnerability,
taking into consideration both the probability of the occurrence and its impact. A risk can be
defined as the result of a potential threat that can have an adverse impact on an organization
and its work.
Individual Risk Analysis of Assets
The assessment of the risk of assets is very important. It helps the organization to determine
the extent of the risk, its impact and also it helps in finding the appropriate methods to avoid
that risk.
The risk assessment contains a total 9 steps are these are:
• Characterization of the system
• Identification of the threat
• Identification of vulnerability
• Analysis of Control
• Determination of likelihood
• Analysis of the impact
• Determination of the risk
• Recommendations regarding the control
• Documentation of the result
9

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Characterisation of the System- For the assessment of risk in a system the scope of the
effort needs to be defined. The IT system’s limits are recognized in this step. Characterisation
of an IT system determines the extent of the assessment of the risk effort gives information
necessary for the risk and defines the boundaries of operational authorization. A deep
understanding related to the system setting is necessary for the identification of system
related risks.
Information relating to the system recognizing the risk relating to the IT system- It
needs a thorough understanding of the system’s processing system. This system related
information can be classified into following types:
• Hardware Software
• System interfaces
• Data and information
• A person using and supporting IT system
• System mission
• System and data critical ability
• System and data sensitivity
Other than the above-mentioned types, additional system-related information types are:
The functional requirements of the IT system
• Users of the system. This includes users that present support to the IT system in terms
of technicality, users that employ IT system to perform functions for their business,
etc.
• System security policies governing the IT system like laws and organizational policies
System security architecture
• A current network topology that includes a network diagram
• Protection of information stored. It keeps the system and data safe and protects its
confidentiality and integrity.
• The flow of information that is related to the IT system. This includes input and
output flow diagram of the system, interfaces of the system, etc.
• Technical controls that are used in IT system. This includes access control, encryption
method, audit, etc.
• Management controls that are used in the IT system like the behavior rules, planning
of the security, etc.
10

• Operational controls that are used in the IT system. This includes back-up, personal
security, contingency, controls that segregate user functions, maintenance of the
system, access for privilege user as compared to privilege for standard user, recovery,
and resumptions etc.
• The environment of the physical security of the IT system like policies regarding data,
security facility, etc.
• If a system is in its design or initial phase, the design helps in obtaining system related
information. The important security rules and features of an IT system must be
defined for its development and for its better future. The security plan and the design
documents of the system make available to us information that is important and useful
to us regarding the security that comes with IT system development.
• For an IT system that is already in operation, the user data and information can be
collected from documented and undocumented procedure. The system’s description
may be based on the future security plans of the IT system or by the security provided
by the infrastructure of the IT system (NixCraft, 2017).
Information Gathering Technique- There are many ways in which information related to
the IT system can be gathered. Some of the most common techniques for gathering the
information are given below:
Questionnaire- The person appointed for the task of information gathering can be made
questionnaire based on the operational and management controls that are in use or are
planned to be used in the future for the IT system. The questionnaire must have technical as
well as a non-technical question so that it could be distributed to technical as well as the non-
technical staff. This helps in understanding the risk at technical as well as non-technical level.
Onsite Interviews- The person appointed for the person appointed for this task can take
onsite interviews of the people working in order to gather important information related to the
IT system. If the system is in design phase then the onsite interview will be face-to-face in
order to get an opportunity for the evaluation of the physical setting of the IT system.
Review of the Document - The review of documents such as a security-related document,
directives, legislative documents, previous reports, system test result reports, etc. can provide
useful and important information regarding the security controls about the IT system of the
organization.
Use of Automated Scanning Tool- In order to collect information regarding the system
efficiently some technical proactive methods can be used like the tool used for network
11

mapping can be used to recognize a huge group of hosts and easily build individual profiles
of the target IT system.
Identification of a Threat
A threat may be defined as a chance that a threat-source to effectively use a particular
weakness of the system harms the system. In order to determine the possibilities of the risk of
the threat that can be caused by the threat source, an individual should consider the possible
vulnerabilities and controls present in the system.
• Identification of the Source- The main target of this step is to recognize the possible
threat sources and listing them so that they can be evaluated for the IT system. The
threat sources may be both, natural as well as environmental or human. The threat
caused by the threat source can be deliberate or purposeful or unintentional.
• Motivation and Threat Action- In this assessment, the motivation behind the threat is
analyzed. The humans can prove to be dangerous threat sources if they get the desired
resources. There could be many reasons behind their motivation for threats and their
actions. This can be assessed by reviewing the past records of the organization,
previous reports of incidents, history of system break-ins, etc. (NixCraft, 2017)
Vulnerability
The vulnerability may be defined as a fault or a limitation in the procedures of security in the
system that may result in the breach of the security and violation in the security of the system.
The organization must examine the potential threats to the organization and its processing
environment. Interruption detection tools are being used by many government and private
organizations to detect the threats to the organization, collect important information and
improve their capability to evaluate the threats.
The sources of information are as follows:
o Mass media
o Intelligence agencies
The steps for assessing vulnerability are:
• Vulnerability Identification- Identification of vulnerability includes assessing the
threats and vulnerabilities related to the setting of the system. The aim of this step is
to identify the potential threats to the system. The methods recommended for the
identification of system vulnerabilities are testing the performance of system security,
preparing security requirement checklists, etc.
12

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

• Sources of Vulnerability- The sources of the vulnerabilities are not technical as well
as technical vulnerabilities can be recognized by methods by which information could
be gathered. The sources of vulnerability include previous risk assessment documents,
internet, system reports, system test reports, securities advisories, system analyses of
software of the system, etc.
Practical Methods for Security of the System- In system testing, proactive methods the
system vulnerabilities are recognized and assessed by employing system testing
techniques. The test methods comprise:
• Automatic vulnerability scanning tool
• Penetration testing
• Evaluation and test of the security
• The automated tool for scanning vulnerability is used t scan a network or group of a
host of known vulnerable services.
• Development of Checklist of Security Requirements - In this step of risk
assessment the person appointed determines whether the security requirements meet
the planned or existing security controls for the IT system. This helps in determining
the whether the system’s design is fulfilling the requirements of the security controls
or not. The security requirement checklist includes security standards that help to
assess and recognize the vulnerabilities of the assets, procedures, processes, etc. The
result evaluated from the checklist can be used to evaluate the process, procedural and
system weaknesses representing potential vulnerabilities, etc. (NixCraft, 2017)
Analysis of Control
The main objective of this step is to assess the controls which are planned or already
implemented by the organization in order reduce or completely eliminate the probability of
threats to the system of the organization. The probability of potential threat can be carried out
within the related risk surroundings; the application of planned or current controls must be
well thought-out. The probability of exercise of vulnerability is low if the threat-source is at a
low level or the security controls are very effective and vice-versa.
Control Method Security Controls- The control method controls of security include the
exercise of non-technical as well as technical methods. The controls that are technical include
security of software, hardware, etc. and controls that are non-technical are operational and
management controls like operational measures, safety policies, personnel security, etc.
13

Categories of Control- The control types for non-technical and technical methods are
divided into either detective or preventive. The preventive control restricts attempts to resist
the security policy and it contains controls such as encryption, enforcement, and
authentication. The detective control restricts the attempts or violations of the security policy.
It includes controls such as interruption detection methods, sums of checks and audit trails.
Control Analysis Technique- In control analysis technique the security requirement
checklist is prepared or an already available checklist is used for the analysis of controls in a
systematic and effective manner. This requirement checklist is used to check the compliance
and non-compliance with the security. Hence it is very important to update such checklists in
order to show the changes happening in the control environment of the organization.
Likelihood Determination
The likelihood determination is the determination of the probability of exercise of a potential
vulnerability that can prove to be a threat to the organization. The governing factors in the
determination of likelihood are as follows:
 Threat-source inspiration and ability
 Nature of the susceptibility
 Subsistence and efficiency of current controls.
The level of likelihood may be high, medium or low. If the likelihood is high, it means the
probability of occurrence of a potential threat is high. If the likelihood is low, it means the
probability of occurrence of a threat is low. If the likelihood is medium, it means the
probability of occurrence of a potential threat is neither too high nor too low. The security
controls need to be very strict in case of high likelihood and can be mild in case of low
likelihood.
Impact Analysis
The impact analysis is a major and an important step in the measurement of the risk level and
determining the ill effect from the successful threat exercise of vulnerability. A few terms
must be discussed before conducting the impact analysis and these terms are the mission of
the system, criticality of system and data and also sensitivity of the system and data. The
information regarding them can be obtained from the existing documentation of the
organization. The assessment of sensitivity and criticality of assets comes under mission
impact analysis. The assessment of information assets such as hardware, software, services
and related technology assets comes under criticality assessment of an asset. Assessment of
these assets supports the organization in critical missions of an organization. If the
14

assessment of these assets’ documentation is not available then the sensitivity of the system
and the data can be determined by the level of safety needed to preserve the data and
system’s confidentiality, accessibility and reliability. The determination of the extent of
impact on the system and information is done the owners of the system and information. That
is why it is suitable to approach the owners regarding information of the system and data it is
containing.
Given below is the list of security goals and the impact it is not being met:
• Loss of Integrity- The integrity of system relates to need of protection of information from
inappropriate modification. If intentionally or by accident, inappropriate modifications are
done to the data of the IT system then the integrity of the system is lost. If the integrity of the
data or the system is lost then it could lead to consequences like erroneous decisions,
inaccuracy or fraud. The loss of integrity may also lead to an attack on the important and
confidential information of the organization. The assurance of the IT system is reduced due to
loss of integrity.
• Availability Loss- The organization’s task is affected if the mission-critical system of IT is
unavailable to its customers. For example, there will be wastage in time if the system is not
performing its operations and functions properly. This will result in a decrease in the
performance of the users in performing their functions.
• Confidentiality Loss- the confidentiality of the data and the system is concerned with
protecting the information saved in the system from unauthorized access. If the system is hit
with unauthorized access then it can lead to reputation loss of the company or the
organization, heavy money losses, leakage of important information. While doing an analysis
of impact then the focus of the analysis should on qualitative as well as quantitative
assessment. The plus point of the qualitative analysis is that it keeps the risks at its priority
and also recognizes the areas that need immediate improvement. Its disadvantage is that it
does not tell the extent of the impact and that’s why it becomes difficult to choose the
appropriate control measures for the loss.
The plus point of quantitative assessment is that it helps in determining the extent of the
impact so that appropriate control measures can be taken. Its disadvantage is that it is
complex and the result is sometimes not error free. Its result is impacted by qualitative
assessment.
There are some other factors also that help in determining the extent of the impact. These
factors are as follows:
15

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 An evaluation of the occurrence of threat by the threat-source’s of the vulnerability in
a particular period of time. Let say one year.
 An estimated cost for each time a threat occurred by the threat source.
Determination of Risk
In risk determination step, the analysis of the IT system is done. The determination of risk for
some threat or vulnerability can be articulated as a function of:
• The chances of a threat being caused by a threat source.
• The extent of the impact when a threat is caused by a threat source.
• The sufficiency of the security controls available to handle the threat that is available
or are planned be implemented by the organization in the near future.
Risk-Level Matrix- The risk level matrix helps in determining the level or the extent of
risk that the organization is facing or may face in the future. The higher the risk level the
higher is the impact of the threat. The determination of the risk level may or may not be
biased.
• The probability for a high likelihood of a threat is 1.0
• The probability for the medium likelihood of a threat is 0.5
• The probability for low likelihood of a threat is 0.1
• The assigned value for high impact level is 100
• The assigned value for medium impact level is 50
• The assigned value for low impact level is 10
The risk scale rating represents the risk at which the IT system, procedure or facility are
exposed if the vulnerability is exercised.
Control Recommendations
The control recommendations is an important step an in this step the controls that can use to
eradicate the identified risk are provided for the operations of the organization. The main
objective of these controls that are suggested is to decrease the extent of risk to the IT system
and to protect its data and information.
The factors that must be taken into consideration for recommending controls and optional
solutions are:
16

• The efficiency of suggested options (e.g., system compatibility)
• Legislation and regulation
• Organizational policy
• Operational impact
• Safety and reliability.
The recommendations of the control are the consequences of the risk evaluation process and
give a base to the process of risk mitigation, throughout which the suggested procedural and
technical security controls are evaluated, prioritized, and implemented. The recommended
controls are used in order to reduce loss. A cost-benefit analysis needs to be conducted in
order to find out which controls are appropriate for a particular organization. The costs
required for the implementation of the controls must be justified in the reduction of the level
of risk. The operational impact must also be considered while choosing the appropriate
controls for a specific organization.
Results Documentation
After the completion of the risk assessment, the documentation of the results is required for
the briefing or official reporting. A report regarding the management of the organization that
assists the managers and owners to take effective decisions and choices regarding money
matters, policies, changes in staff, budget, etc is known as result documentation.
The documentation of the whole analysis of the report must be in a systematic manner with
clear observations and simple to understand language. The objective of the report should be
clear in the head of the person making the report so that when there will be a need to take
help from the report regarding a particular issue then the report must be easy to understand by
the individual reading the report.
Risk Summary
 The risk may be defined as the net negative impact of exercise or weakness or vulnerability,
taking into consideration both the probability of the occurrence and its impact. A risk
can be defined as the result of a potential threat that can have an adverse impact on an
organization and its work.
 The assessment of the risk of assets is very important. It helps the organization to
determine the extent of the risk, its impact and also it helps in finding the appropriate
methods to avoid that risk and the risk assessment contains a total 9 steps.
17

 The first step is system characterization. The final step is risk documentation. After
the completion of the risk assessment, the documentation of the results is required for
the briefing or official reporting. A risk assessment report is a management report that
helps senior management, the mission owners, make decisions on policy, procedural,
budget, and system operational and management changes.
 The second step is threat identification. A threat may be defined as a chance that a
threat-source to effectively use a particular weakness of the system harms the system.
In order to determine the possibilities of the risk of the threat that can be caused by
the threat source, an individual should consider the possible vulnerabilities and
controls present in the system.
 The third step is vulnerability assessment. The vulnerability may be defined as a fault
or a limitation in the procedures of security in the system that may result in the breach
of the security and violation in the security of the system. The organization must
examine the potential threats to the organization and its processing environment.
Interruption detection tools are being used by many government and private
organizations to detect the threats to the organization, collect important information
and improve their capability to evaluate the threats.
 The fourth step is controlled analysis. The main objective of this step is to assess the
controls which are planned or already implemented by the organization in order
reduce or completely eliminate the probability of threats to the system of the
organization. The probability of potential threat can be carried out within the related
risk surroundings; the application of planned or current controls must be well thought-
out. The probability of exercise of vulnerability is low if the threat-source is at a low
level or the security controls are very effective and vice-versa.
 The fifth step is a determination of likelihood. The likelihood determination is the
determination of the probability of exercise of a potential vulnerability that can prove
to be a threat to the organization.
18

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

 The sixth step is impact analysis. The impact analysis is a major and an important step in
the measurement of the risk level and determining the ill effect from the successful threat
exercise of vulnerability. A few terms must be discussed before conducting the impact
analysis and these terms are the mission of the system, criticality of system and data and also
sensitivity of the system and data. The information regarding them can be obtained from the
existing documentation of the organization.
 The seventh step is risk determination. In risk determination step, the analysis of the
IT system is done. The determination of risk for some threat or vulnerability can be
articulated as a function of:
• The chances of a threat being caused by a threat source.
• The extent of the impact when a threat is caused by a threat source.
• The sufficiency of the security controls available to handle the threat that is
available or are planned be implemented by the organization in the near future.
 The eighth step results recommendation. The control recommendations is an
important step an in this step the controls that can use to eradicate the identified risk
are provided for the operations of the organization. The main objective of these
controls that are suggested is to decrease the extent of risk to the IT system and to
protect its data and information.
 The ninth step is documentation of risk. After the completion of the risk assessment,
the documentation of the results is required for the briefing or official reporting. A
report regarding the management of the organization that assists the managers and
owners to take effective decisions and choices regarding money matters, policies,
changes in staff, budget, etc is known as result documentation.
All these steps are very important and must be followed in the same sequence for the
assessment and analysis of risks of assets.
19

Threats, Challenges, and Vulnerabilities
Threats
A threat may be defined as a chance that a threat-source to effectively use a particular
weakness of the system harms the system. In order to determine the possibilities of the risk of
the threat that can be caused by the threat source, an individual should consider the possible
vulnerabilities and controls present in the system.
1. Identification of the Source- The main target of this step is to recognize the possible
threat sources and listing them so that they can be evaluated for the IT system. The
threat sources may be both, natural as well as environmental or human. The threat
caused by the threat source can be deliberate or purposeful or unintentional.
2. Motivation and Threat Action- In this assessment, the motivation behind the threat is
analyzed. The humans can prove to be dangerous threat sources if they get the desired
resources. There could be many reasons behind their motivation for threats and their
actions. This can be assessed by reviewing the past records of the organization,
previous reports of incidents, history of system break-ins, etc. (NixCraft, 2017)
Challenges
The six major security challenges that an organization faces is as follows:
 Electronic Commerce- These days all the businesses are being conducted via the
internet. The internet has proved to be an important platform for conducting a
business. It gives a business a platform to showcase its products and services and
helps it in increasing its customer base. The people also these days find it time-
consuming to go the retail stores and buy things they need and prefer shopping online.
This helps them in saving a lot their time and they can place an order from anywhere
and at any time. Electronic commerce also helps them in saving money since there are
no middlemen involved in the case of traditional retail stores. However, the security-
related issues in electronic commerce are a big challenge that the businesses deal
every day. In order to keep up with the competitive environment of the market that
demands great quality, quick delivery, and affordable prices, the business has to work
with speed and this leads to security issues. The information of their customers may
not be safe in this hustle and this may lead to a lot of threats (Rabie, 2013).
20

 Constant Growth and Complexity of Information Security Attacks- The business
operations are being damaged by constant growth in security attacks. The security
system of a business or an organization can be damaged by viruses, worms or Trojans.
A virus with a malevolent code that affects the executable programs. The virus does
not do anything until the user uses the infected program and run it. This is the time
when the virus is entered into the system and damages it. Trojan is a malevolent
program which is also just like virus activates when the user uses the program
infected by it. It deletes or steals the data from the system. The difference between
virus and Trojan is that virus has the tendency to replicate but Trojan does not
replicate (Rabie, 2013).
 Immaturity of the Information Security Market- The information security market
is still at a primitive level offering only individual solutions like firewalls that only
address a part of the needs of the company. So the customers find it difficult to put
together the solutions offered by them and work. The companies are forced to install
multiple point solutions in order to provide individual components to their security
systems. This is a huge task for the companies which are expanding with new
products and services because growth in the company means more complexities in the
security-related problems. The needs to organize the expanding list of products and
ensure that the all the components of the security system are working properly and in
coordination. Another challenge faced by the companies is that it gives low priority to
its security (Seltzer, 2013).
 Shortage of Information Security Staff- It is a difficult task to find qualified people
for the purpose of information security. There are only a limited number people
available with the required security skills. Therefore, more investment is needed by
the business executives in this area. The training to the staff is also a problem because
of lack of standards, immature market, and many point solutions. Due to constantly
expanding and growing technologies, the security challenges are also increasing
which the staff employed for information security may not be able to keep up. This
means more time and money requirement for their training. In addition to technical
training, the information security team also needs to develop security enforcement
skills. A good leader is also very important who can effectively lead and direct the
information security team. Such leaders are rare and hard to find (Seltzer, 2013.
21

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 Government Legislation and Industry Regulations- With the increasing
information security incidents and dependence on the internet have compelled the
government to create additional legislation to control ecosystem of the technology.
The regulations are necessary to abide by the businesses and companies in order to
keep their security systems safe since the internet has become easily accessible
everywhere around the world.
 Privacy- Privacy is a major security issue in these for an organization or a business.
Every organization has vital data and information about its customers, clients,
accounts, money transfers and if this information is not properly secured then this can
lead to huge losses in terms of money and reputation for the organization. Hence the
necessary precautions and steps must be taken by the organization to ensure that the
information is secure and safe. This will ensure that the information about the
customers of the organization will be safe from misuse, loss, disclosure and
unauthorized access (Seltzer, 2013).
 Mobile Workforce and Wireless computing- The mobile computing devices have a
great impact on our everyday life. Mobile workforce and wireless computing have
although proved to be a boon to the business by replacing phone lines for
communication between the employees and the customers at the same time, the
security issues are also increasing with their advancement. Earlier the employees used
to have a separate computer at the workplace and a separate computer at home but
nowadays it is okay for them to use the same computer or laptop at both the places.
This has increased security risk and chances of leakage of information about the
organization. The organization needs to have strict protocols and policies regarding
the devices that the employees use. The employees should not use the company
computer or laptop for their personal use. The companies should also give a separate
phone to the employees so that they do not in any way leak important information
regarding their company ( NixCraft, 2017).
Vulnerabilities
The vulnerability may be defined as a fault or a limitation in the procedures of security in the
system that may result in the breach of the security and violation in the security of the system.
The organization must examine the potential threats to the organization and its processing
environment. Interruption detection tools are being used by many government and private
22

organizations to detect the threats to the organization, collect important information and
improve their capability to evaluate the threats.
The sources of information are as follows:
o Mass media
o Intelligence agencies
The steps for assessing vulnerability are:
• Vulnerability Identification- Identification of vulnerability includes assessing the
threats and vulnerabilities related to the setting of the system. The aim of this step is
to identify the potential threats to the system. The methods recommended for the
identification of system vulnerabilities are testing the performance of system security,
preparing security requirement checklists, etc.
• Sources of Vulnerability- The sources of the vulnerabilities are not technical as well
as technical vulnerabilities can be recognized by methods by which information could
be gathered. The sources of vulnerability include previous risk assessment documents,
internet, system reports, system test reports, securities advisories, system analyses of
software of the system, etc.
Practical Methods for Security of the System- In system testing, proactive methods the
system vulnerabilities are recognized and assessed by employing system testing
techniques. The test methods comprise:
• Automatic vulnerability scanning tool
• Penetration testing
• Evaluation and test of the security
The automated tool for scanning vulnerability is used to scan a network or group of a host
of known vulnerable services. The vulnerabilities scanned or detected by the automated
tool may not be practically vulnerability. The automated tool has the tendency to detect all
kinds of vulnerabilities without considering the setting and state of the system. This results
in false results. In order to detect system’s vulnerabilities, another technique that is used is
ST&E. In this, a test plan is made and then executed. The efficiency of the controls of an
IT system can be tested by this technique. It helps in maintaining the security standards of
the company and ensures the safety of data and information stored in the IT system.
Another method that can be used to analyze the security controls of a company is the
penetration method. It is used to analyze that when the security of a company is threatened
23

then up to what extent the resources and back up plans are available with the company in
order to deal with the threat.
• Development of Checklist of Security Requirements - In this step of risk
assessment the person appointed determines whether the security requirements meet
the planned or existing security controls for the IT system. This helps in determining
the whether the system’s design is fulfilling the requirements of the security controls
or not. The security requirement checklist includes security standards that help to
assess and recognize the vulnerabilities of the assets, procedures, processes, etc. The
result evaluated from the checklist can be used to evaluate the process, procedural and
system weaknesses representing potential vulnerabilities, etc. (NixCraft, 2017)
Security Policies
The first national university is the first higher education institution in terms of distance
learning and introducing lots of online programs. It has got its support for information
technology services through three major facilities:
1. Headquarters: It is located on the main campus of FNU.
2. Operations (data center): It takes care of the back-office technical functions, data
center and IT staffs which are located 50 kilometers away from headquarters.
3. Back up: when any of the operations fail, back-up as a warm site facility that makes it
operational during the time of the event. It is located 1000 kilometers away from
headquarters in the country area.
The network at FNU does not have consistency, performance, reliability problems due to
increase in lots of enrolments of students and staffs, also the expansion of recent operations.
Also, there are no ‘bring your own device’ (BYOD) and ‘work at home’ (WAT) policies at
FNU. So this has become the focus of contention to increase secured wireless remote access
network due to undisciplined wireless networks implemented by students of the university.
There are some important factors that the management of FNU focuses to improve:
1. To increase the number of enrolments for on-campus and distance education by 50% in
3 years.
2. To allow staff members to do research works and projects among their colleagues in
different campuses and universities also improve their efficiency.
24

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

3. Improve the network connections for the students to submit the online assignments on
time without delay.
4. Under BYOD policy, allow network access of the university to all the students, staffs
and visitor members the internet wireless in all the devices like smartphones, PC ’s, tabs
etc.
5. Under WAT, allow campus network in the remote areas of the houses belonging to
students of the university.
6. Secure the access to the network from the outsiders (Rabie, 2013).
While considering all these points in mind, IT department of FNU implemented some goals
technically:
1. Introduce the wireless services by redesigning the current network.
2. Changes made to the IP addressing strategy.
3. To increase the bandwidth of internet access to use current applications and support
new applications also.
4. Provide a secured network to be accessed by all the students, staffs and visitors of the
university.
5. Also to get a faster internet to get a response time in less than seconds while running
multiple applications.
6. MTBF (mean-time-between-failure) of 6000 hours and MTTR (mean-time-to-repair)
in less than 90 minutes for the network availability.
7. To provide an expanded multimedia usage there should be networks that scale up to
the extent to provide the desired facilities.
8. Robotize the vast majority of the machine errands and organizations comprehensive
of connection and play, set up setup, mastermind organization, researching,
orchestrate watching, resource sharing, stack modifying, updates, and data
fortifications.
Acceptable Use Policies
1. Only authorized computers with their accounts and files can be enhanced.
2. Another person’s account and their passwords are secured and cannot be accessed
by any other individual.
3. For the individual’s appropriate resources allocated to them are under the
responsibility of that particular person like port address, software, hardware, and
networks. Hence they are responsible for all the university resources.
25

4. The university signs certain agreements for the third party resources, so all the
people belonging to the university must follow those domains of acceptance.
5. A good amount of effort must be made to protect all the passwords and network
access from intruders, configure hardware and software and securing the
University’s networks all over.
6. Without the proper administrator, the admin applications should not be accessed
such as restricted parts of the network, operating system, security software etc.
7. Ordinary tools are not enhanced to test the security software or computer networks
unless they have been specifically authorized to do so by the CIS Information
Security Group.
EMAIL AND COMMUNICATION POLICY:
 Email has become the official means of communication in universities in accordance
with the policy that all the staffs and students over there are required to maintain an
official ID as @fnu.edu.
 It provides an online identification key for individuals and also official email ids for
everyone in there.
 All the license policies, emergency notices, courses and syllabi requirements, event
and meeting timings are sent in this ID to reach all the members of the university.
INTERNET AND NETWORK ACCESS POLICY:
The privacy of the information and protection against the unauthorized modification of the
applications, securing against denial of services and unauthorized access re-enhanced in this
policy.
Network Security Policies
To secure a network, different layers of security are introduced to protect from the attackers
in a way that 3 or 4 systems must be crashed first in an attempt to get vital applications of the
system.
Network policies define how networks should be implemented and configured to get the
operations in line and guides on how to deal with the abnormalities in the system.
ANTIVIRUS POLICY:
All the computers used in the universities must be up-to-date licensed, approved antivirus
product which looks after the harmful software for the networks.
26

The central computers must have the centrally managed virus software that protects all of its
domain computers.
All the PC’s that are connected to the university network must be endorsed with appropriate
anti-virus products.
The university has the right to eliminate any of the computers that affect or infect other
machines unless the virus is being removed.
DMZ (de-militarized zone) POLICY:
It initiates the requirements of the information security distributed in FNU located across the
de-militarized zone (DMZ).
Accepting the requirement policies will reduce the risks of preventing the damages caused
due to unauthorized access to these resources, loss of confidential data and intellectual
properties.
The networks and devices in the FNU University facing the internet and are located outside
the FNU firewalls are said to be the part of DMZ and subject to this policy. Examples of
these devices are primary internet service providers and remote locations.
All the equipment used under this policy must be configured properly on time with the
required documents.
This policy is not applied in the private addressing nodes placed in the FNU’s internal
firewalls and the standards are described in the internal security policy for these devices.
EXTRANET POLICY:
This policy describes the outside party using the networks for the transactions between
different people inside the college.
The access to the outside parties for the private resources fall under this policy nevertheless
it’s a Telco-circuit or VPN technology used for the connection.
For the internet service providers that give internet access or the public telephone network
that connects to the third parties, do not fall under this policy.
VPN AND REMOTE ACCESS POLICY:
Virtual private networks can be advantageous to the attackers and the hackers, so the server
must be secured by the system administrator carefully.
By having the virtual private networks and remote access policy, it supports the call from the
end users and reduces the risk of organization’s network asset.
Every person remotely accessing the network must accept the terms of conditions that are
documented as VPN policy only after which they can access the network.
27

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Configuration is under the control of the Administrator and also determines the network
connection times that are limited to only work hours of the university.
NEED FOR THE VPN REMOTE ACCESS POLICY:
 Man in the middle: if the remote access has been introduced by the unauthorized
server or insecure protocol, the attacks of man in the middle are possible. This attack
place itself between the VPN server and remote user. It identifies the user’s
authentication to the server and access itself to the server.
 Distributed denial of services attacks: The devices like laptops, tabs, and smartphones
are more prone to attacks since they are less secure than corporate networks, such
devices lead to more viruses, crabbing passwords to them(Linkletter, 2016).
WIRELESS AND BYOD POLICY:
The FNU University recognizes that allowing the staffs, students with their own personal
devices to do the official works are comfortable by providing them with the campus internet
whilst there are very few restrictions posed technically by the university on the access with
their private gadgets.
On behalf of information security, accessing the university information and data in the
personal devices creates a problem (Linkletter, 2016).
They must ensure the data and information is in the control of the university although they
are shared between personal devices and enhance the protection to the intellectual properties
and the safety of the personal information of the individuals owning the devices.
FIREWALL POLICY:
This policy is being built to protect to control the internet flow traffic between different
electronic devices. It looks after the network traffic and makes the document for the policy
with instructions that are contained within the firewall rules.
Firewall is one of the strategies to overcome the harmful activities of the system by securing
it.
INTRUSION DETECTION POLICY:
The university with a proper documentation of their policies are always ready to act
whenever they are faced with the intrusions in their networks by eliminating the damage and
protecting the university data smoothly
PURPOSE:
 Create a guide on how network intervention will be spotted.
 Establish ways of reacting, preventing, and eliminating a network intervention.
28

The Intrusion Detection Policy is modeled to raise them all over the level of security in the
university network by actively hunting for unauthorized access. The procedural structure
outlined in the policy will detect unauthorized access to official data and inform proper
personnel of such an event to secure the value of that data.
VULNERABILITY SCANNING POLICY:
The purpose of this policy is to allow IT service management within FNU University to scan
devices linked to the university network for vulnerabilities. This helps in aiding in sustaining
a secure and faithful infrastructure.
 Vulnerability scanning may be taken to:
 Identify adaptive systems within the university network;
 Identify virus affected systems within the campus network;
 Identify deficiently configured and prospectively unsafe systems linked to the campus
network;
 Any system requesting a firewall rule;
 Check and analyze possible security events to make sure systems conform to FNU
University’s security policies (Linkletter, 2016).
This affiliation covers all PCs and specific devices had or worked by a method for FNU
University and any PCs or particular gadgets that are to be had on the grounds sort out which
are related with agreed JANET middle person or bolstered foundations.
INTERNET POLICY:
The network custom policy provides staffs with rules and regulations about the exact use of
university resources, network, and Internet access.
The group of specialists part will realize that looking one of a kind regions or downloading
positive information is denied and that the strategy ought to be taken after to or there could be
completely serious outcomes, on this way provoking lesser security perils for the school
because of staffs and understudies rashness. Before starting any work, all the people of the
university must sign the document of the internet usage policy.
The staff members and the students are responsible for using the internet effectively only for
the official purposes. Internet access is limited to official-related activities only and personal
use is not permitted.
29

Business-related activities fuse ponders and informative assignments that may be found by
methods for the Internet that could aid an understudy's and group of specialists' part.
All Internet data that is prepared, traded or possibly gotten by means of PCs are considered to
have a zone with and is seen as a component of its legitimate certainties. It is on this way
worry to articulation for legitimate reasons or to other fitting untouchables
The resources, overhaul, and technology used to access the Internet are the property of FNU
University and the college reserves control of Internet traffic, monitor and access data that is
created, sent or received through its online networks.
Emails sent via the university mail should not contain post that is said to be crime news. This
includes the use of vulgar or harassing language/images
All sites and downloads are monitored and blocked by the university if they are considered to
be harmful or not productive to the college.
The installation of new software like immediate messaging technology is strictly restricted
(Linkletter, 2016).
Physical Security Policies
The point of this course of action is to give a shape and aides for recognizing and dealing
with dangers going up against FNU, its group of specialists, understudies and visitors.
This system will permit the college, into the volume is sensibly achievable, to guarantee the
prosperity and security of the grounds, remote work environments (i.E. Homes) and the
general people using these workplaces.
This Policy:
•explains the functions and duties of pertinent people.
• Ensures FNU’s goals to reduce the security-related risk facing the university.
• declares FNU’s commitment to have in place the security systems, ways and rule measures
that make sure that the FNU management, including visitors to the university, can go about
their work in a safe and secure place.
Data centers, offices, or other places that check on the data systems and data storage,
workstations, and other devices will be secured from unauthorized touch access, as well as
30

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

natural and environmental problems that may adapt highly confidential data, integrity, or
accessibility.
Standards established by the Information Security Unit of Information Services will be set for
the use.
Each unit within the University has the responsibility to ensure physical security for their
areas and can best accomplish this by following the best practices set forth in these standards.
Personnel Policies
The record of school techniques is detached into 5 portions. The underlying stage is on
popular work weight procedures which are important to heaps of divisions of representatives
and staff people.
Decided something different, each approach on this component relates to all relationship of
staff and group of laborers individuals. The course of action picture for in vogue
methodologies is PG.
Four more sections contain procedures specific to a chose affiliation class as takes after:
The Director of HR is accountable pertaining the document of personnel policies accepted by
appropriate authorities. Later revaluating of current work weight systems or the reintroducing
new game plans is most likely proposed through University school. Copies of arrangements
affecting a group of specialist’s laborers may be submitted to the Director of Human
Resources.
Game plans affecting workforce delegates will be submitted extraordinarily to the President
by utilizing the Faculty Senate for appropriate administrative review.
31

Nevertheless, as in accordance with Article III, A. Three (an) of the FNU University By-
Laws, the President of the University is responsible "to make rules and controls which may
be foreseen to take out the reason imparted consequently;" on along these lines, the President
may likewise exchange, wipe out, or increment group of labourers techniques as the President
thinks about on consideration such change, suspension of methodology, or making new
course of action to be in the great artistic creations of the University, responsible to the Board
of school.
Courses of action unquestionably followed up on could be incorporated into the strategy
report once they advance toward getting to be leisure activity plan.
VISITORS POLICY:
For confirmation capacities and in mellow of the wellbeing utilization of the Utilities
Department Properties the going with Security Policy may be maintained.
Access by a method for visitors is presumably restricted and controlled through the Visitor
Policy as a level of certification of the mammoth assortment of property having a zone with
the school.
Visitors contain every one of us other than Utilities Department representatives or individuals
beneath division of the University (transient individuals/guides
Visitors will be of three types;
General visitors, who are given with only the access to the office and warehouse, not on the
operational areas.
Escorted visitors can visit all the areas as general visitors and also can access the operational
area with certain guidelines.
Unescorted visitors can access all the resources and areas without any escort guidelines.
General guests are required to enroll and may not be issued a distinguishing proof. Should
their visit exchange they have to return to the front works of art place and sign out and sign
back in as both an Escorted or Unescorted Visitor.
32

Escorted Visitors upon touchdown can be issued a white ID stamped "Visitor". They may
likewise flow uninhibitedly inside the place of business and dispersion center an area, yet are
compelled from coming into any operational domains without being escorted by utilizing a
licensed departmental assemblage of specialists part.
Unescorted Visitors upon section will be issued a purple personality checked
"UNESCORTED". An approved departmental workforce component need to shut down
allowing full inspire admission to the expressed individual, at which period they will stream
about all domains without an escort.
In no way, shape or form are escorted guests to be permitted to sit down unbothered in any
Utilities operational domain.
Visitors might be issued recognizable pieces of proof (VISITOR OR UNESCORTED) and
hardhats spotting them while all is said in proficient as Visitors for the straightforward
recognizing confirmation by a method for all utility gathering of specialists.
Should Utilities work constrain find an escorted visitor unescorted in the Utilities operational
segment they could strategy them, ask as to their inspiration and escort them out of the
operational domain.
All guests are to answer to and be met at the Facilities Building that enables you to avoid
unnecessary or undesirable get admission to.
GUIDELINES FOR HIRING EMPLOYEES:
There are lots of state, federal and local rules to be followed for hiring the staffs in the
universities to maintain the legal ways of selecting them with the help of human resource
departments to deal with e
Guidelines for Hiring Employees
There are various Federal, State and Local standards in regards to procuring workers and
most extensive organizations keep up in-house legitimate direction and human asset divisions
to manage these principles. In any case, in the event that you are a little organization, these
are unreasonably expensive extravagances. Accordingly, General Counsel, P.C. is here to
give your organization some basic sound judgment rules for enlisting workers:
• Do not segregate in light of race, shading, sexual orientation, religion, incapacity
status, and so forth.
• Respect the candidate's entitlement to protection: conjugal circumstance, financial
foundation, individual life.
33

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

• Don't infer things you can't convey: professional stability, benefits.
• Observe all laws identifying with the lowest pay permitted by law, contracting
youthful or settler specialists.
• Follow the IRS rules for employing self-employed entities.
• Follow all IRS and State new employing prerequisites.
The Interview can be a champion among the most hazardous minefields a business endeavor
faces. Various government, country, and group laws control the request that can be gotten a
couple of insights roughly an applicant's race, intercourse, handicap, countrywide beginning,
sexual presentation, matrimonial distinction, being pregnant, age, hover of relatives outlines
or other individual issues. These points must be totally kept up a vital separation from, as
influencing request in those zones to can supply competitors who aren't picked avocation for
an isolation affirm.
General Counsel, P.C. Has sorted out a timetable of pre-venture ask for, which offers across
the board way at the types of request that need to and should not be asked for in the midst of
the get-together method.
Recorded confirmations are each other great measured landmine that associations should treat
with exact care. The law adjustments from kingdom to state. A couple of states remember
intentions in surveying a man's ability for contracting. A couple of states blacklist all types of
individual examinations to pre-show screen competitors. A couple of states without a doubt
require wide pre-business screening necessities for remarkable purposes for a living, for
instance, schools, childcare, and restorative contributions workplaces. Supervisors should
look at their kingdom's one of a kind statute to decide its capacity, importance, and
consistency (Linkletter, 2016).
Under the Fair Credit Reporting Act, going before attracting an out of entryways business to
coordinate a man or lady confirmation and establishment a "customer document," the venture
should gather the hopeful's created consent. The business undertaking should give the hopeful
a copy of the report's disclosures and allow the possibility to wander the revelations once in
the past making any disagreeable stream.
Guidelines for Firing Employees
34

There frequently comes a point in the business venture specialist dating, where the
association begins off evolved to sharp. The specialist won't do as much as a similar old
foreseen, plausible having conduct inconveniences or is to a great extent undeserving to play
out exact assignments. Despite when a delegate is showing up splendidly, your association
may likewise need to lessen and terminate an astonishing representative.
Terminating workers is not the slightest bit an exquisite assignment, yet with the heading
beneath, your organization can maintain a strategic distance from the undertaking landmines
in the midst of the end technique.
Do whatever it takes not to end a laborer in shock. This may also show up clearly prominent
on a similar time, without giving it bounty idea, balance is dominating. Before freeing a
delegate, set apart probability to assess the decision. A chilling length won't change one's
brain, anyway as an elective it'll supply time to assess the decision and plan the stop.
Adopt after strategy. If an endeavor has made business approaches, which incorporates
surrender strategies, heads should tail them dependably.
File the reasons at the back of discharge. A specialist report must give a sizable record that
clear up the dismissal. At whatever factor a quit isn't generally said with reprimands or tries
to upgrade laborer execution, a conceivable end is that there was a shocking thought way
inside the decision.
Be straightforward. A business undertaking may be alluded to slacken up the sidestep up
telling a laborer that the business endeavor is abridging while in reality, the specialist's
execution is unsuitable. At that factor, while the business uncovers an approach to supplant
the worker, these games give thought process to feel vague about the business' legitimacy.
Offering a severance package. A severance bundle calls for the attentive idea. It would
conceivably manage the specialist's trade and lessen the degree of threatening vibe in danger
of inciting arraignment. Any severance data which depends upon an entry of cases towards
the business must be drafted by a method for an attorney normally a wretchedly drafted
release may moreover don't have any legal power.
35

Consolidate an onlooker. The end should be given an up close and personal. Since stop
interviews are finished of feeling, an observer must be accessible. One individual can bring
the determination while exchange takes notes to document the accumulation.
Use an end letter. Once in some time is a formed illumination for a discharge required by a
method for the law. Drafting an end letter, be that as it could, grants time to meticulously
exceptionally well recollect what is said and the way it's miles said. The quit letter should be
passed on to the representative upon stop and should pass on the decision to stop and a
prevalent declaration of the reasons.
Be cognizant. End forms should be arranged with anyway a horrendous parcel affability and
idea as could sensibly be foreseen, paying little considerations to the reason. It is most likely
help to make utilization of an autonomous region, as an example, an empty work
environment or amassing room. If the social affair is horrible and inciting, the shot of legal
leisure activity increases.
The strategies above are not a total verbalization of honest to goodness steerage even as
terminating a specialist. As each end circumstance is exciting, please contact General
Counsel, P.C. To talk about the best approach to as it ought to be hearth any delegates
previously taking any antagonistic exercises.
Scanning for additional records about what organizations General Counsel P.C. Will oblige
your association?
USER TRAINING POLICY:
An effective training policy does the following
 Provides guidance for allocating department resources such as trainers, money, and
time
 Gives a broad direction to training activities
 Outlines the authority is given to the training department, as well as the limits to that
authority.
Getting ready methods can moreover be connected as one of the devices for surveying the
accomplishment of the office's undertakings. A half of year after the approach will turn out to
be intense; the training division must confirm the technique.
Data Policies
The reason for this Data Management Policy ("the Policy") is to make certain the
computerized data and insights having a place with, or held by utilizing, University College
Cork – National University of Ireland (the "School").
36

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

It hopes to give a device inward which the parts and duties of the people that regulate or
make utilization of the certainties and realities are portrayed.
The point of the Policy is to enable get right of the section to insights and measurements held
therough UCC, to the astounding degree achievable, steady with sanctioning and full-
estimate UCC techniques, while verifying that electronic insights are secured against
unapproved make utilization of, access and bursts of wellbeing.
System and Hardware Policies
The Policy has been depicted in light of the going with norms:
Data delivered or without a doubt held by means of the University are key sources that must
be as it ought to be administered and controlled with a view to guaranteeing their openness,
dependability, and mystery and too comfort the University's benefits, reputation, legitimate
capacity and capacity to manage its business endeavor.
Despite its managerial obligations, the University regards the security of the man or lady and
the organization of Data ought to be arranged in a way that guarantees that wellbeing
For the thought processes in this technique:
•Staff suggests all entire time and espresso upkeep agents of the University, including staff
upheld remotely anyway under consent to the University.
• Students infer all entire time and espresso redesign selected understudies of the University. •
External Parties suggests the majority of the University's reinforcement gatherings, transient
individuals, specialists, visitors and moreover whatever different social events who're
permitted motivate passage to the University's IT Resources. (Hereafter aggregately
insinuated as "Customers")
HARDWARE AND SOFTWARE POLICY:
Desktop Hardware:
Divisions need to purchase all canvases region contraption as in venture with the University's
procurement approach, and Information Technology Services (ITS) record and strategy.
Work region hardware can be offered as a whole unit. Working with PC systems from
solitary parts is totally denied.
Should similar old framework contraptions offered now not meet your University
undertaking/investigate wants you ought to decide your necessities and ahead these, with
hobbies for the proposed buy, to ITS for underwriting by utilizing the CTO Hardware
Exception Process.
37

Simply the work region framework offered with the guide of the University looking for
arrangements organized inside the University Purchasing Manual and showed inside the SOE
strategies may be reinforced by methods for ITS.
ITS may require the work put the framework to be upgraded holding as a primary concern the
quit reason to safeguard on being fortified.
All work region contraption might be disposed of according to the current University
principles and strategies for • gadget leasing
IT equipment exchange
School asset exchange
Desktop Software: Workplaces need to buy all Desktop Software as in advance with the
University's securing methodology, and Information Technology Services' record and
strategy. The usage of unlicensed writing computer programs is completely denied on
Massey University had work locale gear; which fuses programming that has been obtained or
downloaded to be utilized on individual (home) PC
All item purchases not provisioned by methods for ITS should be urged to ITS, for recording
in a central programming database and to guarantee right permitting of things.
ITS can likewise require artistic creations area programming to be overhauled from an old
rendition of programming with a chose to stop objective to continue being maintained.
Disaster Recovery and Business Continuity
Business continuity and disaster recovery (BCDR) is a type of technique and set up which
includes recovering the organization from the disasters been made to the organization and get
it back to easy flow the process to the same track as before. This is to fight back the disaster
that attacked the organization to clear out the issue and carry out the normal working of it. It
includes the calculation done regarding the IT and business department of the organization
after recovering from the disaster and managing the normal working conditions as before.
BCDR is basically divided as its name suggests in two parts that are-
Business continuity (BC): It deals with the business-related activities of the organization of
BCDR. It involves the planning and set up of the business situation during and after the.
Disaster to gather all the required information about how to deal with it and what further
steps are to be taken to get back to the normal working of the organization. BC carries out the
dealing with the business competitions, staff regulatory and replacements, business impact
and managing the regular changes in the market to deal with it timely.
38

Disaster recovery (DR) -It includes dealing with the IT and networking related department
which overpowers the communication and networking set up of the organization to carry out
their processes to overcome with the diffusion of the disaster to carry out the normal working.
Its main purpose is to secure the data and information of the organization with securing their
personal hardware and software and also at the same time clear out the networking and
communication-related problems and issues of the firm during the disaster.
#BUSINESS IMPACT ANALYSIS
Business impact analysis (BIA) is the process which deals with the carrying out the
calculation and determining the damage made to the organization and also the interruption
made in the normal working of the organization is related to the terms of networking and
communications. It includes the planning of how to makeover the business back and dealing
it with the risks at the lowest time. It also manages the planning of business management
plans to overview the risks that are predicted.
The business impact analysis reports result in the amount of risk that hit the
organization and its study. It involves focusing on every component and department that was
affected and also the values of each department and component is funded and focused
according to its value and the amount of change happen to it after the disaster.
Like, the cafeterias and tukkin are important in the organization but they are not as much
important that they should not be removed to deal with the upcoming risk and situation of the
firm.
#INSURANCE CONSIDERATION
The loan amount that is going to be paid is basically termed as consideration and on the basis
of this amount the bank or creditor takes the interest amount regarding the time. Also with the
passing of time, the policies of insurance will carry out some basic rules and regulations as
depending on the condition of the business, like if there is a need for renewing the policy then
all the structure and condition of the business will be looked out once before providing its
market value and renewing the insurance.
When policies of business-related activities are put under insurance considerations, many
points are gone through in the initial stage, those are-
The details of employees and staff members are given their permanent and temporary
condition statement details.
The amount should be considered with the highest value and then should be compared with
all low and high-value policy details.
39

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Does the insurance policy look out in the manner you are running your business?
Have you placed a specialist in your firm for dealing with the policies of high-end and low-
level policy patterns?
Is the abroad / overseas branch been put under consideration before putting the values of
policy insurance?
If there is any lawsuit against you but not your company, does your legal conditional policy
allows you to deal with the lawsuit personally without firm’s name?
Are the monetary limits of coverage adequate for your needs?
Does the policy provide you with the benefits of all type of insurance under one policy?
Are there any exclusions I need to be wary of?
What will be your manner of payment - that is, annually, quarterly, or monthly?
# INCIDENT RESPONSE TEAM
For dealing with the issues and conditions at any incident of time, the incident response team
is formed to carry out the analyzing of the security barriers and taking necessary actions at
any incident for the welfare of the organization. This team is basically consisting of mainly
three parts which are its team also with core parts, they are-
Incident response manager-
The incident response manager deals with decision making power in any situation dealing
with the overseeing of the detection, analysis, and measurement at any moment. They are
also responsible for the conveying the requirement list to the organization for the dealing with
the high security breached at any incident Goethe security of the firm.
Security analysts-
The manager is supported by the security analysts who’re directly associated and linked with
the network and research dealing with time, location and detail of the incident for the security
purpose that is their main work.
Threat researchers-
Threat researchers are the team members which deal with the intelligence as well as the
content of the incident related work for the firm. Their main job is to look at the overview of
the working and making reports for every incident that will lead to the formation of the
database of the particular event for the firm.
# PHYSICAL SAFEGUARDS
The measurements that are kept in mind to prevent the loss through locks, burglar proofing,
guards etc and the presentation of all the physical gadgets like access control system,
40

fireproof vaults, fire suppression system, power backups and many more are basically
together given the meaning of physical safeguard. They include the modern type of gadgets
also which are physically handled under the supervision of the owner for the security reasons
and trendy pattern like others. Some firms are in full confidence of satisfying their needs and
requirements during the time of disaster and their recovery is kind of safer than the other
competing firms.
Almost one-fourth of the business-related firms do not have their plans related plans during
the disaster and their recovery is not easier to be handed on the first hand.
During the survey of Gartner, many organizations were put under the testing and survey.
Only 35% of all organization was seen to be able to fight any disasters and had the capacity
of recovering from the issue. Working as airs party can also be challenging to be unaware of
the issues be forced to fight the problem regarding the global system- many of them have a
great knowledge and experience regarding the practice of how to handle things like this.
# PREPARED ITEMS
They are the most important things which help in dealing with the disaster and recovering the
whole working of the system and also pushing the business to continuity without putting it in
any loss. The key elements that are pushed more focus on are -
The level of disaster and their scenarios
Roles and responsibility
Checking the lists and maintaining a regular check up on the procedures made for the
recovery basis.
The information of contacting should be refreshed regularly.
The recovery log and the response should be given more priority as it has vital effects.
# INCIDENT RESPONSE PROCEDURES
It is the type of business process which enables the firm to remain in the business. The
incident response procedure is basically many procedures focussing at identifying,
investigating and responding to all the security-related questions and their incidents which
helps in decreasing the impact and leads to the high amount of recovery for the system.
Preparation for the procedure is must as it diversely impacts on the system which has many
points to be focused -
Priority should be set for all the assets and a baseline should be set to deal with all the system
related procedures.
41

Making different connections, collaborating within the system and focusing on the
communication more leads to a great change in the increasing system working leads to a
great success.
# RESTORATION PROCEDURES
Would or not it's equipped for be kept from occurring some other time?
What are the redundancies that may hinder or bring down the effects of fate power outages?
Did the more prominent a piece of the workarounds perform effectively/adequately?
Did the majority of the general population of the modifying and recovery physical exercises
execute as it ought to be/tastefully?
What has been the charge of the power outages as far as devices costs, works of art constrain
costs and operational hardships
The way of performing business in dealing today with the consumers and other people to
have faith in them and also they know how to use the information and data in a good way
with panning in a profitable manner. The data of the organization should be used in such a
way that the data should not be lost and also should have any numbers of profit with
consumer demands satisfaction and access allowing.
# FORENSIS CONSIDERATIONS
Testing stipends you a check to have your dormant charming
This is frequently unnoticed in medium or minimal imagined foundations as they find they
don't have the delight in, investing design or energy of their IT-establishment to layout and
realize a disaster recuperating plan.
Testing your game plan bodes legitimately to guarantee it is the correct one in your business
venture. An intensive disaster recuperation design incorporates exchanging past the support
approach and getting interesting with your DR arrangements and systems. This is regularly
neglected in medium or minimal estimated relationship as they find they don't have the
experience, investing design or energy in their IT-organization to characterize and execute a
catastrophe recuperation plan.# MAINTAINING THE PLAN
The vital records should be maintained in electronic and hardcopy because if your system is
destroyed you will not be able to access the electronic copy. The hardcopy should be
maintained in the facility and you should also have an off-site copy in case there is a fire or
other disaster that prevents you from obtaining the hardcopy out of the facility or if
something destroys the hardcopy.
42

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Testing your plan makes perfect sense to ensure it is the right one for your business. A
comprehensive disaster recovery plan involves moving beyond the backup strategy and
getting specific with your DR policies and procedures. This is often ignored in medium or
small sized organizations as they find they do not have the experience, budget or time in their
IT-team to design and implement a disaster recovery plan.
43

Security Strategies and Recommended Controls (two pages)
Network security is an important issue in the highly connected world. Network security
depends on attacks which include both spreading of virus and physical attack of nodes or
edges. To overcome that problem, we propose a new strategy of attacks. By using those
strategies, we proposed new models which probably secure the network.
The process of security design is breaking down into following steps which will help us
in executing a security network: -
1. Identifying Network Assets:-
Identifying Network Assets includes the gathering information for network security on
customer's goal. These gathering of information and analyzing goals includes identifying
network assets and the risk which is inappropriately accessed. Analysing of goals also
involves analyzing the consequences of risk.
Network assets include network host's operation system, application, and data.
Internetworking devices like routers and switches are being operated by these assets.
Network assets work on the data which is related to intellectual property of network security.
2. Analyzing Security Risks:-
Analyzing security risks are rises due to untrained users who download internet applications
that have viruses. The main reason behind the security risk is hostile intruders, these intruders
steal data and change it which causes service to be denied. The risk analysis process gives
proper management of all the information, which is being needed to make educated
judgments by concerning the information security. The security analysis identifies the
existing security controls, calculates vulnerabilities, and evaluates the effect of threats on
each area of vulnerability.
3. Analyzing Security Requirements and Tradeoffs:-
In general, many customers have more specific goals which require protecting the following
assets:-
Security requirement team needs to protect the confidentiality of data. Due to that only
authorized users can see the sensitive and inbuilt information.
Security requirement team needs to protect the integrity of data. Due to that only authorized
users can change the sensitive information.
Security requirement team needs to protect the system and data availability. Due to that users
do not have uninterrupted access to important computing access.
44

On the basis of these analyzed data, a site security handbook is launched named as RFC
2196. According to RFC 2196, the cost of protecting yourself against a threat should be less
than the cost of recovering.
Security trade-offs are that analyzation of security which includes the reduction of network
redundancy. Due to that, the possibility of meeting availability goals decreases because all
traffic is not going through an encryption device.
4. Developing a Security Plan:-
The first and the important step in security design is developing a security plan. A security
plan is a high-level documentation that indicates the working of the organization to meet
security requirements. A particular time period is provided to each plan with the involvement
of people and important resources that will be required to develop a security policy.
A security plan provides the reference of network topology, which includes the list of
network services. These lists provide the information of different clients who provide and
access the services.
The most important aspects of the security plan is a specification of the people who must be
involved in implementing network security.
5. Developing Security Policy:-
A security policy is a detailed statement of the rules through which people who are given
access to a technology organization and information assets must abide. A Security policy
informs people to protect technology and information assets. To develop a security policy,
the management of senior citizens must be perfect for improving a network administrator.
A security policy is a formal document because there is a constant change in the organization.
Security policies should be regularly updated to reflect new business directions and
technological shifts. Risks change over time also and affect the security policy.
6. Developing Security procedures (KeyCDN 2016):-
Security procedures are the process which involves the implementation of security policies. It
defines all the maintenance processes like configuration, id details, and log in and edit
information. Security procedures are written for network and security administrators. The
proper implementation, working, and principle of incidents are specified by security
procedures (Caniggia, 2003).
7. Maintaining Security:-
It is necessary to maintain the security, which is done by scheduling the independent audits. It
includes reading of audit logs, responding to uncommon incidents, reading the agency alerts,
45

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

proper performance of security testing, and the main important task that is updating security
plans and policies. Network security is a constant process, in which risks change over time
which causes a change in security assets. Improving the terms of security is a never-ending
process because there is a continuous process of updating security mechanism, to keep the
latest version of network security.
Framework Security oversee is a route for redesigning the wellbeing of a non-open definitive
machine through restricting the openness of contraption resources for endpoint gadgets that
gives the path to alliance's insurance affiliation. A not bizarre machine oversee incorporates
the two important fragments, as a case, Restricted Access and Network Boundary Protection
(KeyCDN 2016).
46

Residual Risks
1. Firewall Configurations:-
It is fundamental for firewall setups to be constantly checked and uninhibitedly explored to
ensure that unmistakable the very basic design is dynamic or not anymore. When seeming
open air looking at, we much of the time see far-flung organization organizations provided to
individuals in well-known web instead of being strongly isolated to just allow get right of the
section to from depended on frameworks, for example, the LAN or VPN. Firewalls are
movable. This suggests you may incorporate or empty channels based absolutely a couple of
conditions.
The Cisco ASA 5505 firewall has eight ports, in some other case called 'exchange ports' or
'interfaces'. As opposed to starting with number 1, they begin with amount zero, so the ports
are numbered zero through 7. In a couple of examples IT geeks make matters remarkably
overwhelming (Mace, n.d).
We will use ports these days, Switch Port 0 and Switch Port 1. In Switch Port 0 we would
interface be able to the connection from our Internet supplier and in Switch Port 1. We can
friend our office arrange. That way, the firewall is among our work environment PCs and the
huge lousy Internet.
2. Network segregation:-
Close by checking the firewall setup, watch that seclusion is working reasonably finished all
gadget flight and front core interests. Associations must check for mastermind peculiarities
ascending from the seclusion among servers and customers.
If cardholder actualities circumstances, or other comfortable enclaves, are insufficiently
disconnected, an aggressor might need to get to them by wandering across finished through
bartered systems – has occurred inside the 2013 Target crush wherein developers to begin
with exchanged off an intruder sellers get ready sooner than bobbing transversely finished
onto Targets and at last split the POS set up. Framework division and disengagement aren't
least complex basic for ensuring systems or structures of different security arrangements, yet
moreover to secure structures of a practically identical request yet with assorted security
necessities. A model instance of this is giving office among the structures wherein your
customers scrutinize the web and access email and your most extreme delicate information
(KeyCDN 2016).
3. Username enumeration and strong passwords:-
47

A part of the standard disclosures at the Internal Penetration Tests we do contain record
imparts to outfitting has a similar assessment and the capacity to determine usernames in
view of mistakenly composed Windows space organizations. These defects, as often as
possible start off-focal points being grabbed on the framework.
Affiliations need to guarantee that each one client set stable passwords that cross past
basically get together the overarching puzzle state multifaceted nature benchmarks. We
mechanically take a gander at affiliations that have pleasant sharpen watchword systems, yet
in the meantime have clients using frail ones, as an occasion, 'Password01,' just to meet the
technique. Affiliations need to encourage clients to separate the chance to set a modest
entangled watchword, by then check them mechanically to guarantee that they're pleasantly
strong (BeotelNet. 2017).
4. Web applications:-
Inadequacies and vulnerabilities in web bundles are quickly getting the opportunity to be one
of the statute attack vectors through which organizations are jeopardized. The main dangers
regularly found inside client's bundles are SQL Injection, Cross Site Scripting and Parameter
Tampering ambushes.
Nearby standard web utility penetration experimenting with, all applications should be
sufficiently coded using an appropriate strategy, for instance, the Open Web Application
Security Project (OWASP) loose coding rules. While betting out a review of usages, exams
should in like manner incorporate verifying that no novel inquiries are connected as a piece
of utilization code, input endorsement, and disinfection is suitably completed and that expert
checks are accessible for all buyer controllable data (Bleier, 2004).
Resources
The expectation is to guarantee that the related controls meet the confirmed wellbeing novel
for the item and contraption and complete the affiliation's security approach or meet industry
standards.
Passageway experimenting with might be used to supplement the review of security controls
and assurance that various components of the IT structure are secured. Invasion testing, while
used inside the threat examination framework, might be connected to assess an IT structure's
ability to look up to useful undertakings to sidestep system insurance. It will likely check the
IT structure from the point of view of a peril source and to capture limit frustrations inside
the IT system protection designs. Earlier the employees used to have a separate computer at
the workplace and a separate computer at home but nowadays it is okay for them to use the
48

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

same computer or laptop at both the places. This has increased security risk and chances of
leakage of information of the organization. The organization needs to have strict protocols
and policies regarding the devices that the employees use. The employees should not use the
company computer or laptop for their personal use. The companies should also give a
separate phone to the employees so that they do not in any way leak important information
regarding their company (Mace, n.d).
49

Conclusion
Hence there are several policies that have been implemented in the universities for the
betterment of all the latest advancements taken place for the studies of students and research
works of staff members that has been amended officially which allows everyone in the
college of first national university should abide by for the smooth actions into play. I
conclude by stating that the network security should be made by considering both the main
objectives of the network that why is it done and for what it is for. And the second one is
about how the network security is done or how is it plan by taking the assumptions in
consideration. By perfect planning are with some main objective network security can be
built in both the business as well as in small organizations. As seen above, it is not possible to
operate a venture or any kind of work which involves the usage of sensitive information
without the presence of network security options. Network security does not only protects the
network from outside threats but it also protects the information and data stored on the
network from getting out. Therefore it is evident that the scope and usage of this component
is unparalleled from any other component when it comes to security and protection. As the
network grows and more ventures come online it would be getting important and prioritized
to maintain and use network security on a regular basis. Network security is important factor
because without the network security anyone can steal the data with enough computer skills
and knowledge can break into a system and compromise the network resulting into loss and
leakage of data and company’ reputation at the same time. The duplicity of movies, songs
and other things we see on the internet is a result of poor network security and lack of proper
management of network. To ensure the success and reputation of any organization it is very
important to ensure a robust and good working network security (Beal, n.d).
50

References
 Beal, V. n.d.What is Network Security? Webopedia Definition. [online] Webopedia.
Available at: https://www.webopedia.com/TERM/N/network_security.html [Accessed
27 Mar. 2018].
 BeotelNet. 2017. Media streaming - audio and video. [online] Available at:
https://www.beotel.net/streaming [Accessed 23 Mar. 2018].
 Bleier Jr, W.H., Blue, D.E., Brady, K.J., Jones, J.R. and Maurer, M.M., International
Business Machines Corp, 2004. Intelligent workstation simulation—generalized LAN
frame generation simulation structure. U.S. Patent 6,832,184.
 Buyya, R., 1999. High-performance cluster computing. New Jersey: Prentice.
 Caniggia, S. and Santi, P., 2003, August. Common-mode radiated emissions from
UTP/STP cables with differential high-speed drivers/receivers. In Electromagnetic
Compatibility, 2003 IEEE International Symposium on (Vol. 2, pp. 564-569). IEEE.
 Carter, A. 2012. Different Types of Switches - Network Switches. [online] Eye web.
Available at: https://www.eeweb.com/profile/andrew-carter/articles/different-types-
of-switches-network-switches [Accessed 27 Mar. 2018].
 CB Antenna. (2017). A Complete Guide to CB Coax Cable - Strykerradios. [online]
Available at: https://strykerradios.com/cb-coax-cable/ [Accessed 27 Mar. 2018].
 KeyCDN 2016. What is Latency - KeyCDNSupport. [online] KeyCDN Support.
Available at: https://www.keycdn.com/support/what-is-latency/ [Accessed 27 Mar.
2018].
 Kosta, Y.P., Dalal, U.D. and Jha, R.K., 2010, March. Security comparison of wired
and wireless network with firewall and virtual private network (VPN). In Recent
Trends in Information, Telecommunication and Computing (ITC), 2010 International
Conference on (pp. 281-283). IEEE.
 Linkletter, B., 2016. How to emulate a network using VirtualBox.[Online] Brian
Linkletter.
Available at: http://www.brianlinkletter.com/how-to-use-virtualbox-to-emulate-a-
network/ [Accessed: 17 September 2017]
 Mace, T. n.d.Traffic Management for Optimizing Media-Intensive SoCs. [online]
Design And Reuse. Available at: https://www.design-reuse.com/articles/22738/traffic-
management-media-intensive-soc.html [Accessed 27 Mar. 2018].
51

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

 ManageEnginen.d.Quality of Service QoSCBQoS reporting NetFlowAnalyzer.
[online] ManageEngine. Available at:
https://www.manageengine.com/products/netflow/allaboutqos.html [Accessed 27
Mar. 2018].
 Mitchell, B. 2017. What's a LAN (Local Area Network)?. [online] Lifewire. Available
at: https://www.lifewire.com/local-area-network-816382 [Accessed 27 Mar. 2018].
 Mitchell, B. 2018. What a VLAN Can Do for You and Your Business Computer
Network. [online] Lifewire. Available at: https://www.lifewire.com/virtual-local-area-
network-817357 [Accessed 27 Mar. 2018].
 Mitchell, C. J., n.d.SECURITY TECHNIQUES.
 Multicom. n.d. Draka - ezSPAN - ADSS Long Span Fiber Optic Cable (2-288 Count).
[online] Available at: https://www.multicominc.com/product/draka-ezspan-adss-long-
span-fiber-optic-cable-2-288-count/ [Accessed 27 Mar. 2018].
 NixCraft, 2017. How to colorizing cat command output or files using ccat app on
Linux or Unix system.[Online] NixCraft.
Available at: https://www.cyberciti.biz/tips/linux-iptables-10-how-to-block-common-
attack.html [Accessed: 17 September 2017]
 Oliver, C.J., CABLETRON Inc, 1989. Visual display for communication network
monitoring and troubleshooting. U.S. Patent 4,890,102.
 Paul, I. (2014). How to use the Tor Browser to surf the web anonymously. PC World.
Available at: https://www.pcworld.com/article/2686467/how-to-use-the-tor-browser-
to-surf-the-web-anonymously.html
 Rabie, S., Aboul-Magd, O. and Mohan, D., Rockstar Consortium Us Lp, 2013. VLAN
support of differentiated services. U.S. Patent 8,422,500.
 Scheer, G.W. and Dolezilek, D.J., 2000, April. Comparing the reliability of Ethernet
network topologies in substation control and monitoring networks. In Western Power
Delivery Automation Conference, Spokane, Washington.
 Seltzer, L. 2013. Securing your private keys as best practice for code signing
certificates.
 Stallings, W., 2003. Cryptography and network security: principles and practice.
Pearson Education India.
 Varshney, U., 2006. Patient monitoring using infrastructure-oriented wireless
LANs. International Journal of Electronic Healthcare, 2(2), pp.149-163.
52

 WordFence. (2016). Password Authentication and Password Cracking. WordFence.
Available at: https://www.wordfence.com/learn/how-passwords-work-and-cracking-
passwords/
53

1 out of 54

+13062052269

info@desklib.com

Network Security Plan: A Comprehensive Guide to Protecting Your Network

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Network Security Assessment

Vulnerabilities in Network Security: An Analysis

Network Security Assessment Report

Importance of Networking and Security in Organizations

Cisco Prime Infrastructure Network Implementation

Risks, Threats, and Vulnerabilities in Bank IT Infrastructure