Comprehensive Report: IT Security Policy Analysis for Cisco Systems
VerifiedAdded on  2020/02/24
|13
|2597
|34
Report
AI Summary
This report provides a comprehensive analysis of the IT security policy implemented by Cisco. It begins with an introduction to IT security, defining its importance in protecting hardware, software, and information assets. The report then delves into the content of the security policy, emphasizing the importance of OS passwords and risk management. It explores various security models, including the Organizational Based Access Control (OrBAC) model, and discusses security standards and controls like ISO/IEC 17799:2005 and ISO/IEC 27000:2013. Risk analysis and contingency planning are also examined, highlighting disaster recovery methods and the importance of data encryption. The report further addresses general management and application controls for information systems, security principles like confidentiality, integrity, and availability, and the analysis of IT threats, vulnerabilities, and social engineering. Finally, it underscores the importance of auditing information systems and safeguarding data quality, concluding with references to relevant sources.
report
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Contents
Introduction......................................................................................................................................2
Content of the Security Policy.........................................................................................................2
Security Model for IT......................................................................................................................3
Security standards and controls.......................................................................................................4
Risk analysis and contingency planning..........................................................................................5
General management controls and application controls for IS........................................................7
Security Principles...........................................................................................................................8
Analysis of IT threats, vulnerabilities and tools including social engineering................................9
importance of auditing IS and safeguarding data quality..............................................................10
References......................................................................................................................................12
Introduction......................................................................................................................................2
Content of the Security Policy.........................................................................................................2
Security Model for IT......................................................................................................................3
Security standards and controls.......................................................................................................4
Risk analysis and contingency planning..........................................................................................5
General management controls and application controls for IS........................................................7
Security Principles...........................................................................................................................8
Analysis of IT threats, vulnerabilities and tools including social engineering................................9
importance of auditing IS and safeguarding data quality..............................................................10
References......................................................................................................................................12
Introduction
The IT security for Cisco is based on the computer systems from the theft or damage to handle
the hardware, software or information with the disruption or the misdirection of the services, as
and when they provided. The cyber security is included in the organisation with control of the
physical access to the hardware and protecting the harm that comes through the network access,
data and the code injection. The information security means to protect the data and the
information system that comes from any of the unauthorised access, or the use, disclosure or the
disruption. The information security management for Cisco is defined for controlling the security
and protecting the different information assets. The implementation of the information security is
to argue and work towards the monitoring of the scree with secured knowledge. The operating
systems are considered to seek for the beginning of the implementation of the security program
and the objectives.
Content of the Security Policy
The security policy is based on the program to implement the information with the real proof of
concepts and the explanation to be displayed on the monitoring screen. (Gerber et al, 2016). The
OS passwords are then stored with proper acknowledgement of protecting the company and the
assets for Cisco, the management of the risks is mainly through the identification of the assets
and then working over the discovery of the same, with its proper estimation. One needs to
provide with the proper security activities which are through framing of the information,
procedures and setting the guidelines based on the baseline format. There are pogroms which are
important for determining the security programs which includes:
The IT security for Cisco is based on the computer systems from the theft or damage to handle
the hardware, software or information with the disruption or the misdirection of the services, as
and when they provided. The cyber security is included in the organisation with control of the
physical access to the hardware and protecting the harm that comes through the network access,
data and the code injection. The information security means to protect the data and the
information system that comes from any of the unauthorised access, or the use, disclosure or the
disruption. The information security management for Cisco is defined for controlling the security
and protecting the different information assets. The implementation of the information security is
to argue and work towards the monitoring of the scree with secured knowledge. The operating
systems are considered to seek for the beginning of the implementation of the security program
and the objectives.
Content of the Security Policy
The security policy is based on the program to implement the information with the real proof of
concepts and the explanation to be displayed on the monitoring screen. (Gerber et al, 2016). The
OS passwords are then stored with proper acknowledgement of protecting the company and the
assets for Cisco, the management of the risks is mainly through the identification of the assets
and then working over the discovery of the same, with its proper estimation. One needs to
provide with the proper security activities which are through framing of the information,
procedures and setting the guidelines based on the baseline format. There are pogroms which are
important for determining the security programs which includes:
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
A. The top down approach where there is a proper initiation, management and the support
which comes from the top management and the work is handled through the middle
management.(Diffie, 2016).
B. The bottom up approach is for securely handle the program without any extra support and
direction.
The advancement of the procedures is based on effectively handling the communication with the
use of security control programs. They are designed for the developing and then publishing the
policies, standards and the procedures.
Security Model for IT
The best security model is the organisational based access control (OrBAC) for Cisco which is
for the accessing of control that rests on the subject, action and the object. It is mainly to control
the access of the policies with the specifications related to the permission to realize about the
actions on a particular object. The OrBAC works on allowing the policy designer to properly
define the security policy which is based on the implementation plan. The methods are chosen
with the fulfillment of the goals and subjects which are abstracted into the roles. The activity
includes the different set of actions which relates to the same security rule. The view includes the
different sets of the objects to identify about the security rules. (Ament & Haag, 2016).
which comes from the top management and the work is handled through the middle
management.(Diffie, 2016).
B. The bottom up approach is for securely handle the program without any extra support and
direction.
The advancement of the procedures is based on effectively handling the communication with the
use of security control programs. They are designed for the developing and then publishing the
policies, standards and the procedures.
Security Model for IT
The best security model is the organisational based access control (OrBAC) for Cisco which is
for the accessing of control that rests on the subject, action and the object. It is mainly to control
the access of the policies with the specifications related to the permission to realize about the
actions on a particular object. The OrBAC works on allowing the policy designer to properly
define the security policy which is based on the implementation plan. The methods are chosen
with the fulfillment of the goals and subjects which are abstracted into the roles. The activity
includes the different set of actions which relates to the same security rule. The view includes the
different sets of the objects to identify about the security rules. (Ament & Haag, 2016).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
The security policies own the concept which are related to the organisation, role, activity, view
and the contexts. This also includes the features for the conflict detection function that will help
the designer to easy find and then solve the different conflicts.
Security standards and controls
They are mainly to safeguard or handle the countermeasures for Cisco is mainly to avoid, or
detect or minimise any risks related to the security or the physical property. The criteria are
based on the time with the preventive controls and the detective controls which are mainly to
identify the characterisation of an incident that has been in progress. The categorisation is mainly
to control with the involvement of the people, technology and the operations. The information
security with the confidentiality, integrity and the availability of information helps in working on
the different frameworks and the standards. (Losonczi et al., 2016). There are different IS
controls which are:
a. ISO/IEC 17799:2005 which established the guidelines for the implementation and then
maintaining and improving the security management plans. The objectives are based on
the security policies and the asset management with human resource security and access
control. The compliance, business continuity management is to meet the requirements
and the contexts. This also includes the features for the conflict detection function that will help
the designer to easy find and then solve the different conflicts.
Security standards and controls
They are mainly to safeguard or handle the countermeasures for Cisco is mainly to avoid, or
detect or minimise any risks related to the security or the physical property. The criteria are
based on the time with the preventive controls and the detective controls which are mainly to
identify the characterisation of an incident that has been in progress. The categorisation is mainly
to control with the involvement of the people, technology and the operations. The information
security with the confidentiality, integrity and the availability of information helps in working on
the different frameworks and the standards. (Losonczi et al., 2016). There are different IS
controls which are:
a. ISO/IEC 17799:2005 which established the guidelines for the implementation and then
maintaining and improving the security management plans. The objectives are based on
the security policies and the asset management with human resource security and access
control. The compliance, business continuity management is to meet the requirements
which are based on defining the risks management. It also includes the guideline for the
development of the organisational security with the easy build-up of confidence in the
inter-organisational activities.
b. ISO/IEC 27000: 2013 works on the information security policies, organising the
organisation security, asset management and then accessing the controls with the
management of the user access. This is for the better operational security and the security
communication for a better support of information system. The series is mainly for
defining the manufacturing with the setup to define the cloud computing, storage security
and the digital evidence collection. (Gerber et al., 2016). There are broad standards which
includes how the cloud providers work on demonstration of the active security program.
Risk analysis and contingency planning
The information security with the data protection is important so that it is easy to recover the
situations. Hence, for this, the compliance requirements are set with the disaster recovery plans
that make sure of the security policies which need to be maintained in the recovery situation.
Here, there are different means which includes the updated antivirus and the firewall protection.
The plan also includes proper precautions that need to be taken for the shared recover facility,
with easy transmission of the data. For the organisation like Cisco, it is important to work on the
continuity planning, where the users can easily access the business resources. Hence, the
organisation need to work on the sign-on routine. There are different disaster recovery methods
which include the cold, hot sites and other cloud based services. The organisations need to
consider about the encryption of the shared communication lines which are mainly to handle the
data transmission. The lines are also for the providing the managed service with the assurance to
of using the encryption where the keys are stored and have the access to the keys as well.
development of the organisational security with the easy build-up of confidence in the
inter-organisational activities.
b. ISO/IEC 27000: 2013 works on the information security policies, organising the
organisation security, asset management and then accessing the controls with the
management of the user access. This is for the better operational security and the security
communication for a better support of information system. The series is mainly for
defining the manufacturing with the setup to define the cloud computing, storage security
and the digital evidence collection. (Gerber et al., 2016). There are broad standards which
includes how the cloud providers work on demonstration of the active security program.
Risk analysis and contingency planning
The information security with the data protection is important so that it is easy to recover the
situations. Hence, for this, the compliance requirements are set with the disaster recovery plans
that make sure of the security policies which need to be maintained in the recovery situation.
Here, there are different means which includes the updated antivirus and the firewall protection.
The plan also includes proper precautions that need to be taken for the shared recover facility,
with easy transmission of the data. For the organisation like Cisco, it is important to work on the
continuity planning, where the users can easily access the business resources. Hence, the
organisation need to work on the sign-on routine. There are different disaster recovery methods
which include the cold, hot sites and other cloud based services. The organisations need to
consider about the encryption of the shared communication lines which are mainly to handle the
data transmission. The lines are also for the providing the managed service with the assurance to
of using the encryption where the keys are stored and have the access to the keys as well.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
The contingency plan is the backup data transmission which results in breach disclosures. The
planning recovery. (Chi et al., 2016). The risks analysis is based on the standard information
security processes with the security rules that comply to the forms to protect the integrity and the
confidentiality. Or the risks analysis, there is a need to identify the scope of the security rules and
how the different methods and the scope is evaluated. For this, gather the data and then cover the
entity which is based on focusing over the level of effort and the resource commitment which is
important for the complete data gathering. The identification and then documenting the potential
threats and the vulnerabilities will help in handling the risks analysis processes with the
identification and documentation of the vulnerabilities. The assessment of the current security
measures is mainly to analyse the vulnerabilities.
The analysis is based on the identification of the technical vulnerabilities in the information
system through the security testing. This includes the purpose of the safeguard and protection of
the data. (Mai et al., 2017).
planning recovery. (Chi et al., 2016). The risks analysis is based on the standard information
security processes with the security rules that comply to the forms to protect the integrity and the
confidentiality. Or the risks analysis, there is a need to identify the scope of the security rules and
how the different methods and the scope is evaluated. For this, gather the data and then cover the
entity which is based on focusing over the level of effort and the resource commitment which is
important for the complete data gathering. The identification and then documenting the potential
threats and the vulnerabilities will help in handling the risks analysis processes with the
identification and documentation of the vulnerabilities. The assessment of the current security
measures is mainly to analyse the vulnerabilities.
The analysis is based on the identification of the technical vulnerabilities in the information
system through the security testing. This includes the purpose of the safeguard and protection of
the data. (Mai et al., 2017).
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
General management controls and application controls
for IS
For the general controls, there is a need to focus on the software control methods, with the
physical hardware controls and the computer operations, data security control. The application
controls are based on managing the input and the processing controls. The input controls are
mainly to check the accuracy for the data and the completeness which includes the authorisation
of the input and then working on the conversion and editing, data error handling. The output
control is mainly to make user of the programs which ensure that there is a proper access and the
accuracy which is mainly to handle the application processes. (Safi & Browne, 2017). The run
controls, computer matching and the other programmed editing checks are for the handling of
processing. They are also for the ensuring of the results that are accurate and completely
distributed. The information technology controls are the specific activities which needs to be
performed based on the enterprise internal control. The objectives are based on handling the
for IS
For the general controls, there is a need to focus on the software control methods, with the
physical hardware controls and the computer operations, data security control. The application
controls are based on managing the input and the processing controls. The input controls are
mainly to check the accuracy for the data and the completeness which includes the authorisation
of the input and then working on the conversion and editing, data error handling. The output
control is mainly to make user of the programs which ensure that there is a proper access and the
accuracy which is mainly to handle the application processes. (Safi & Browne, 2017). The run
controls, computer matching and the other programmed editing checks are for the handling of
processing. They are also for the ensuring of the results that are accurate and completely
distributed. The information technology controls are the specific activities which needs to be
performed based on the enterprise internal control. The objectives are based on handling the
operations with the input output processing. The control environment is mainly to design the
shape of the corporate culture with the change of the management procedures.
Security Principles
The fundamentals are based on the availability, integrity and the confidentiality which is based
on the different forms of the security structure. The level of the security is also to match to the
shape of the corporate culture with the change of the management procedures.
Security Principles
The fundamentals are based on the availability, integrity and the confidentiality which is based
on the different forms of the security structure. The level of the security is also to match to the
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
different combinations and the control with the proper safeguard and the implementation of the
principles. (Mai et al., 2017).
Confidentiality: This is to make sure that all the necessary levels of secrecy are measured with
the enforcement of the data processing and then preventing any of the unauthorised disclosure.
Along with this, the data also resides on the threat sources which include the monitoring of the
network, surfing the monitoring keys with the strokes and the screen, the stealing of the different
lines of the password. Some of the countermeasures for this are the encryption of the data, with
the use of network padding.
Integrity & Security: It works on the protection with the accuracy and the reliability of the
information. There is an unauthorised modification which is prevented with the threat sources
like the viruses, logic bombs and the backdoors. The countermeasures for these are the hashing,
intrusion detection and the strict access control.
Reliability & Availability: The availability is for the assurance of reliability to handle and
access the data in a secured form. There are different measures which includes the authorisation
of the individuals. The threat sources are the device or the software failure, denial of service
attacks and the other environmental issues. (Peltier, 2016). The countermeasures for these are the
maintenance of backups with the replacement of the failure systems, IDS (Intrusion Detection
System) to handle and monitor the network traffic with the different host system activities. The
use of the firewall and the router configurations is also there.
principles. (Mai et al., 2017).
Confidentiality: This is to make sure that all the necessary levels of secrecy are measured with
the enforcement of the data processing and then preventing any of the unauthorised disclosure.
Along with this, the data also resides on the threat sources which include the monitoring of the
network, surfing the monitoring keys with the strokes and the screen, the stealing of the different
lines of the password. Some of the countermeasures for this are the encryption of the data, with
the use of network padding.
Integrity & Security: It works on the protection with the accuracy and the reliability of the
information. There is an unauthorised modification which is prevented with the threat sources
like the viruses, logic bombs and the backdoors. The countermeasures for these are the hashing,
intrusion detection and the strict access control.
Reliability & Availability: The availability is for the assurance of reliability to handle and
access the data in a secured form. There are different measures which includes the authorisation
of the individuals. The threat sources are the device or the software failure, denial of service
attacks and the other environmental issues. (Peltier, 2016). The countermeasures for these are the
maintenance of backups with the replacement of the failure systems, IDS (Intrusion Detection
System) to handle and monitor the network traffic with the different host system activities. The
use of the firewall and the router configurations is also there.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
Analysis of IT threats, vulnerabilities and tools including
social engineering
The IT threats, vulnerabilities are related to the management of the personal experience where
the social engineering attacks mean that the employee is generally deceived into the violation of
the policy. The unscrupulous cybercriminals include how the attempt and the enterprise works on
the serious and the legal limitations. (Mai et al., 2017). The risks management strategy is related
to the ability to recognize with the websites or the file attachments. The application includes the
use of increased internal collaboration with the involvement of the stakeholders. The
collaboration is based on defining the investments and planning to highlight the risks which
include the security related activities. The first aspect is set where the threat is about the
mischievous or the deviant employees which includes the advantage of the information or the
system internal knowledge.
importance of auditing IS and safeguarding data quality
The identification process is based on the controls that are mainly through the individual
information system and with the assessment of the effectiveness program. For the control
process, there is a need of the auditing of the information security platforms which includes some
of the detection control pogroms with the individual clients who work on the balancing of the
data that is undetected. The programs need to work on the different Standards and Controls
where the control access is for the production system and for assigning the cases to the
production status. The programs can also be put to meet the target deadlines and the approval is
based on the Standards and Control group. Here, to ensure the quality of the system, it is
important to focus on:
social engineering
The IT threats, vulnerabilities are related to the management of the personal experience where
the social engineering attacks mean that the employee is generally deceived into the violation of
the policy. The unscrupulous cybercriminals include how the attempt and the enterprise works on
the serious and the legal limitations. (Mai et al., 2017). The risks management strategy is related
to the ability to recognize with the websites or the file attachments. The application includes the
use of increased internal collaboration with the involvement of the stakeholders. The
collaboration is based on defining the investments and planning to highlight the risks which
include the security related activities. The first aspect is set where the threat is about the
mischievous or the deviant employees which includes the advantage of the information or the
system internal knowledge.
importance of auditing IS and safeguarding data quality
The identification process is based on the controls that are mainly through the individual
information system and with the assessment of the effectiveness program. For the control
process, there is a need of the auditing of the information security platforms which includes some
of the detection control pogroms with the individual clients who work on the balancing of the
data that is undetected. The programs need to work on the different Standards and Controls
where the control access is for the production system and for assigning the cases to the
production status. The programs can also be put to meet the target deadlines and the approval is
based on the Standards and Control group. Here, to ensure the quality of the system, it is
important to focus on:
a. The software walkthrough process with reviewing the software designing by the group of
people.
b. The software debugging which includes the process of discovering and eliminating the
defects or the bugs. (Soomro et al., 2016).
c. The data quality auditing is mainly for the data accuracy with ensuring the survey of the
end users for the better perception of the data quality and to work on the survey of the
samples.
d. The data cleaning with the correction of the errors.
people.
b. The software debugging which includes the process of discovering and eliminating the
defects or the bugs. (Soomro et al., 2016).
c. The data quality auditing is mainly for the data accuracy with ensuring the survey of the
end users for the better perception of the data quality and to work on the survey of the
samples.
d. The data cleaning with the correction of the errors.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 13
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
 +13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.