Tanner Carlson

ITS 370

CH4

10/6/2017

1.     Using a graphics program, design several security awareness posters on the following themes: updating antivirus signatures, protecting sensitive information, watching out for e-mail viruses, prohibiting the personal use of company equipment, changing and protecting passwords, avoiding social engineering and protecting software copyrights. What other themes can you imagine?

a.     Updating antivirus software

b.     Protecting sensitive information

c.      Watching out for email viruses.

d.     Prohibiting the personal use of company equipment

e.      Changing and protecting passwords

f.      Avoiding social engineering.

g.     Protecting software copyrights.

            Other themes for posters could include: contingency planning, containment, standards, policies, and practices.

2.     Search the Web for security education and training programs in your area. Keep a list and see which category has the most examples. See if you can determine the costs associated with each example. Which do you think would be more cost-effective in terms of both time and money?

If I were running a business and wanted to teach my employees about information security, I would hire a representative from the Citon group, or Saturn Systems to come and talk to my employees. The representative would be able to come in and tell the employees how to keep their clients, and their own personal information safe. This is most likely the most cost effective options, otherwise I would have to enroll the employees in special classes at LSC.

3.     Search the web for examples of issue-specific security policies. What types of policies can you find? Using the format provided in this chapter, draft a simple issue-specific policy that outlines fait and responsible use of computers at your college, based on the rules and regulations of your institution. Does your school have a similar policy? Does it contain all the elements listed in the text?

UWS does have a similar policy, it is just not written out using this outline. The schools policy contains the elements listed in the text below.

                        PURPOSE

The purpose of this document is to outline fair and responsible use of computers on this campus.

CANCELLATION

This document cancels all other documents that were written before 10/6/2017.

SCOPE

This regulation applies to all faculty, staff, students, alumni, and other visitors with computer access on campus.

POLICY

Faculty, staff, students, alumni, and other visitors with computer access on campus are allowed to use the computers for various reasons, as long as the content viewed on the computer is appropriate, and does not involve any illegal activities. Users are not allowed to tamper with or break any part of the computer system or lab.

4.     Use your library or the Web to find a reported natural disaster that occurred at least six months ago. From the news accounts, determine whether local or national officials had prepared disaster plans, and if the plans were used. See if you can determine how the plans helped officials improve disaster response. How do the plans help the recovery?

During hurricane Katrina, the city of New Orleans had a prepared disaster plan. The plan was used to help rescue and house stranded individuals, feed those with out food, and clean up the damage. I think that these plans helped officials improve disaster response. The plans helped recovery by providing a clear outline to return things back to normal.

5.     Classify each of the following occurrences as an incident or a disaster. If an occurrence is a disaster, determine whether business continuity plans would be called into play.

a.     A hacker breaks into the company network and deletes files from a server.

This is an incident. The files should be backed up on another server. Security needs to be reviewed.

b.     A fire breaks out in the storeroom and sets of sprinklers on that floor. Some computers are damaged, but the fire is contained.

This is a small disaster. A continuity plan to replace the lost computers would be called into play.

c.      A tornado hits a local power station, and the company will be without power for three to five days.

This is another small disaster. A continuity plan for how to handle business, public relations and accounts should be called into play.

d.     Employees go on strike, the company could be without critical workers for weeks.

This is a disaster. A continuity plan to find middle ground with the workers should be called into play.

e.      A disgruntled employee takes a critical server home, sneaking it out after hours.

This is a disaster. Law enforcement should be involved and a continuity plan to move on with out critical information should be called into play.