Yunze Wang

ITS 370

4/9/2020

 

CH9

 

Exercises

  1. Assume that your organization is planning to have a server room that functions with-out human beings-in other words the functions are automated (such a room is often called a lights-out server room). Describe the fire control system(s) you would install in that room.

Answer:

If I was put in charge of creating a fire control system for an automated server room that functioned without the interaction of human beings; I would ensure that every fire control system used could be deployed without the need of human detection and that it would put out the fire without harming the servers. The whole fire control system would be fully automated (automatic) since no human beings will be working in the room. This ensures that I do not have to depend on someone pulling a fire alarm or engaging a fire suppression system. The room would be set up with an air-aspirating smoke detection system. This system works by taking in air, filtering it, and moving it through a chamber containing a laser beam. If the laser beam is diverted or refracted by smoke particles, the system is activated. Since server rooms already require an extensive air system in order to keep the room cool and keep the servers from overheating; including this into the air systems will not only present no problems. The actual suppression system will be made of a gaseous emission system that uses halon. Halon does not leave any residue after use, nor does it interfere with the operation of electrical or electronic equipment. When the gaseous emission system is activated, halon is released in the room which causes a chemical reaction with the flame to extinguish it. The system that I have created will fully protect the servers from a complete lost due to fire. The chemical agent in the suppression system will not damage the systems which are not.

           

2.       Assume you have converted an area of general office space into a server room. Describe the factors you would consider for each of the following components:

a. Walls and doors

b. Access control

c. Fire detection

d. Fire suppression

e. Heating, ventilating, and air conditioning

f. Power quality and distribution.

 

Answer:

a. Walls and doors Due to the construction of the walls and doors of the facility, the security of information assets can sometimes be compromised. In high security areas such as a server room, the firewalls and doors with either should be used mechanical or electromechanical locks in order to provide extra security.

b. Physical access control It is one of the criteria in every aspect. An organization has to consider as many as security controls to server room. Access control relates ID cards, Guards to provide physical access security. Authenticating unauthorized user through access denial. Avoid an intruder to gain access to the secured location through keys. Alarms and alarm systems are placed to notify the appropriate individual when a predetermined event or activity occurs.

Fire detection Either manual or automatic fire detection systems need to be installed. Manual fire detection systems include human responses, such as calling the fire department, as well as manually activated alarms, such as sprinklers and gaseous systems. Automatic detection systems include thermal detections systems, smoke detection systems, and flame detector. An organization should consider placing one of these fire detections systems depending on its budget.

Fire suppression There are a variety of fire suppression systems commonly used in many organizations including portable, manual, and automatic apparatus. One or more fire suppression systems should be prepared in case of emergency.

Heating, ventilating, and air conditioning Since the operation of the heating, ventilation, and air conditioning (HVAC) system can have dramatic impact on information systems operations and protection, four areas (temperature, filtration, humidity, and static electricity) within HVAC system should properly managed.

Power quality and distribution Power supply has to be done in proper way without fluctuations. Once the setup was completed choose for alternate power supply for backup. A safe and secured power supply has to be established to avoid accidents and system should get appropriate power with voltage control. 

 

Case Exercises:

Discussion Questions

1.      Based on this case study, what security awareness measures, training documents, and posters had an impact on this event?

Answer:

The Security awareness, training documents and posters are involved in providing members of the organization with detailed information and hands on instruction to prepare them to perform their duties securely.  

The goal is to keep the idea of information security in user’s minds and to stimulate users to care about security.

In this situation the security awareness, training documents and posters seem not actively impact on this event. Because employees may begin to neglect security matters and the risk of employee accidents and failures is likely to increase.

2.     Do you think that Amy should have done anything differently? What would you have done in her situation?

Answer:

Yes, because talking to a person who is entirely is of taking much risk in her life. Sharing or exposing any of her personal information to an unknown is risking her life all ways. So, it should be avoided. The person whom she met online is still know where Amy is living. So, Amy should have done some other thing like encouraging herself to find friends at school or maybe she can talk with her teacher or school counselor or any of her family members.

  

Ethical Decision Making

1.      Suppose that the blond man in the scenario was someone Amy knew socially. Suppose she also knew he had no relationship to the company and no business being in the building. If Amy chose not to make a report about the event, would she be violating her ethical position?

Answer:

Here as Charlie has not taken any one's permission even policy authority so using such keylogger tool is completely ethical violation on Charlie’s part. Because any decision that has taken by a company it’s not an issue until everyone agreed to it. Because without knowledge of such software the people will not aware and they may get trap and there is not any written document regarding the acknowledgement so it’s completely wrong or illegal to blame someone based on result of such software’s. And second illegal thing is to copy some else's encryption key because the policy should be equal to all the people and it should not be used for personal gain.