I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.
In learning information security, it is important to understand that threats to your company’s information assets are present 24/7 and that there is never a time when a threat is not present. Take a look at the following categories of threats. You are in charge of a team that must deal with the below lists of threats. What prevention methods will your team implement to handle the threats? Please explain the reasons for your decisions.
1. Acts of human error
2. Software threats
3. Deviations in services
4. Hardware failures or errors
5. Software failures or errors
Human error is likely the hardest type of problem to totally prevent. Proper training on use of a system can go a long way. But to have a fully secure system it is a good idea to have the privileges set to the lowest amount possible. Systems that offer redundancy will allow for recovery. RAID is not a good system for a software bug would be the same on all the cloned drives. Different drives of different times and backups that are older are of a great value in such a situation.
Software threats can occur and go unnoticed for years. This is the case with some of the recent exploits that have come to light. Having a diversity of software makes the entire system more difficult to operate. Software updates need to be done to ensure patching of weakness. Having a list of different software and manually checking will allow for missed updates. Automatic updates on software can be used to automate some of the issues involved. Depending on the type of software used it may be possible to have an air gap or the ability to have extra security.
Hardware often fails and this is normal for all products. To assume that something just because it has a long warranty is secure is a very large oversight. The trick to hardware is to have a diverse plan. RAID can be used to allow a system to continue working with a faulty drive due to redundancy. There are also servers that have redundant power supplies, memory and processors. To have the correct system in place will depend on the allowed down time. All of this is well and good but will not allow for continued operations if a server building is compromised. Having other locations with servers or cold and hot sites will be the key for continued operations. When it comes to workstations and the price of computers it is likely worth having extra machines for use in the event of a workstation failure.
Software failures and errors depend greatly on the type of software used. Having backups of software before updates is a good idea to allow for a reverting in the event of update failure. Testing software on a system before deployment will also go a long way to ensuring stability. Databases need to be backed up periodically as their failure can be very time consuming and punishing. Some cloud solutions can help with both software and hardware errors but need to be assessed on a case by case basis. Also if a software is very problematic it may be best to find an alternative.
EliotSeattle. (n.d.). Hardware Errors and Error Sources – Windows drivers. Retrieved from https://docs.microsoft.com/en-us/windows-hardware/…
What is RAID (redundant array of independent disks)? – Definition from WhatIs.com. (n.d.). Retrieved from https://searchstorage.techtarget.com/definition/RA…
Active human error- Any organization is going to come across this type of problem but it is how you address this type of problem. Organization that puts policy and procedures for security will have to train them Employees about the actions of human error. Giving your employees the understanding and the training about cyber security would illuminate some of the human errors. Also designing a program with their cyber security training on a yearly reoccurring basis.
Software threats – Putting together policy and procedures for downloading software within the organization would be prohibitive without the permission of the IT department and taking away the admin rights from all employees and disabling USB ports on all devices around the complex. This will illuminate and block your users from downloading software from websites or bringing software from outside to resources. Keeping your firewall up-to-date with the latest and greatest patches to keep out unwanted visitor. Building a test lab for software and hardware for implementing.
Deviation in Services – When many companies do not like to deviate from their service due to that many companies take pride in their (SLA) service-level agreements with in the old company. Deviation in service could happen at any time especially when depend on other resources from other places that you have no control over. When companies are faced with natural disasters, there are some steps to prevent just in case there is a power problem. The solution is to investing in backup generators just in case the company lose power. Your organization does not lose productive right away but generated only last so long. Being proactive would be the key and the success to any business.
Hardware failures or errors – When you buy hardware is not bulletproof so you do need to come up with a preventive maintenance program for hardware. You should have a tracking software with all of your Mac addresses that are associate with a warranty. Preventive maintenance process should be followed so that you do not break the warranty. Also getting your latest and greatest updates and recall on all devices across your Enterprise.
Software failure or errors – Putting together a risk assessment for software failure it is probably a very good idea because software could have a very big impact on your company especially when you are software driven. Software updates and they need to be tested before its put back into production. Keeping your software to the latest and greatest release.
human error solutions, 2 Tyhpes of Human Errors…, https://humanerrorsolutions.com/2-types-of-human-errors/
Business.com, How to Identify and Prevent Software Failure Risks, https://www.business.com/articles/aaron-continelli-identify-and-prevent-software-failure/