What should be your highest priority as you consider improving the information security of your organizations telephone and voice communications systems?
Added by Alberto M.
Step 1
This includes assessing both hardware and software components, as well as user practices. Show more…
Show all steps
Your feedback will help us improve your experience
Rachel Gore and 92 other AP CS educators are ready to help you.
Ask a new question
Labs
Want to see this concept in action?
Explore this concept interactively to see how it behaves as you change inputs.
Key Concepts
Recommended Videos
what's the one most important information security policy that needs to be implemented
Rachel G.
Scenario You work for a PR and marketing company that handles highly sensitive information for its high-profile clients. Client records are stored in a database and file system hosted on your private corporate network. As well as client records, this includes media such as photos and videos. Most remote client communications and data transfers take place using a one-to-one encrypted messaging app, but you also accommodate some clients who prefer to use email. A high percentage of your staff work remotely, accessing data and services over a VPN. You are reviewing your security procedures in the light of some high-profile hacks of celebrity data. At this point, you want to understand the attack surface and attack vectors by which your private network could be compromised. 1. What remote access methods could an attacker exploit? 2. Focusing on email, think of how email is processed as it is sent by a remote user and received by your company. What are the attack vectors against the company's email servers? How can these be related to adversary capability, assuming the levels to be advanced (most capable), developed, and augmented (least capable)? 3. What comes next in the chain of processing incoming email, and what attack vectors can adversaries exploit? 4. What countermeasures can be deployed for each email attack vector?
Supreeta N.
Employees at E-Tech are increasingly using their own personal devices for company work. Specifically, over half of all employees check their work email and communications via Slack on their personal mobile phones. Another 25% of employees are doing other work-related activities using work accounts and work-related applications on their personal phones. Allowing sensitive work information to be shared on employees' personal devices has a number of security implications. You must research these security risks and use the security culture framework to develop a plan to mitigate the concerns. Questions: 1. State the potential security risks of allowing employees to access work information on their personal devices. Identify at least three potential attacks that can be carried out. 2. Based on the above scenario, what is the preferred employee behavior? For example, if employees were downloading suspicious email attachments, the preferred behavior would be that employees only download attachments from trusted sources. 3. What methods would you use to measure how often employees are currently not behaving according to the preferred behavior? For example, conduct a survey to see how often people download email attachments from unknown senders. 4. What is the goal that you would like the organization to reach regarding this behavior? For example, to have less than 5% of employees downloading suspicious email attachments. 5. Indicate at least five employees or departments that need to be involved. For each person or department, indicate in a few sentences what their role and responsibilities will be. Training is part of any security culture framework plan. How will you train your employees on this security concern? In one page, indicate the following: - How frequently will you run training? What format will it take? (i.e. in-person, online, a combination of both) - What topics will you cover in your training and why? (This should be the bulk of the deliverable.) - After you've run your training, how will you measure its effectiveness? Training alone often isn't the entire solution to a security concern. Indicate at least two other potential solutions. For each one, indicate the following: - What type of control is it? Administrative, technical, or physical? - What goal does this control have? Is it preventive, deterrent, detective, corrective, or compensating? - What is one advantage of each solution? - What is one disadvantage of each solution?
Akash M.
Recommended Textbooks
Computer Science and Information Technology
Introduction to Programming Using Python
Computer Science - An Overview
Transcript
18,000,000+
Students on Numerade
Trusted by students at 8,000+ universities
Watch the video solution with this free unlock.
EMAIL
PASSWORD