| Javascript Feeds RSS Feed Security Dashboard | SearchSecurity.com |
|
Government
|
|
Home Office
|
|
Small Business
|
|
Information Privacy Topics, A Discussion Privacy is a sensitive issue that we all concerned about to some degree. Nobody wants to think that his or her every move is being watchedÂ…on the computer or not! This is also true for electronic messaging, files, and email in the workplace. When these issues are raised, inevitably there are questions that follow. Who owns these electronic files? Who can access and disclose their data? Such questions become especially important when company/client sensitive or confidential information is stored electronically. Another issue is that of Internet privacy. Our preferences and personal information can be stored with Internet Service Providers and other companies operating online. Where does it end? Who can find out what about us? These topics are ones that are likely to be in the minds of people for years to come. This paper will discuss current laws over electronic data and emails in the workplace, and associated rights of both the employer and employee.
By Jennifer Celender, 04/03/2004
|
|
Using Security To Protect The Privacy of Customer Information Although the concepts of governmental privacy regulation and an organization's privacy policy were discussed in this curriculum, this document will tie these together. In addition, it will focus on how these influence the design of an organization's information security, as well as organizational infrastructure. Sound privacy policy for an organization must be supported by the appropriate information security infrastructure. It is obvious, that as the Internet has blossomed into a means to offer products or services, it has also increased the various risks to organizations collecting and storing confidential customer data. There is also increased pressure to ensure security infrastructures, both technical and organizational, are equipped to protect this customer data once collected. Currently, one of the highest priorities among organizations is customer data confidentiality, due to government regulations and customer demand.
By Alan Pacocha, 04/03/2004
|
|
NOTICE: Secure Your Network As technology continues to be an integral part of our lives it is also becoming commonplace in our business community. Companies are moving toward becoming "paperless" and our personal and private information lies somewhere between the office walls and the Cat5 cabling in a form that many average people do not understand: servers, databases, directories, files, clusters, and sectors. They do not need to understand this mysterious environment - they rely on the IT folks to do what they do. The reality is that many IT personnel, are great at building servers, connecting workstations to the network, installing software, and fixing the daily printer problems. Security breaches have become a frequent problem nationwide. Our government saw the problems of the organizational inconsistency between management and information technology and started to act.
By Philippa Anne Lawton, 04/03/2004
|
|
Information and Network Resource Administration and Security in an Education Network Environment The goal of this document is to discuss and apply knowledge of Information Security to common security problems and concerns in an educational environment. My motivation for researching and discussing issues in an educational environment stems from my experience in such networks. With the explosion of the Internet and connectivity around the world and especially in the United States educational networks have become heavily reliant on connectivity within the institution and to the Internet. This connectivity facilitates the main goal of education as well as is a requirement for doing daily business related to that institution. At the same time this connectivity in which students, faculty, and staff participate has created a breading ground for vulnerabilities, threats, and compromises within these networks.
By Ryan W. Davis, 04/03/2004
|
|
Network Security Concepts and Essentials: A University Overview Using my experience from working at an Australian university, I will discuss how the number of internal and external threats is increasing and providing intruders with a vast array of "ways to compromise university machines." A network can be defined as two or more computers connected together so they can share resources easily and with high reliability. They can also provide cost saving benefits to companies. Joining two or more networks together is known as internetworking. This means that the Internet is just an internetwork - a collection of interconnected networks. This paper presents a description of the major internal and external threats, along with their remedies. The target audience is any company that has a presence on the Internet.
By Matthew Wu Leng, 04/03/2004
|
|
Protecting Your Internal Systems from a Compromised Host The concept for this paper came from a recent incident when one of our customer machines was compromised. It is designed to cover some additional aspects of systems security and design, which I believe have been ignored to some extent in the Security Essentials material and most systems admin courses. At some stage you must concede that a system will be compromised and as such being located in a trusted or semi-trusted position on the network an effort must be made to minimize the impact and also identify the problem as soon as possible. The content of this paper has been kept brief and covered areas that have not really been emphasised enough and fall victim to lazy system management. A number of other areas like systems resource monitoring, systems file access and protection, and user management issues are generally well covered in standard system administration courses and guides and are not mentioned in the paper.
By Michael Nancarrow, 04/03/2004
|
|
RBAC In The Real World In the computer industry, access control refers to managing the ability for people to access computers and computer resources. Access control should enhance security without hindering someone from performing his or her job in the organization. There are three different types of access control models: mandatory access control, discretionary access control and non-discretionary access control. Discretionary access control is based on a user's access needs. A system administrator provides access to an object based on a user's need and the user then has the discretion as to whether to pass on this access to other user's or not. Mandatory access control is more restrictive and is normally used in military systems. With mandatory access, all objects and users in the system are assigned a label. A user can only access an object based on the permissions of the label assigned to him/her. Non-discretionary access control is based on roles. Privileges are granted based on a user's role.
By Christine Occhipinti, 04/03/2004
|
|
Help we just fired our only IT person! You are sitting at your desk when the call comes in from a business acquaintance asking for help because they just fired their only IT person "for very good cause". As you ask questions, you realize that your acquaintance has a real problem. You find out that there is no documentation, no knowledge of passwords, critical applications are exposed to the Internet, users are unhappy and they don't know where to start. Your business has provide services to them before and writing a new contract is not an issue. How do you start? Once onsite, you try to get a snapshot of the situation at a high level. Sit down with the contact and work through the issues to get a deeper understanding of the hot buttons. Look for their immediate exposures, develop an understanding of the corporate culture, map out a plan of attack and start securing the infrastructure. Some things should be obvious like changing passwords. Others are a little more obscure, like finding hidden remote access servers.
By Doug Cox, 04/03/2004
|
|
Tightening Site Access Let me begin by stating up front, "I am not a security specialist". I am an administrator looking after a small site who has an interest in obtaining a reasonable level of proficiency in security. Why the interest? Well there are two reasons. The first is that in order for the Internet to fulfill its utopian promise people need to feel confident about performing their daily business using the medium. That means that all of us in the IT business are going to have to play our part in improving the day to day security, including administrators of small sites. Although it is highly unlikely we would be targeted directly we could quite easily fall to "cyber vandals" or groups wishing to use us as a staging post in attacks against other sites. The second reason is more personal.
By Unknown, 03/28/2004
|
|
Three Defenses to a Secure System: Virus Scanning, Applying Patches and System Monitoring The purpose of this paper is to share with other system administrators the "how to" on tools that can be used for basic security configuration. Most of the documentation on securing windows systems that I initially found was very general in terms. For example, apply patches to the operating system. That is a great idea but how to get started and use available tools to streamline the process is just as important. After some research I have found that Microsoft has specific tools to determine what patches you need and how to apply them a bit more streamlined and automatic using tools to begin the layers of security in a Windows environment. This document describes issues to consider when setting up virus scanning software, using Microsoft tools to make patching operating systems easier, and a few specific tools that you can use to benchmark or monitor your operating system that might help you spot those abnormalities that should not be there.
By Angelina Lucero, 03/28/2004
|
|
Page: 1234 5 678910 |
