Unit 6_Practical Assignment

docx

School

University Of Central Missouri *

*We aren’t endorsed by this school

Course

316

Subject

Information Systems

Date

Apr 3, 2024

Type

docx

Pages

3

Uploaded by MagistrateOtterPerson3379

Report
15 February 2024 CJ319 Search the Internet for the term  security best practices . Compare your findings to the recommended practices outlined in the NIST documents. When searching for best practices to secure information, one can come across a wide range of results. Most of these results suggest similar practices. However, when comparing the internet search results with the NIST documents, one can notice that NIST's practices are more straightforward and work in a loop. The loop helps build a more secure system over time, and with each attack, the organization becomes more secure. In contrast, internet search only provides deterrence and steps to properly navigate an attack or vulnerability. Here are some of the common practices suggested by internet search results: - Keep your operating system up to date: This means updating computer software and operating systems regularly. Turning on automatic updates is an easy way to ensure your system is up to date. - Use strong passwords: Strong and unique passwords are a simple way to safeguard information systems. According to Boston University, a strong password should contain at least 16 characters, a mix of upper- and lower-case letters, numbers, and punctuation. It should not contain anything related to your name, family or friends, or single words. Passwords should be changed regularly. - Protect your private personal information: This may seem obvious, but it's easy to be tricked into sharing this information by bad actors. You must be extremely cautious when asked to share your Social Security Number or Credit Card Number when answering an unsolicited phone call, email, text message, or instant message. Sharing this information can be used to steal your identity and gain access to your accounts. - Avoid pop-ups, phishing emails, and links: Phishing attacks are a way for cybercriminals to steal personal information. They try to get the victim to click a link which could result in a security breach. Be suspicious of emails or phone calls asking for personal, financial, or sensitive information. - Do not use unsecured Wi-Fi: Any internet networks that you connect to should be secure and password-protected. If you must use a public Wi-Fi network, make sure you know who you are connecting to, and if possible, use a VPN to further protect your information. - Stay educated: Education and constant training are the best ways to stay secure. Staying up to date on the latest threats and vulnerabilities and training in best practices is everyone's responsibility. NIST suggests the following practices, which work in a loop to establish a more secure system over time:
- Govern: Establish and monitor the organization's cybersecurity risk management strategy, expectations, and policy. - Identify: Help identify current cybersecurity risks to the organization. - Protect: Use safeguards to prevent or reduce cybersecurity risk. - Detect: Implement an appropriate way to discover and analyze possible cyber-attacks and vulnerabilities. - Respond: Develop and implement actions to take place in response to a detected threat. - Recover: Recover assets and resume operations that were negatively impacted by an attack. The governance function directs an organization's understanding of cybersecurity strategy and supply chain risk management. The identification function enables an organization to understand its assets and related risks, allowing it to prioritize its efforts. The protect function supports the ability to secure the assets identified to prevent and lower the likelihood and impact of an attack. The detect function allows for the discovery and analysis of cybersecurity events. The response function implements incident management, analysis, mitigation, reporting, and communication. Finally, the recovery function aims to return to normal operation promptly and reduce the impact of cybersecurity incidents. Then search the Internet for the term  data classification model . Identify two such models and then compare and contrast the categories those models use for the various levels of classification. Data classification models are used by organizations or governments to classify their information assets. In this context, I will compare and contrast the Three-Level Classification Model of the U.S. Government and the Five-Tiered Commercial Data Classification Scheme. The U.S. Government's Three-Tiered System includes the following classifications: - Top Secret: Unauthorized disclosure of top-secret information is expected to cause grave damage to national security. - Secret: Unauthorized disclosure of Secret information is expected to cause serious damage to national security. - Confidential: Unauthorized disclosure of Confidential information is expected to cause damage to national security. On the other hand, the Five-Tiered Commercial Data Classification includes the following classifications: - Sensitive: This data has the highest degree of integrity and has the most limited access. Unauthorized disclosure of this information is believed to do the most damage to the organization.
- Confidential: This data is less restrictive than sensitive, but the unauthorized disclosure of this information might still cause damage to the organization. - Private: This data might not do damage to the company but must still be kept private for other reasons. An example of such information is human resources data. - Proprietary: This data is disclosed outside of the company on a limited basis or contains information that would damage the organization’s competitive advantage. - Public: This is the least sensitive data, and its disclosure would do the least harm. While the U.S. Government's Three-Tiered System is a well-known classification scheme, it contains secondary classifications to coincide with the primary three. Additionally, there is a "need-to-know" requirement, which means that even if you have the proper clearance to see the information, you cannot access it if you do not have a genuine need to know. The Commercial Data Classification system is more individualized, less complex, and based on the sensitivity of the data. Both classification models are based on the potential damage that could be caused by unauthorized disclosure to the organization or national security. References (2023). The NIST Cybersecurity Framwork 2.0. National Institute of Standards and Technology. Gaithersburg, MD: NIST Cybersecurity White Paper. Data classification models and Schemes - Data Classification . Amazon Web Services. (2022, August 3). https://docs.aws.amazon.com/whitepapers/latest/data-classification/data- classification-models-and-schemes.html Information messages . TechWeb RSS. (n.d.). https://www.bu.edu/tech/about/security- resources/bestpractice/passwords/ Top 10 secure computing tips . Top 10 Secure Computing Tips | Information Security Office. (n.d.). https://security.berkeley.edu/resources/best-practices-how-to-articles/top-10-secure- computing-tips
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

Aayush_Mallik_C70315183_Assignment_5.pdf
Group1_ProcessAnalysis.docx
eBay - Case 24 (2).docx
EDSP 522 Quiz 1.docx
Unit 4_Practical Assignment.docx
Netlab_Form 10.4.4.docx
IDS 105 Module Three Project Draft - D.McKenzie 091623.docx
3-1 Checkpoint QuestionsDestiny Basnight.docx
Active Directory Labs.docx
1-3 - Activity 2 .docx
Chapter 4 Questions.pdf
Extra Practice Data Modeling Problems UML REA Problems and Solutions.docx