Topic 5- Application_of_Security_Principles_Presentation

pptx

School

Grand Canyon University *

*We aren’t endorsed by this school

Course

515

Subject

Information Systems

Date

Apr 3, 2024

Type

pptx

Pages

13

Uploaded by JusticeFogTurtle567

Report
Dorita Adams Topic 5: Application of Security Principles Presentation March 6, 2024
Introduction A "remote work policy" constitutes a formal document outlining the conditions and methodologies enabling employees to work from a non-office location, whether from home or another flexible environment. Such policies may be temporary or permanent in nature. This presentation emphasizes key cybersecurity best practices in the context of remote work.
Security failures The concepts of "security" and "convenience" often stand in opposition to each other. The more stringent the security measures in place, the less convenient it becomes for the individuals subjected to these controls. For instance, enhancing password complexity requires more effort in remembering and typing them, just as adding more locks means carrying more keys. (Young, 2015). 2. Convenience 1. Assumption Many companies, especially smaller ones, operate under the assumption that their size makes them unlikely targets for cyberattacks, leading to a lack of preparedness for dealing with cyber threats. This oversight can open the door to malware, phishing, and various other forms of attack stemming from this security gap.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security failures the practice of using personal devices for work, especially prevalent during the recent pandemic, has compromised organizational security, leading to multiple vulnerabilities. The lack of a precise inventory of assets means that patches and updates may be overlooked, heightening the risk associated with endpoints not accurately accounted for. 3. Inadequate technology asset/ inventory managementiples
Security failures With the increase in home or remote workers, the risks and security challenges associated with it also rise. Significant security breaches have occurred due to the mismanagement of computing devices and technological tools, alongside compromises in security protocols to facilitate remote work for executives or staff members. 4. Neglect/ compromised principles
Security failures Upon identifying a security flaw, enterprises develop a fix that needs to be implemented either manually by the end-user or through automatic updates. Nevertheless, the process of applying, testing, and deploying these patches averages 97 days, leaving systems exposed for extended periods. This underscores the importance of promptly installing updates once they become available, a step often neglected. The difficulties in updating systems remotely have led to numerous corporate devices being poorly managed, culminating in significant security lapses. 5. Lack of periodic upgrades and patches
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Security failures Cybercriminals, driven by strong motivation and substantial funding, employ ever-evolving and complex tactics to breach security defenses. Relying solely on software and spam filters for protection has become inadequate. Without adopting proactive cybersecurity measures, like round-the-clock log management for identifying threats and conducting physical monitoring, organizations increasingly risk experiencing security breaches. 6. The Lack of consistency in monitoring infrastructure
Security failures Being ready to respond to incidents can protect a company's reputation and finances in case of a data breach. IBM reports that 39% of small and medium-sized enterprises lack a post-incident response plan, representing a significant security oversight in itself. 8. Lack of incident response and recovery plan 7. Insufficient training and employee unawareness A lack of adequate training and unawareness among employees about security concerns within the infrastructure opens the door to various attack vectors, including social engineering, phishing, ransomware, and others.
Principles of Cybersecurity (CIA Triad)
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Violated design principles When connecting security failures to the principles of cybersecurity (CIA triad), the following specific design principles have been breached: Confidentiality: Compromised in the event of a network attack, as it allows an attacker to gain unauthorized access to data on the device from a remote location, constituting a violation of confidentiality. Integrity: During a software attack, an unauthorized user gains access to the software system, enabling them to modify the information on the device, thus violating the principle of integrity. Availability: In the case of network attacks, an attacker launching a Denial-of-Service (DoS) attack impedes the accessibility of information for legitimate users, constituting a violation of the principle of availability.
Suggested principles essential for remote workers A significant focus on communication is crucial, where senior management actively engages with remote employees to keep them informed about project deadlines, work-related issues, and the resources at their disposal. It's essential for managers to be accessible to their team and build strong connections by providing positive feedback or participating in friendly, lighthearted conversations. Managers should facilitate collaborative opportunities among employees, which can be achieved through a shared document that monitors the work activities of all team members. The recognition and celebration of achievements, similar to how it's conducted in an office setting to motivate employees, should be maintained. Persistent security consciousness: Employing a 'security first, security last' approach is crucial for those working remotely.
Conclusion As companies transition to or adopt hybrid work models, it's imperative to establish a remote work policy detailing the expectations for remote work. This policy should comprehensively address all facets of the conventional work policy, including working hours, legal rights, and cybersecurity protocols.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References Blog, N. (2021, November 1). 7 Reasons Why Cybersecurity Fails. NexusTek. https://www.nexustek.com/blog/7-reasons-why-cybersecurity -fails/ The Enemies of Data Security: Convenience and Collaboration. (2015, February 11). Harvard Business Review. https://hbr.org/2015/02/the-enemies- of- data-security-convenience-andcollaboration#:%7E:text=Sec urity%20and%20convenience%20are%20inversely,in%20ad ditional%20memorization%20and%20typing . Racz, K. (2021). How to Create a Remote, Flexible, or Hybrid Work Policy [Free Templates]. OWLLAB. https://resources.owllabs.com/blog/remote- work-policy

Related Documents

Ethical Hacking-Assignment 13.docx
IDS 402 7-1 Final Project Physical Fitness.docx
Sp24_Assignment4_Solution.docx
IDS 402 6-2 Activity Reflection Society.docx
Ethical Hacking-Assignment 14.docx
CYB-515- Benchmark - Business Continuity Plan (BCP) – Phase 1.docx
CYB 515- Principles of Cybersecurity Reference Guide.docx
Customer interviews team submission - assignment template (2).docx
mccaffery_a24.docx
Touchstone Task 2.1_ Planning Network Printer Connectivity Questions.docx
Touchstone Task 2.2_ Planning IP Address Assignments Questions.docx
Touchstone Task 3_ Planning a Wireless Infrastructure Questions.docx