Please enable JavaScript.
Coggle requires JavaScript to display documents.
Group 3, Security Policies and Procedures - Coggle Diagram
Group 3
SECURITY POLICIES AND PROCEDUR
C.How to apply username and password
It is important to change the default username for accounts such as administrator or guest, because these default usernames are widely known.
Three levels of password protection are recommended:
1.BIOS - Prevents the operating system from booting and the BIOS settings from being changed without the appropriate password.
2.Login - Prevents unauthorized access to the local computer.
3.Network - Prevents access to network resources by unauthorized personnel.
D.How to discover password requirement
-Passwords should be required to be at least eight characters long and contain uppercase and lowercase letters, as well as numbers and symbols.
These are some guidelines to creating strong passwords:
1.Length - Use at least eight characters.
2.Complexity - Include letters, numbers, symbols, and punctuation. Use a variety of keys on the keyboard, not just common letters and characters.
3.Variation - Change passwords often. Set a reminder to change the passwords you have for email, banking, and credit card websites on the average of every three to four months
4.Variety - Use a different password for each site or computer that you use.
-To create, remove, or modify a password in Windows 7 or Windows Vista, use the following path. Start > Control Panel > User Accounts
E. How to apply file and folder permissions
There are two ways to apply file and folder permissions
Principle of Least Privilege
Resources in the computer system or on a network is limited only to the resources that been needed by the user.
For example, if the user only needed to access a single folder, then they should not be able to access all other files on the server.
Restricting User Permissions
File and network share permissions can be granted to individuals or through membership within a group.
For example, when a user denied someone's permission to a network share, they will not be able to access that share, even if they are the administrator or part of the administration group.
a) Explain Security Policy
• Security policy is a definition of what it means to be secure for a system, organization, or other entity.
• A security policy's main goal is to protect people and information, establish rules for expected user behaviour, and define and authorize the consequences of violations. :
• Having a written security policy allows a business to take the necessary steps to protect its data.
b) Identify Security Policy requirement
• A security requirement is a statement of required security functionality that assures that one of the software's many different security attributes is met.
• Industry standards, current regulations, and a history of historical vulnerabilities are used to create security requirements.
• When creating a security policy, these are some key areas to address:
Process for handling network security incidents
Process to audit existing network security
General security framework for implementing network security
• In the case of emergency, the security policy should also include extensive information on the following topics. Security policies should be reviewed regularly and updated as necessary.
DESCRIBE SECURITY PROCEDURE
a) Identify Security Procedures
A security procedure is a set of steps that must be followed to complete a certain security duty or function. Procedures are typically developed as a set of actions to be performed in a consistent and repeatable manner to achieve a specific goal. The multiplicity of hardware and software components that support your business activities, as well as any security-related business processes, should be covered by security protocols.
b) How to apply protecting data
Write up a strategy
Protect against malware
Keep your wireless network secure
Safeguard passwords
Set automatic software updates
conduct background checks
Dispose of data properly
Use the cloud
Security Policies and Procedures