Please enable JavaScript.
Coggle requires JavaScript to display documents.
Group 8: LEE XING YING, JOCELYN LEE SHUANG SHUANG, ANGEL LEK, CONNIE KUEH…
Group 8: LEE XING YING, JOCELYN LEE SHUANG SHUANG, ANGEL LEK, CONNIE KUEH XIANG LING
- Describe Security Procedures
a. Identify Security Procedures
A security procedure is a set sequence of necessary activities that performs a specific security task or function. Procedures are normally designed as a series of steps to be followed as a consistent and repetitive approach or cycle to accomplish an end result. Once implemented, security procedures provide a set of established actions for conducting the security affairs of the organization, which will facilitate training, process auditing, and process improvement.
Procedures provide a starting point for implementing the consistency needed to decrease variation in security processes, which increases control of security within the organization. Decreasing variation is also a good way to eliminate waste, improve quality, and increase performance within the security department.
The purpose of security procedures is to ensure consistency in the implementation of a security control or execution of a security relevant business process. They are to be followed each time the control needs to be implemented or the security relevant business process followed.
b. How to apply protecting data
Apply Software Updates
Software companies often release updates that patch bugs and vulnerabilities when they are discovered. So, don’t put off software updates, especially on operating systems. Software left outdated may still contain security flaws that can leave you susceptible to a data or privacy breach.
Protect Passwords
Creating strong passwords and never using the same password across sites or devices is one of the best things you can do to protect yourself from digital invasion.
Encrypt Your Data
Encryption is designed to scramble your data so no one can understand what it says without a key. It’s not only useful for protecting information on your computer, but also for making sure text messages and emails on your phone aren’t subject to prying eyes.
Back It Up
If something should happen to the data you create on your devices or network, or you lose it all, you can recover quickly without hassle if it’s backed up. Backups help protect your photos, documents, and other data not only from a technical malfunction but from ransomware and other malicious hacking. Back up to an online service, external hard drive, or both, for the best data protection.
1. Security Policies And Procedures
a. Explain Security Policy
A security policy is a written document in an organization that outlines how the organization is protected from threats, the key items that need to be protected, the potential threats to those items, including computer security threats, and how to deal with what happens.
If the document focuses on cybersecurity, the threats may include those from the inside, such as a disgruntled employee who could steal important information and then betray other companies or launch an internal virus on the company network that could irreversibly harm their company. Alternatively, a hacker from outside the company could break into the system and cause data loss, change or steal data. Finally, there may be physical damage to the computer system.
A company's assets, as well as possible risks to those assets, must be identified in a security policy. Employees must be kept informed of the company's security rules. The policies themselves should be updated on a regular basis as well.
They safeguard an organization's physical and digital assets. They identify all of the company's assets as well as any threats to those assets.
b. Identify Security Policy requirement
-
Continuous updates and revisions:
A security policy needs to be regularly reviewed for the process of protecting data and updated as new people come on board, and as technology, vulnerabilities and employee needs change.
A security policy should translate, articulate and communicate the security management positions defined in high-level security principles, acting as a bridge between these management goals and specific security requirements.
It informs users, employees, and management of their legal obligations to safeguard technical and information assets.
-
-
-
Authorizes staff to monitor, probe, and investigate
-
c. How to apply username and password
A username and password are two pieces of information that a user needs to log on to a computer.Username
:star:User identification.
:star: Build a unique digital profile about the user specifially.
:star: Stay anonymous.
:star: Keep the naming convention simple
:star:Common example: first letter of the person's first name & then the entire last name.Password
:star:Important component of a security policy
:star: Password authentication relies on a secret value that is known only to the user.There are three levels of password protection are recommended:
- BIOS- Prevents the operating system from booting and setting from being changed without the appropriate password.
- Login- Prevents unauthorized access to the local computer.
3.Network- Prevents access to network resource by unauthorized personal.
d. How to discover password requirement
When assigning passwords, the level of password control should match the level of protection required.Password Requirement
:check:8-32 characters
:check:Contains letters, number, symbols, and punctuation.
:check:Case senstive, and can include special characters
:check:Consider using a longer, multi-word passphrase
:check:Must not match User ID, use a different password for each site or computer that you use.
:check:Change passwords often. Set a reminder to change the passwords you have for email, banking, and credit card websites on the average of every three to four months.
e. How to apply file and folder permission
Every file and every folder in Windows has its own set of permissions. Permissions can be broken down into Access Control Lists with users and their corresponding rights. There are six standard permission types which apply to files and folders in Windows::small_blue_diamond: Full Control
:small_blue_diamond: Modify
:small_blue_diamond: Read & Execute
:small_blue_diamond: List Folder Contents
:small_blue_diamond: Read
:small_blue_diamond: Write Here is a nice chart from Microsoft’s website that breaks on what each permissions means for files and for folders:
:link: Link Title
The simplest permissions have at least three users: SYSTEM, currently logged in user account and the Administrators group.
Granting Access to a File or Folder1) Access the Properties dialog box.
2) Select the Security tab. :link: Link Title
3) Click Edit.
(The security tab opens in a new window.)
4) Click Add :link: Link Title
(The Select Users, Computers, or Groups)
5) In the Enter the object names to select text box, type the name of the user or group that will have access to the folder
6) Click OK.
(The Properties dialog box reappears.)
7) Click OK on the Security window.
8) Continue with Setting Permissions below.
Setting PermissionsOnce you have granted a group or individual user access to a folder, you will need to set permissions for the new user(s). 1) Access the Properties dialog box.
2) Select the Security tab.
(The top portion of the dialog box lists the users and/or groups that have access to the file or folder.)
3) Click Edit :link: Link Title
4) In the Group or user name section, select the user(s) you wish to set permissions for
5) In the Permissions section, use the checkboxes to select the appropriate permission level
6) Click Apply
7) Click Okay
(The new permissions are added to the file or folder.)