issc498 discussion resposne

Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

1. Why are users considered the weakest link in implementing policies?FILLER TEXTFILLER TEXT2. What are potential risks associated with remote access?FILLER TEXTFILLER TEXT3. Do you believe a separate policy should be written to address remote access? If so, what should be included in the policy?FILLER TEXTFILLER TEXT4. One of the most popular portable devices is the USB thumb drive. What are the dangers of thumb drives to organizational security? Should employees be permitted to use USB devices. FILLER TEXTFILLER TEXT

FILLER TEXT

FILLER TEXT

Student one:

1. Why are users considered the weakest link in implementing policies?

People also referred to as users are the weakest link in implementing policies because every human has flaws, feelings, emotions, certain levels of training and can easily be distracted by the task at hand. They can also be victims of blackmailing, social engineering, human mistakes, phising attempts and much more. As for a machine never sleeps and does not have emotional ties to anything and can be designed to run a certain task flawlessly. The biggest difference between humans and machines is that humans can adapt to an unexpected change in the flow of work.FILLER TEXTFILLER TEXT2. What are potential risks associated with remote access?

One of the main problems with remote access is users, using personal computers to access the organizations networks. A personal computer is hard for the IT section to oversee and could present many vulnerabilities such as weak passwords, no or weak anti-virus / malware protection, phising attempts, weak firewall and users using a public wi-fi network when accessing the organizations network.FILLER TEXTFILLER TEXT3. Do you believe a separate policy should be written to address remote access? If so, what should be included in the policy?

Yes I do believe a separate policy should be written due to the fact many other risks and scenarios are brought into the factor. Within the policy I would include a guideline of what must be installed on the personal computer (if personal computer where aloud) such as approved anti virus programs, anti malware programs, password requirements, no public wifi, computer scanning, VPN access and only certain work can be done and accessed remotely.FILLER TEXTFILLER TEXT4. One of the most popular portable devices is the USB thumb drive. What are the dangers of thumb drives to organizational security? Should employees be permitted to use USB devices. 

Thumb drives can carry a plethora of malware and can be hidden on the thumbdrive until plugged into a host infecting it with a virus, malware or spyware and cause many problems on the network. Many thumbdrives come from factories overseas that do not have strict control over the product allowing it to be tampered with before reaching the consumer. If USB devices are allowed they must only be allowed on a company issued USB that have been scanned and approved along with having a strict policy in place detailing what devices they are authorized to be plugged into. If not completely necessary for the organization USB should not be authorized.

References

FILLER TEXT

Johnson, R. Security Policies and Implementation Issues. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812840706…

-Todd

FILLER TEXT

FILLER TEXT

Student two:

Why are users considered the weakest link in implementing policies?

               Technology is only as smart as the user.  In fact, it can be argued that the true limitation of technology is not that of its architectural design, but of the inability for user-bases to appropriately handle the technology for higher functionality purposes. Case in point, we literally carry the library of Alexandria in our pockets, yet consume cat videos at questionable levels. Furthermore, for the pragmatic purpose of computational technology, the user-base is often not of the same mentality.  As in, humanity makes mistakes, is exploitable, and conducts actions both knowingly and unknowingly by others.   

What are potential risks associated with remote access?

               Remote access is a terrible, and anxiety ridden, complexity.  In essence, an enterprise environment is developed within the desirable positioning of the CIA Triad. Numerous labor-hours are spent through the varying life-cycle development phases and change management requests as to ensure that the architecture is of optimal performance and quality.  Yet, something as simple as an authorized user implementing actions at a remote location can circumvent all of that work.  Essentially, the user leaving the reservations protection has created an ample opportunity for it to carry in concerning results.  Even with the use of IPsec in a tunnel mode, any overlooked aspect of the session can result in compromise.

Do you believe a separate policy should be written to address remote access? If so, what should be included in the policy?

               Yes. In fact, I would recommend a couple of policies written relating to this manner.  The first policy should be written for internal consumption by networking and cyber-based personnel.  In it, it should include restricted communication protocols and their non-typical allocation to a port number.  A second policy should be written for the deployment team, often called Help Desk, as to determine specific requirements of the endpoint relating to BitLocker, Secure Boot, Static IP, etc.  Finally, a third policy should be written for the remote user.  In this, the use of administrative controls would discuss acceptable actions, browsers, etc.

One of the most popular portable devices is the USB thumb drive. What are the dangers of thumb drives to organizational security? Should employees be permitted to use USB devices.

               USB should never be authorized on premise without direct issuance by the enterprise environment personnel. Furthermore, BitLocker should be utilized to enforce an encryption based standard of any USB utilized, as well as the endpoint modification to disable such functions without direct authorization by system administrators.  The reason for this is to prevent the potential of circumvention of perimeter defenses via endpoint entrance.  Case in point would be the infiltration of Stuxnet via USB on an air gapped network.

-Joshua

 
Do you need a similar assignment done for you from scratch? We have qualified writers to help you. We assure you an A+ quality paper that is free from plagiarism. Order now for an Amazing Discount!
Use Discount Code "Newclient" for a 15% Discount!

NB: We do not resell papers. Upon ordering, we do an original paper exclusively for you.