Information Systems and Security
Portfolio Project
Michael Harker
ITS350-1 Information Systems and Security
Colorado State University Global Campus
Dr. Elliott Lynn
09/01/2013
Summary and Explanation of Proposals
In order for ZXY Inc. to make sure that their entire organization is secure, some proposals have been put into place to protect the company. The company needs to make sure that the network, their employee’s, company devices, and communications are secure from the outside world. The proposals that have been put into place cover such areas as: access control methods, authentication, user’s accounts and passwords, cryptography, remote access, network attack mitigation, malware and device vulnerabilities, and web and e-mail attack mitigation. These proposals when combined together help form an entire security policy for ZXY Inc. to use in order to protect all company assets. Access control methods are a process that determines what services or company resources an employee has access to. These methods will be used to determine what an employee can and cannot access, as well as ways to make sure that all employees are being granted the correct access levels. Authentication is a process of determining whether someone or something is who or what they say they are. Authentication can be a form of determining whether an employee is actually the person that they say they are. Employees can be authenticated by being able to answer personal questions that only they would know or by providing a username and password that only the employee knows. User accounts and passwords provide a level of authentication for employees and is what allows these employees to gain access to a company computer or the ability to log in to a company server or other resource. Each employee should be given a unique username that is different from every other employee, and each employee should create a complex password that is associated with their username. The employee should never give out their password to
Michael Harker
ITS350-1 Information Systems and Security
Colorado State University Global Campus
Dr. Elliott Lynn
09/01/2013
Summary and Explanation of Proposals
In order for ZXY Inc. to make sure that their entire organization is secure, some proposals have been put into place to protect the company. The company needs to make sure that the network, their employee’s, company devices, and communications are secure from the outside world. The proposals that have been put into place cover such areas as: access control methods, authentication, user’s accounts and passwords, cryptography, remote access, network attack mitigation, malware and device vulnerabilities, and web and e-mail attack mitigation. These proposals when combined together help form an entire security policy for ZXY Inc. to use in order to protect all company assets. Access control methods are a process that determines what services or company resources an employee has access to. These methods will be used to determine what an employee can and cannot access, as well as ways to make sure that all employees are being granted the correct access levels. Authentication is a process of determining whether someone or something is who or what they say they are. Authentication can be a form of determining whether an employee is actually the person that they say they are. Employees can be authenticated by being able to answer personal questions that only they would know or by providing a username and password that only the employee knows. User accounts and passwords provide a level of authentication for employees and is what allows these employees to gain access to a company computer or the ability to log in to a company server or other resource. Each employee should be given a unique username that is different from every other employee, and each employee should create a complex password that is associated with their username. The employee should never give out their password to
References: Testout. (2013). Section 2.4.2. Asymmetric encryption facts. Retrieved from http://labsim.testout.com/Default.aspx?mincachedate=05-15-2013-15-00 Testout. (2013). Section 3.6.2. Remote access facts. Retrieved from http://labsim.testout.com/Default.aspx?mincachedate=08-07-2013-14-30 Testout. (2013). Section 5.2.2. Security zone facts. Retrieved from http://labsim.testout.com/Default.aspx?mincachedate=08-16-2013-15-30 Testout. (2013). Section 6.1.2. Malware Facts. Retrieved from http://labsim.testout.com/Default.aspx?mincachedate=08-20-2013-14-56 Testout. (2013). Section 7.3.2. E-mail security facts. Retrieved from http://labsim.testout.com/Default.aspx?mincachedate=08-20-2013-14-56