Preview

Kudler Security Report

Powerful Essays
Open Document
Open Document
8349 Words
Grammar
Grammar
Plagiarism
Plagiarism
Writing
Writing
Score
Score
Kudler Security Report
Kudler Fine Foods IT Security Report and Presentation Security Considerations

CMGT/400

Kudler Fine Foods IT Security Report and Presentation Security Considerations

According to Whitman and Mattord (2010), The ISO 27000 series is one of the most widely referenced security models. Referencing ISO/IEC 27002 (17799:2005), the major process steps include: risk assessment and treatment, security policy, organization of information security, asset management, human resources security, physical and environmental security, communications and operations management, access control, information systems acquisition, development, and maintenance, information security incident management, business continuity management, and compliance (Chapter 10, Security Management Models). 1. Risk assessment and treatment 2. Security policy: Focuses mainly on information security policy 3. Organization of information security: For both the internal organization and external parties 4. Asset management: Includes responsibility for assets and information classification 5. Human resources security: Ranges from controls prior to employment and during employment to termination or change of employment 6. Physical and environmental security: Includes secure areas and equipment security 7. Communications and operations management: Incorporates operational procedures and responsibilities, third-party service delivery management, systems palnning and acceptance, protection against malicious and mobile code, backup, network security management, media handling, exchange of information, electronic commerce services and monitoring 8. Access control: Focuses on business requirement for access control, user access management, user responsibilities, network access control, operating system access control, application and information access control, and mobile computing and teleworking 9. Information systems acquisition, development, and maintenance: Includes



References: Whitman, M., & Mattord, H. (2010). Management of Information Security (3rd ed.). Retrieved from https://ecampus.phoenix.edu/content/eBookLibrary2/content/eReader.aspx? assetMetaId=fabd4b16-12a9-47f4-bf47-bcb1410f0ee1&assetDataId=d660cb13-8789-4280-aae9-4243087d34dc&assetpdfdataid=d910f4d6-8741-440e-abc7-b24644f4b198 SANS: SCORE. (2012). Retrieved from http://www.sans.org/score/ISO_17799checklist2.php

You May Also Find These Documents Helpful

  • Satisfactory Essays

    Discussion 1

    • 396 Words
    • 2 Pages

    From a management perspective, analyze the overall industry requirements and major organizational challenges of forming a sound information security program, and ascertain the fundamental manner in which regulations and compliancy may factor into the challenges in question.…

    • 396 Words
    • 2 Pages
    Satisfactory Essays
  • Better Essays

    Cmgt400 Week 3

    • 1752 Words
    • 8 Pages

    Whitman, M., & Mattord, H. (2010). Management of Information Security (third ed.). Pittsburgh, PA: Cengage Learning.…

    • 1752 Words
    • 8 Pages
    Better Essays
  • Satisfactory Essays

    Tags: sec402, sec 402, Cyber Security, sec 402 Cyber Security, strayer university, sec 402 strayer, sec 402 complete class, sec402 entire, sec 402 complete, sec 402 case study 1, case study, assignment, complete class, sec 402 Case Study 1 - The Critical Need for Information Security, sec 402 Assignment 1 - Developing the Corporate Strategy for Information Security, sec 402 Case Study 2 - Developing the Forensics, Continuity, Incident Management, and Security Training, sec402 Assignment 2 - Implementing Network and Personnel Security Measures, The Rookie Chief Information Security Officer, sec402 term paper The Rookie Chief Information Security Officer, sec 402 mid, sec402 midterm exam, sec 402 final, sec402 final exam, testbank, quiz bank…

    • 265 Words
    • 1 Page
    Satisfactory Essays
  • Powerful Essays

    In a global economy, businesses thrive with good Information technology infrastructures. Information technology plays vital roles in successful businesses. Although tools like online advertising, and e-commerce can help businesses thrive in today’s global economy. However, this paper will focus on the importance of Information security functions within Ecolab’s IT organization. Furthermore, the impacts of information security functions from a business perspective will be discussed.…

    • 1661 Words
    • 7 Pages
    Powerful Essays
  • Satisfactory Essays

    7. Operational management is responsible for directing the day-to-day operations of the business and therefore needs transaction-level information.…

    • 1491 Words
    • 6 Pages
    Satisfactory Essays
  • Better Essays

    Kim, D., & Solomon, M. (2012). Fundamentals of information systems security. Sudbury, MA: Jones & Bartlett Learning.…

    • 1049 Words
    • 5 Pages
    Better Essays
  • Powerful Essays

    The number one responsibility of the Information Assurance/Network Security Officer(s) is to maintain the best security posture for the network that is possible. This task also means that the confidentiality, availability and integrity of the system are maintained. One of the first steps towards this is to perform an assessment of the potential issues with all areas of the network. A preliminary security assessment will begin the task of identifying a list of vulnerabilities (weaknesses and flaws) that could possibly be exploited by a threat (Develop, n.d.).…

    • 1453 Words
    • 6 Pages
    Powerful Essays
  • Powerful Essays

    Cyber Warfare/Motivations

    • 1841 Words
    • 8 Pages

    Krutz, Ronald L.; Russell Dean Vines (2003). The Information Security Systems Prep Guide (Gold Edition ed.). Indianapolis, IN: Wiley.…

    • 1841 Words
    • 8 Pages
    Powerful Essays
  • Powerful Essays

    Mod 1 Case Assingment

    • 1465 Words
    • 5 Pages

    Some of the benefits of having frameworks for information security management are, that they serve as a common ground for integrating all types of information security functions. It also helps answer question of how to react to information security issues. As well as, helping identify what the important components involved in establishing and maintaining information security initiatives. Since our information faces more potential security breaches than ever before (Ma, Schmidt, Pearson, 2009 p. 58).…

    • 1465 Words
    • 5 Pages
    Powerful Essays
  • Powerful Essays

    Security Incidents

    • 2032 Words
    • 9 Pages

    Security incidents are imminent threats of violation of computer security policies, acceptable use policies, or standard security practices such as evidence of data tampering, unauthorized access or attempts at unauthorized access from internal and external sources, threats and attacks by an electronic medium, defaced Web pages, detection of some unusual activity such as malicious code or modified…

    • 2032 Words
    • 9 Pages
    Powerful Essays
  • Powerful Essays

    FISMA Analysis Paper

    • 1671 Words
    • 7 Pages

    Agencies must produce a total, accurate, and complete assessment of all information and systems including security status, risk, and remediation (IBM, 2007). However, this can be very taxing when systems are “spread across many organizations and geographies” (IBM, 2007, 4.)…

    • 1671 Words
    • 7 Pages
    Powerful Essays
  • Good Essays

    Scope: Access control is the process of determining which users are allowed to perform what operations on which objects in a computer system. Healthcare information systems contain sensitive information about patients that is vital in the treatment process. Procedure:…

    • 458 Words
    • 2 Pages
    Good Essays
  • Better Essays

    Information System Risks

    • 1562 Words
    • 7 Pages

    Businesses realize that the security of their information system is a major part for an organization in the continued pursuit of organizational operations and providing services. The principles of risk management, identification, assessment, and prioritization must be determined by management prior to establish and implementing levels of information system security. In addition, vulnerabilities, internal threats, and external threats must be uncovered and addressed to secure the information system. Establishing different levels of security to secure the information system of Professional Security Training School (PSTS) will limit potential security threats. In analyzing the information system risks of PSTS, decisions must be made to deter or limit potential security threats, which are the client database, staff accessibility, and client privacy.…

    • 1562 Words
    • 7 Pages
    Better Essays
  • Best Essays

    It checks for connection speed and static on the line to ascertain the best route for the packet to take to reach its destination. Acting as a gateway between networks, routers make sure that data is delivered to its proper destination. The second purpose of a router is to ensure that data does not go where it is not permitted. By acting as a virtual network traffic cop, routers keep data and specifically large files from being distributed to all machines on a network, which could potentially cripple the network (Hill,…

    • 4393 Words
    • 18 Pages
    Best Essays
  • Better Essays

    References: Curtis, G. E., & McBride, R. B. (2011). Proactive Security Administration. Boston: Prentice Hall.…

    • 1061 Words
    • 5 Pages
    Better Essays