MIS 5214 - Section 001 - David Lanter
March 9, 2022 by Jose Gomez 29 Comments
Kelly Sharadin says
March 12, 2022 at 7:09 pm
What unique challenges does a “bring your own device” policy introduce to a corporate network? What steps can security professionals take to enhance host security on personal computers used for business?
Madalyn Stiverson says
March 15, 2022 at 5:21 pm
Data theft and malware are key concerns. If it’s a personal device, they’re potentially checking personal emails and clicking potentially unsafe links. Stolen or lost devices could be a larger issue. You’re leaving it up to the employee to follow corporate policy, such as using their fingerprint to unlock. If the employee doesn’t implement proper password protection on their personal device and it gets stolen, it’s reasonable to assume that data has been harvested.
Kyuande Johnson says
March 16, 2022 at 12:29 pm
When companies implement Bring your own device. It’s important to remember That employee owns the hardware and the Company own the Corporate Data on the device. It’s required for addition security mechanism to be in place when having company data on a bring your own device. Many BYOD, security mechanisms involve Password Policies. In efforts to protect the data stored on the device. Employees are required to change their easy to remember 4-6 Digit Pin Number to their Phone to a Password with Strict Requirements. The standard Password Policy requires 8-14 Character, With a Combination of Special Characters, Numbers and Capital Letters. Employees way have to implement dual factor authentication on certain application. Most companies utilize MS Outlook for email. There may be a requirement to set up Dual Factor Authentication on the BYOD to gain access to email.
Patrick Jurgelewicz says
March 12, 2022 at 11:20 pm
What are some common steps to secure operating systems and server applications?
Victoria Zak says
March 13, 2022 at 1:17 pm
In order to secure operating systems and sever applications, the NIST 800-123 article suggests to secure, installing, and configuring the underlying operating system and server software. Additionally, to maintain the secure configuration through the application of appropriate patches and upgrades, security testing, monitoring of logs, and backups of data and operating system files.
Other steps in order to secure an operating system would be to utilize a VPN, password protection the software and lock the device, and enable a firewall.
Remove unnecessary services, set permissions and privileges, monitor server logs, and automate backups are other steps to secure server applications.
zijian ou says
March 13, 2022 at 7:08 am
In general, what an effective system security plan should include？
March 13, 2022 at 1:08 pm
A system security plan is to provide an overview of the security requirements of the system and describe the controls in place, or planned, for meeting those requirements. However, the plan should include the descriptions of managerial policies, operational procedures, and technical components that the company plans to implement to meet the requirement of each control.
March 16, 2022 at 12:45 pm
Things that should be included in the SSP:
SSP Should sum up the security posture of a system.
– Should include the boundaries of the system
– The characteristics of the system
– The security controls on the system and how they are implemented
March 13, 2022 at 1:05 pm
What is the point of managing groups and users? Why is it important?
March 15, 2022 at 11:18 am
Hey Victoria, with every user having an account, adding security measures to these accounts is crucial to host hardening. Often it is easier to assign users to groups, then assigning measures to those groups. This requires less labor and reduces errors.
kofi bonsu says
March 15, 2022 at 8:52 pm
Security is essential in any digital environment, so to make it easier for users to manage permissions and other user accounts, Windows and Linux offer a useful feature called user groups that enable to manage them properly.
March 16, 2022 at 12:53 pm
Great Question Victoria, The purpose of managing groups and users is to apply access controls and implement separation of duties. Access control is the process of granting or denying specific request to obtain and use information. Separation of duties is the concept of having more than one person required to complete a task. Everyone in the organization should have limited access. This limited access is the bare minimum access need to complete their job tasking. Access and Permissions reviews should be reviewed periodically because there are many changes that can occur. For example an employee may need access to the developers group to complete a specific project. When that project is complete that user should no longer have access to that group.
March 13, 2022 at 1:09 pm
What considerations should be made when setting up an organizations logging policy?
Vraj Patel says
March 14, 2022 at 12:02 pm
The things that should be considered while setting up the organizations logging policy should be if the server or application that need to be logged are being monitored properly or not and if it is logging the sufficient detail required or not.
Dhaval Patel says
March 13, 2022 at 1:10 pm
Are VMs considered any more or less safe than local systems?
March 14, 2022 at 6:17 pm
Great question. If the VMs are deployed by the organization, then a greater granularity of control is afforded in terms of software installed, patching (if they regularly patch) and general visibility by enrolling the VM into a monitoring solution. If a VM becomes corrupted, it can easily be blown away and a new golden image or non-corrupted backup can be restored with little downtime. VMs can also be easily segmented wthin the network.
March 13, 2022 at 2:07 pm
The question I would discuss with my classmates is how do you ensure your systems are hardened properly?
March 14, 2022 at 12:06 pm
The one of the ways to ensure the systems are properly hardened or not is by having an effective policy in place. Which would include the details like the default credential should be changed and other related information. Also, auditing the system would ensure the appropriate controls are in place an working effectively or not.
March 15, 2022 at 5:12 pm
A good place to start is by addressing the defense in depth strategy. This means setting up controls at all layers – perimeter security, network security, data security, application security, endpoint security, and monitoring. This should all be supported by your policy.
Andrew Nguyen says
March 13, 2022 at 4:04 pm
One question that I would like to ask my classmates this week is :
Why should organizations carefully plan and address the security aspects of the deployment of the server, and what would happen if they failed to do so (ie. pushing the deployment of a server “just to get it out there” and added security aspects later?).
Antonio Cozza says
March 13, 2022 at 6:03 pm
How does the concept of a “Least Common Mechanism” work?
March 15, 2022 at 11:22 am
Hey Antonio, NIST SP 800-123 defines Least Common Mechanism as when providing a feature for the system, it is best to have a single process or service gain some function without granting that same function to other parts of the system.
Dan Xu says
March 13, 2022 at 10:43 pm
How can businesses prevent users or those with access to their accounts from navigating to sensitive information by controlling access and permissions?
March 15, 2022 at 5:15 pm
Through an identity access management tool like AD, you can set up groups such as “accounting,” and then allow that group access to accounting information and systems required to do their jobs. If it’s a large company, you can further segment this by geography. You can have a Boston Accounting team and a New York Accounting team, each of which only have access to their respective region’s data and resources.
Michael Jordan says
March 13, 2022 at 11:22 pm
What is the most effective way to view and manage all the operating systems used within an entire network? What about services? (For example, if client hosts use Windows operating systems but some servers use Linux.)
March 14, 2022 at 11:16 am
How often should the Group Policy Objects (GPOs) be reviewed for the accuracy of its included policies?
Lauren Deinhardt says
March 15, 2022 at 9:28 pm
Password creation guidelines are constantly changing; what do you think is the strongest possible password credential requirements? (within reason, of course)
March 16, 2022 at 11:58 am
What are three types of patch Management?
Olayinka Lucas says
April 18, 2022 at 10:39 pm
As an IT Security Analyst, in the interest of Incident Response, would you instead recommend system hardening or reconfiguration/development of the system from scratch?
You must be logged in to post a comment.