research about the following: Planning and implementing security for mobile comp

ID: 3772950 • Letter: R

Question

research about the following:

Planning and implementing security for mobile computers and mobile devices

Planning and implementing a secure database

Verification testing for security mechanisms that are in place

Provide recommendations to secure the computers in the Marketing department of this organization. These computers travel outside of the network, so you need to consider how they will connect to the home server, and what should be done to protect them. You should consider the level of access they have to the network and the consequence if they are stolen or used by someone outside of the organization.

Provide recommendations for securing network traffic between the workstations within the building and the server. Identify trust boundaries for the organization and recommend security measures for each trust boundary. Characterize which trust boundaries represent the highest level of trust and those that represent the lowest; what is the distinction between these levels?

Recommend measures to harden the server OS to prevent outsiders from accessing the networked computers. Identify the services for your recommended OS that will aid in the security effort. Explain the policy that should be used for patches and updated on both the server and the workstation OSs. Why is this an important consideration?

Secure the database of the organization and assign the required permissions to the users. You should create a chart of groups and permissions for this portion of the assignment (you do not need to identify specific tables, just information groups).

Describe the implementation process and timeline for your recommendations. Try to give as reasonable a timeline as possible and explain the timeframe you choose.

Explanation / Answer

Planning and implementing security for mobile computers and mobile devices:

Managing the device – the challenge with mobile devices is there are so many different settings and knobs to personalize that it can be easy for a user to put it in a state that is ripe for compromise

Protecting the device - In his article in Network World on VMware's acquisition of Airwatch, Zeus Kerrala correctly pointed out that it is impossible to remove security threats solely by managing mobile devices

Controlling the data - The network is also the right place for IT to see all mobile traffic and enforce control between applications and mobile users, and that’s true regardless of what device is being used

3-step plan:

• Start with your objectives – Identify what your goals are, which includes identifying the types of mobile devices you will support on your network and the types of critical applications and data that can be accessed from mobile devices. You need to find the right balance to deliver a mobile security environment that meets productivity and flexibility needs without putting your devices, apps, or data at risk

> Will BYOD be part of your mobile security strategy? Does it make sense to support BYOD as part of your mobile security strategy, or do you limit access for users on BYOD devices?

> Regulatory and industry concerns – How do your regulatory compliance requirements apply to mobile devices and data on it?

• Building your infrastructure - Your mobile security strategy should focus on vendor solutions that can deliver the requirements above in a comprehensive, integrated solution. Take your time to look at mobile security with a completely different perspective from traditional remote access or traditional MDM solutions. Instead the focus should be on vendors that already have a strong security and threats focus, and have an understanding of how to implement the right safe enablement policies.

• Institute mobile device policies and standards - Finally, develop mobile device policies and standards for your organization, making sure to institute them hand-in-hand with an education and training program for end-users

Planning and implementing a secure database:

identified specific requirements, selected a supplier, bought a package, made customisations and identified any necessary improvements to your ICT infrastructure. It’s time to implement your system.

The key things to remember for a successful implementation are:

Take it slowly – rushing leads to error

Pay attention to detail

Clean up your data before you add it

People are your biggest issue (and asset)

Evaluate what you do

Verification testing for security mechanisms that are in place:

System verification tests or qualification tests may include:

verifying that all system components namely, hardware, software and communications are capable of performing under expected normal conditions as well as under possible abnormal conditions, including if applicable, storage, transportation, operation and maintenance environments

verifying that hardware conforms with local environmental requirements, including shelter, space, furnishings and fittings, electrical power supply and relevant extremes of temperature, humidity and pollutio

testing of hardware, software and communications to ensure that appropriate standards are followed and that they perform its intended functions performing audits of coderevision of system documentation to ensure that it is adequate and complete

testing system security measures to ensure that they are in place, that they are adequate and that they conform to appropriate standard

verifying that appropriate quality assurance measures are in place

In addition, measures included in a software audit can include:

verifying that the code is logically correct

verifying that the programs follow a modular design, meaning that the code is made up of discreet programming modules that can be separately tested and evaluated

verifying that there is no “hidden” code intended to perform unauthorised functions

checking that the programming is straightforward, relatively easy to understand and contains code comments to facilitate maintenance by different staff

verifying that the programming is designed to facilitate testing meaning that it includes code to allow testing of data flow of data within and between modules

verifying that the code is robust including error treatment routines that prevent the loss of data while identifying, logging and reporting errors so as to allow for a rapid detection and correction of errors

verifying that code incorporates security features that will prevent unauthorised access and/or detect and control any attempts at unauthorised access

verifying that the system is user-friendly and does not require complex or obscure procedures that are difficult to follow

verifying that the software can be easily installed in the live environment

verifying that the software can be easily maintained, and that errors or defects can be easily identified, corrected and validated after installation

checking whether the software can be easily modified to add new features

Once all the components of the system are verified, a report is issued and the necessary measures need to be taken to correct the problems found during the verification exercise. Once the corrections take place another round of verification needs to take place.

Provide recommendations to secure the computers in the Marketing department of this organization

Explain the policy that should be used for patches and updated on both the server and the workstation OSs. Why is this an important consideration?

Security and Patch Information Sources
A key component of patch management is the intake and vetting of information regarding both security issues and patch release - you must know which security issues and software updates are relevant to your environment. An organization needs a point person or team that is responsible for keeping up to date on newly released patches and security issues that affect the systems and applications deployed in its environment. This team can also take the lead in alerting administrators and users of security issues or updates to the applications and systems they support and use. A comprehensive and accurate asset management system can help determine whether all existing systems are accounted for when researching and processing information on patches and updates Secure the database of the organization and assign the required permissions to the users.

You should create a chart of groups and permissions for this portion of the assignment

Visitors

Read

Use this group to grant people Read permissions to the SharePoint site.

Members

Edit

Use this group to grant people Edit permissions to the SharePoint site.

Owners

Full Control

Use this group to grant people Full Control permissions to the SharePoint site.

Viewers

View Only

Use this group to grant people View Only permissions to the SharePoint sit

By default, the following permission levels are available:

Describe the implementation process and timeline for your recommendations:

View Only Includes permissions that enable users to view pages, list items, and documents.

Limited Access Includes permissions that enable users to view specific lists, document libraries, list items, folders, or documents, without giving access to all the elements of a site. You cannot edit this permission level directly

Read Includes permissions that enable users to view items on the site pages.

Edit Includes permissions that enable users to add, edit and delete lists; can view, add, update and delete list items and documents.

Contribute Includes permissions that enable users to add or change items on the site pages or in lists and document libraries.

Design Includes permissions that enable users to view, add, update, delete, approve, and customize the layout of site pages by using the browser or SharePoint Designer 2013.

Full Control Includes all permissions

Identify Deliverables

The first step is to identify the main project (i.e. Website Redesign), and then pinpoint the specific deliverables associated with the project. For example, upon completion of the redesign, you will be providing the client with a newly designed website by FTPing the site files and sending the client a CD or USB drive with the working files.

Break It Down

Next, I take the project and break it down into simple tasks separated by component – the more specific the better – that will get us to the deliverables. Here is an example of what the tasks may look like:

Project Planning

Design

Testing

Group name Default permission level Description