Nstissi 4011 Security Model: A Case Study

Superior Essays
Control measure
In order to cover above mentioned vulnerabilities and threads, the studio can consider to apply below methods to protect its confidential information. Following the NSTISSI 4011 Security Model, there are three main steps, which the company needs to consider including: policy, technology, and training & education. Firstly, the policies should be discussed, reviewed then established. Next to technology step, many applications and solutions can be applied and setup to protecting, monitoring and recovering business information. Lastly, the education and training must be taken place to public the policies and guide the usage of appropriate applications to all employees and partners.

• Policy:
Security policies are the central resources
…show more content…
Moreover, HT is a game development studio, its customers may require highly confidential project. Some further technology solutions can be used to improve to adapt to those requests, but it also requires more costs, such as:
- Using token as confirmation key for off-site accesses to the server.
- Provide encryption device for users, who own highly confidential data, to prevent the breach due to lost or stolen of their devices.
- IT department can pre-test and propose the whitelist or blacklist applications and devices for the company. This will reduce the varieties of hardware and software types, and also decrease the vulnerability of too many types of devices.

• Training and education:
Lastly, training and education is an important step in many ways. The highly secured policies will not be effective if no one knows them or understands them clearly. Moreover, employees and partners may meet various problems and violations only because they are not guide and educate how to use the security application and device correctly. Through training and education, the awareness of BYOD security threats that are facilitated by unconsciousness or negligence of employees and partners can be raised. For HT Studio, several training programs will be effective, for

Related Documents

  • Improved Essays

    Team 3: Vadde Aditya, Bishal Bk, Fang Fang, Suraj Karki, Varshini Paladugu, Raghuveerreddy Suram Week 7 Group Assignment • Discuss what can happen if the framework you choose as a foundation does not fit your organization’s business objectives. If the framework the organization choose as a foundation does not fit the business objectives, it may face several problems as following. 1.…

    • 723 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Nt1330 Unit 2

    • 369 Words
    • 2 Pages

    Based on the findings obtained from the analysis of security information then compiled recommendations for improvement of the condition of the company. Some recommendations are: 1. Describe in detail the confidentiality agreement and specifically including maintaining the confidentiality of the password 2. Reexamination of the access rights of each and updating access rights in case of transfer of part or advancement in accordance with their respective access rights. 3.…

    • 369 Words
    • 2 Pages
    Improved Essays
  • Improved Essays

    To combat these concerns, the team focused on four different controls. Insider Attack: The setting on the firewalls was set to maximum. The setting allowed the network reject, block, or deny potentially malicious payloads that would allow access. Authentication, RBAC, IDPS, and firewalls were used in conjunction to reduce insider threat opportunities. Additionally, these systems notified network administrators of any foreign presence within the boundary.…

    • 1194 Words
    • 5 Pages
    Improved Essays
  • Superior Essays

    Nt1310 Unit 8.2

    • 772 Words
    • 4 Pages

    Kaplan University IT286 Unit 8.2 Jennifer Polisano Answer 8.2: As the IT Security Professional for Web Site 101, I will be recommending adjustments for recent security issues, including data loss due to employee negligence, physical break ins, identifying employee security standards, identifying network access specifics, and the recent hacking of the home page of Web Site 101. Web Site 101 currently has 300 employees working on three levels of the office building. In the previous years, this organization has grossed 2 million dollars revenue per year. For the organization to continue to thrive, these security problems will need to be addressed immediately.…

    • 772 Words
    • 4 Pages
    Superior Essays
  • Decent Essays

    7. Application Access Control Access to programming, framework utilities and project source libraries might be controlled and confined to those approved clients who have a sensible industry need frameworks or database administrators. Approval to utilize an application might rely on upon the accessibility of a permit from the supplier. Give security from unapproved access by any utility, OS software, and malicious programming that is equipped for bypassing framework or application controls.…

    • 118 Words
    • 1 Pages
    Decent Essays
  • Improved Essays

    Nt1310 Unit 9 Final Paper

    • 586 Words
    • 3 Pages

    Opening Statement Written policies provide a means of security within organization. It establishes the regulations that all faculty must adhere to in order to protect important company and client information. The organizational policies should be read by and signed by each employee as a consensus that all regulations will be followed once joining the organization. And, for those who are current employees, to keep abreast of any amendments made to current policy, so that all employees are in compliance. These policies should be kept in an accessible place for everyone to read, so no one will be left out of the loop.…

    • 586 Words
    • 3 Pages
    Improved Essays
  • Decent Essays

    Information security policy is to protect the data and assets. We can apply policies to the users. What to access and what not to access. These security policies can protect the networks, computers, applications of the company.…

    • 342 Words
    • 2 Pages
    Decent Essays
  • Decent Essays

    I’m writing to you in response to your vacancy for the position of IT Security Specialist. I think that you’ll find that I am uniquely qualified with a broad set of skills. In 2014, I joined Renaissance RX as a help desk technician, but my eagerness to learn pushed me into several projects alongside security engineers where I helped to evaluate Palo Alto firewalls, Carbon Black whitelisting, and Dell encryption. I was also assigned to a project to deploy BMC Footprints Asset Core within our environment.…

    • 320 Words
    • 2 Pages
    Decent Essays
  • Decent Essays

    Upon determining what should be in the intranet, what risk is the organization willing to tolerate should be tackled. An assessment of the privacy controls and security controls can be determined by using NIST Special Publication 800-53A: Assessing Security and Privacy Controls in Federal Information Systems and Organizations, Building Effective Assessment Plans as a guide along with NIST Special Publication 800-30, Rev-1, Guide for Conducting Risk Assessments (NIST SP 30-1, 800-53A). To truly understand this publication is prohibitive to fully explain; however, this step is critical and will impact your intranet dramatically. To simplify: you cannot always have the risk metric you desired because by doing so would make your system so slow and unusable you could not accomplish much.…

    • 428 Words
    • 2 Pages
    Decent Essays
  • Improved Essays

    Ism 491a Capstone Project

    • 695 Words
    • 3 Pages

    This document provides the progress of my ISM 491a capstone project. This project was to research an encryption method that would strengthen the company’s environment and protect them if there was ever a data breach. As presented in my project proposal, I identified two principal objectives for this project to be successful. The first was to perform an assessment of the environment currently in place, and the second was to come up with an encryption solution that can be implemented in the company‘s environment without disrupting any applications or processes. This update will provide the research that is completed to this point, the area that I am falling behind in, and the strategy to bring the delinquent tasks up to date.…

    • 695 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    In 1996, United States Congress passed the Health Insurance Portability and Accountability Act (HIPAA) as a way for Americans to continue with health care insurance during a job transition and reduce health care fraud and abuse (California Department of Health Care Services, 2015). Providing health care services at the administrative level, the organization is responsible for protecting the individuals served private information when working with other health care providers and those supporting the individual needs. In this analysis the origins and impact of HIPAA/Private Health Information (PHI) while serving individuals with Intellectual Developmental Disabilities will be discussed, along with Bardach’s eightfold process of HIPPA/PHI and…

    • 1101 Words
    • 5 Pages
    Improved Essays
  • Decent Essays

    e) Size of the message retrieved id 107 bytes. determined as follows:- Size (message) = number of characters in the message User is asked to send message of this size. Simulation has been done in CloudSim3.0. Shares of file have been constructed in datacenter and these shares have been sent to hosts (servers) available in that datacenter.…

    • 599 Words
    • 3 Pages
    Decent Essays
  • Improved Essays

    Security Life Cycle

    • 1189 Words
    • 5 Pages

    Authorization and privileges are created and granted, which will include which part of the system will be user interfaces and interaction, how to keep all security controls, and threats are identified. In the implementation phase, vulnerabilities and threats are now looked for in the code in the structural errors and input errors (Howard, 2005). Testing of the code is the best way to perform this task. In the verification phase, it will include a final security check that will review all code that interacts with all attacks surfaces found in the design phase. Lastly, a security review is done, where the security measures are explained in terms of the end client’s stances and what and how the product is setup to withstand attacks in the future (Howard, 2005).…

    • 1189 Words
    • 5 Pages
    Improved Essays
  • Improved Essays

    Cyber Ark Case

    • 725 Words
    • 3 Pages

    Cyber Ark is an enterprise application cyber security company based in Israel with offices worldwide. The United States headquarters is in Newton, MA. with regional sales offices in Ft. Lauderdale, Houston, Las Angles and Chicago. The company is well known in the IT Security Company with a quality product designed to secure data in the enterprise as well as the cloud.…

    • 725 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    Hr Audit Paper

    • 1056 Words
    • 5 Pages

    HR Audit Strategic Management of Human Capital Jasmine Flores [Date Submitted] HR Audit Introduction Any organization faces an essential requirement to follow a certain number of rules, regulations, practices and other detailed procedures for staying on the path of success. For an organization to be successful, some of the most significant aspects which can assist it in relation to this include different instances of HR metrics. By following and monitoring significant HR metrics, a company can deal with issues effectively and raise the standards of its operations and outcomes in an informed manner.…

    • 1056 Words
    • 5 Pages
    Improved Essays

Related Topics