Port Scanning Policy

Improved Essays
2. Policies Associated with vulnerability assessment and Penetration testing:
Organizations should enforce policies that must be strictly adhered by all associated people to make penetration tests successful and maximize the vulnerability detection rate and fix the detected risks.
a. Port Scanning Policy:
1. Purpose and Scope: The purpose of this port scan is to get the information about the devices connected in the network and get verified from the security officer so that none of the irrelevant ports are open and to make companies devices more secure. This policy is applicable to the security officer having control over devices connected in the network.
2. Policy: This policy covers the guidelines for scanning the companies’ infor-mation
…show more content…
The scanning process requires prior approval by the owner or administrator of the system.
 Approved LAN and Desktop Support and Network Services staff may conduct a port map to resolve a service problem, as a part of normal system operations and maintenance, or to enhance the security of systems.
 The Companies Security Officers performs a port map or scan to monitor compliance with this policy to perform security assessments, or to investi-gate security incidents.
 Approved companies support staff shall perform an unauthorized port scan on a system in cases where directed by authority persons.
3. Enforcement: Violation of this policy or scanning the companies’ system without prior permission of the security officers could result in loss or limita-tions on use of information resources, as well as disciplinary and/or legal ac-tion, including termination of employment or referral for criminal prosecu-tion.

b. Vulnerability Assessment Policy:
1. Purpose: To permit authorized resources (from selected third party) to per-form vulnerability
…show more content…
Roles and Responsibilities: Chief security Officer: Developing test proce-dures, performing periodic testing, documenting results and communicating vulnerabilities to the respective team leads, suggesting potential mitigation strategies.
5. Enforcement: Violation of the policy could result in loss or limitations on use of information resources, as well as disciplinary and/or legal action, includ-ing termination of employment or referral for criminal prosecution.

c. Password Policy: Upon exploiting the vulnerability of the target system the pen tester can extract the passwords and crack them to login to other systems. Hav-ing a strict password policy will help reduce this vulnerability.
1. Scope: This policy is designed to protect the organizational resources on the network by requiring strong passwords. This policy applies to all personnel who have any form of computer account on the organizational network. 2. Policy:
 Organization should have password checker so that the employees know the strength of the password. There should be application to check that the old and new passwords are not similar. The feature of “remember password” should not be enabled.
 Notification to change the password after 90 days should be

Related Documents

  • Great Essays

    d. Any files received either electronically sent or through removable media should be scanned for probable malicious software content. e. Electronic mail attachments and downloads should be checked for malicious software before use. The corporate email system should be protected against this and “SPAM”. f. An incident response procedures and team should be established to deal with the outbreak of this malicious software. g. User awareness and training should be periodically done to inform users of the risks associated with obtaining files and software either from non-trusted websites, or on any other medium, indicating what protective measures should be taken.…

    • 1344 Words
    • 6 Pages
    Great Essays
  • Improved Essays

    Best way to achieve an application level security in a cloud environment is to analyze and address security threat at various cloud service model such as SaaS, PaaS and IaaS .For example in case of IaaS service model developers are given capability to develop and deploy application in a cloud environment. Developer may not be concerned with the application security of the application his is deploying in a cloud environment. Application runs on a provider’s infrastructure hence provider is responsible to provide various security measures so that infected application sharing resources with others does not affect other applications. Following are the security measures identified by in research paper…

    • 745 Words
    • 3 Pages
    Improved Essays
  • Improved Essays

    I will pass policies that show employees how to construct strong passwords to log in to the system such as P0c0nt@s2132, in which shows not only letters but upper case, symbols, and numbers. As well as, a secret question and password must be provided to provide reassurance that the person logging in is who they say they are. Next would be to have the right and updated anti-virus and malware protections. This will help detect threats that enter the system. Locking your network and applying wired networks, which involves plugging into physical outlets or hacking modem ports.…

    • 700 Words
    • 3 Pages
    Improved Essays
  • Great Essays

    Information technology experts should install antivirus software that will detect threats to the system. Supervisors should conduct network monitoring to identify areas of risk. Security officers should ensure that only people with approval access the control room. Once the management approves the mechanism of putting a firewall in place, implementation through the use of security codes and key cards for high level authorized personnel (Johnson, 2014). Workers will get training on ways of using the system and detecting threat to ensure that there is no loop hole for data manipulation.…

    • 1257 Words
    • 6 Pages
    Great Essays
  • Superior Essays

    Cyber Attack Case Study

    • 956 Words
    • 4 Pages

    Once the critical business information is identified, a planned response needs to be identified as to how to protect that information. The protection plan may begin with the Information Technology (IT) Department with software but essentially it is individual responsibility of how the information is kept safe. Information is always vulnerable and people are looking to find ways to gain access. By having checks in place, if a hack does occur, the violation can be detected sooner and planning continues to prevent future attacks from happening again by devising a deflect plan, and how to go about defending in the future. Firewalls are put in place to keep individuals from hacking into the database at the place of my employment.…

    • 956 Words
    • 4 Pages
    Superior Essays
  • Great Essays

    Risk Analysis Assignment

    • 1273 Words
    • 6 Pages

    They typically take which sequence of steps? The steps involved in risk analysis are; (1) identifying any potential risks, (2) assessing the risks the risks that are found, and (3) controlling threats to an organization 's IT infrastructure in hopes of lowering or eliminating security threats. Two factor authentication is another method for attempting to block unauthorized access to a system, network, or general sensitive information. Two factor authentication requires "something you know"; a password or PIN, and "something you have"; a card, dongle, cellphone, or other piece of hardware. Finally, it is possible to reduce an attacker 's chances by keeping systems up to date with items such as security patches and system software and hardware…

    • 1273 Words
    • 6 Pages
    Great Essays
  • Decent Essays

    Data Breach Case Study

    • 706 Words
    • 3 Pages

    Creating and maintaining an incident response plan as well informing employees of its existence is significant. In the chaotic incident of a data breach a guide and listing of steps will assist in the process. It is also imperative to define security requirements upfront with vendors and other third party service providers. It may be necessary to acquire outside services to uphold and maintain appropriate security measures to comply with certain state and federal regulations. Ensuring that the company maintains control of data at all times, especially with data storage or services, is…

    • 706 Words
    • 3 Pages
    Decent Essays
  • Improved Essays

    Security Life Cycle

    • 1189 Words
    • 5 Pages

    Lastly, a security review is done, where the security measures are explained in terms of the end client’s stances and what and how the product is setup to withstand attacks in the future (Howard, 2005). The final phase is watching out for new vulnerabilities and implementing fixes patches and updates in a timely matter to alleviate future compromises. Also in this phase, reports are created of errors that have occurred and prevention of new errors from rising. The web server attack can cause harm to an organizations name and brand. The consequences can be website damage and destruction, compromised information, alteration of data (users ' personal data), and web server infringement.…

    • 1189 Words
    • 5 Pages
    Improved Essays
  • Superior Essays

    There are many different ways you can identify your risks. You can start by brainstorming with personnel and work on identifying which of your assets are at risk. Take for example the difference of a server to a workstation is terms of security. A server is more likely to contain more sensitive information on it than your typical workstation, so even though the workstations need to be secured, a stolen or compromised server would cause more damage and therefore needs to be placed hire on the risk chart. After you have identified your risks, you can then begin to develop a policy that will help to reduce or eliminate the risks.…

    • 1045 Words
    • 4 Pages
    Superior Essays
  • Improved Essays

    A Vulnerability Assessment needs to be completed to identify weaknesses in the network security configuration in order to suggest changes. We must keep in mind that documentation on how the network systems are configured is critical for the recovery process during a penetrating testing. Vulnerability Assessments are designed to identify network weaknesses and help coming with security improvements and remedies. Penetration testing is a testing method that tries to exploit a weakness in the system to prove that an attacker could successfully penetrate it. (Kim, D. & Solomon, Michael 2014, page 486).…

    • 706 Words
    • 3 Pages
    Improved Essays