Write a 200 word answer for EACH of the 8 discussion questions below.
#1. Answer DQ1 in 200 word minimum.
Review the Secure Mail Relay using Forefront Threat Management Gateway 2010 lab. (Link Below)
What did you learn? What did you think was most valuable?
#2. Answer DQ2 in 200 word minimum.
Under what factors would you recommend that an organization store information outside of its system? What dangers would you warn against? What recommendations could you provide to address the dangers?
#3. Respond to Troy’s answer to DQ2 in 200 word minimum.
For some computer owners, finding enough storage space to hold all the data they've acquired is a real challenge. Some people invest in larger hard drives. Others prefer external storage devices like thumb drives or compact discs. Desperate computer owners might delete entire folders worth of old files in order to make space for new information. But some are choosing to rely on a growing trend: cloud storage. Cloud storage has several advantages over traditional data storage. For example, if you store your data on a cloud storage system, you'll be able to get to that data from any location that has Internet access. You wouldn't need to carry around a physical storage device or use the same computer to save and retrieve your information. With the right storage system, you could even allow other people to access the data, turning a personal project into a collaborative effort. In short, cloud computing leads to more efficiency, lower costs, and greater consumer convenience.
The three biggest risks associated with cloud computing have to do with security, data loss, and unauthorized access. The transfer of vast amounts of confidential data from a company to a cloud service means relinquishing control of data security. It is critical to understand a cloud provider's disaster recovery capabilities in the event of an emergency and ensuring that the provider has a good understanding of document retention regulations that may apply.
The potential for data loss, particularly in cases of power cuts, must be at the forefront of executives' minds when settling on a cloud provider. Here, the most important issue is ensuring that the cloud provider understands regulations and privacy rules that apply to certain kinds of data, especially information that pertains to personal health and financial records.
Cloud computing may be exceedingly efficient but it raises unique questions about how to avoid possible breaches, particularly because the size of cloud environments makes them likely targets for hacking attacks. Experts say the first step is to ask the right questions of a cloud provider, like how data will be encrypted, who is responsible for encrypting data, how access controls function and how vulnerabilities are assessed.
#4. Answer DQ3 in 200 word minimum.
Consider an organization (nonprofit, employer, or personal use) that is familiar to you. If this organization was to open up mobile access to their systems, what three specific threats would be most important to consider and why? Are the risks greater as an internal user (employees, contractors, and so on) or an outside customer? Defend your claims.
#5 Respond to Kieth’s answer to DQ3 in 200 word minimum.
At the school district I work for we encourage students to bring their own device to use during the school day. We have separated them on their own V LAN and are only allowed to connect their devices to the BYOD wireless network. Most of the services utilized in the classroom are outside links such as; Blackboard, Google Classroom and other educational resources. However the students may have to access their district storage drive to access files. That connection is facilitated via Stoneware and my.rjuhsd.us portal. The user enters their user name and password and is directed to their files or folders their account has permission to. Security risks related to wireless access include but are not limited too;
â–ªMalicious apps (malware):
â–ªUser account compromised
â–ªDevice stolen or lost containing confidential data- ie. email
Implementation of a BYOD program presents agencies with a myriad of security, policy, technical, and legal challenges not only to internal communications, but also to relationships and trust with business and government partners. The magnitude of the issues is a function of both the sensitivity of the underlying data and the amount of processing and data storage allowed on the personal device based on the technical approach adopted. Generally speaking, there are three high-level means of implementing a BYOD program:
â–ªVirtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
#6 Respond to Todd’s answer to DQ3 in 200 word minimum.
I manage a warehouse for a construction supply company and we do not currently offer mobile access to our systems. The subject has come up with increasing frequency in recent months, so I anticipate that we will begin providing mobile access to our systems in the near future.
Before deploying mobile access to our systems, my company should develop threat models which would identify company resources and the likelihood of attacks on these resources. Analyzing this information will help determine where security controls need to be added or improved. Threat modeling helps organizations to identify security requirements and should be incorporated into the design of mobile device deployments because it helps reveal the controls needed to meet security requirements.
Three specific threats that should be considered are the use of untrusted networks, the use of location services, and the use of applications created by unknown services. Since mobile devices primarily use non-organizational networks for Internet access, organizations usually have no control over the security of the external networks that mobile devices use. Location services are heavily used by social media, navigation, and other mobile-centric applications. Mobile devices with location services enabled are at increased risk of targeted attacks because it allows attackers to associate the kinds of activities users are performing in particular locations. Applications created by third-parties pose obvious security risks, especially for mobile device platforms that do not place security restrictions on third-party application publishing.
Souppaya, M. (2013). Guidelines for Managing and Securing Mobile Devices in the Enterprise. Retrieved from http://csrc.nist.gov/publications/drafts/800-124r1/draft_sp800-124-rev1.pdf
#7. Answer DQ4 in 200 word minimum.
A common system for outside customers is a website, but other systems are also possible. What are four important steps an organization can take to secure systems available to outside customers and other end users? Defend the importance and value of each step.
#8. Answer DQ5 in 200 word minimum.
Discuss the value and security risks of virtual private network (VPN) usage. Discuss how an organization can enable business needs while limiting risk with proper use of VPNs and related solutions, such as desktop virtualization.
|Due By (Pacific Time)||03/21/2015 12:00 pm|
out of 1971 reviews
out of 766 reviews
out of 1164 reviews
out of 721 reviews
out of 1600 reviews
out of 770 reviews
out of 766 reviews
out of 680 reviews