Unit Assignment free essay sample

There are many different ways to go about this topic the one I am going to pick Is a public key Infrastructure (PKZIP). One of the security options that we are going to use is Privacy or confidentiality. This will keep all information secret from all people unless you are authorized to see it. This will help with employees not finding things that they should not see like social security numbers, address, and sensitive documents for the company and so on. Having this as a security options is great. I would implement this on all of the networks that I would manage.The next feature that I will suggest to Irishman Investment would be Access control. Access control restricts access to network resources and would require the user to have privileges to the resources. This would go hand and hand with the first feature that I suggested. You will need this for the first feature that I picked to give the users proper permissions to resources and this will help keep users out that should not have access to the resource. Issue 3: There was a lack of urgency in notifying the Secretary of Veterans Affairs by his immediate staff. They did not notify the Secretary until 16 May 2006 a full 13 days after the theft of data.This was not clearly identified as a high priority incident and there was a failure to follow up on the Incident until after they received a call from the Inspector General (Offer, 2006). Issue 4: Information Security officials failed to effectively trigger appropriate notifications and begin an Investigation of the stolen data. The Information security officials Incident report contained omissions and escalating errors. This resulted in missed opportunity to re-create the contents of the laptop ND external drive and to recognize the severity of the potential loss of data.The subjectivity operations officials failed to ensure a timely investigation and notifications were made regarding the severity of the lost data (Offer, 2006). Issue 5: VA Policies, procedures and practices were not easy to identify, were not current, nor were they complete. The VA policies and procedures for safeguarding against disclosure of private information were inadequate with regard to preventing the data loss incident. The policies and the procedures for reporting and investigating lost or toluene private data was not well-defined In the VA policies (Offer, 2006). Recommendations: 1 . Implement a centralized Agency-Weld Information Technology (IT) security program. 2. Implement a patch management program to ensure programs and applications are up-to-date with security patches. 3. Implement effective monitoring and correct security vulnerabilities. 4. Deploy and install Intrusion Detection Systems (IDS). 5. Implement and use Configuration Management. 6. Utilize application program/operating system change controls. 7. Install more triggering physical access controls. 8.Utilize penetration testing to test the security of the wireless network. 9. Encrypt sensitive, personal and proprietary data on VA networks. 10. Implement training for VA employees and contractors by utilizing training modules which are up-to-date (Offer, 2006). 11. Establish one concise and clear VA policy on safeguarding protected data when stored and not stored on a VA automated system. Ensure this policy is easily and readily accessible to employees. Hold employees accountable for non- compliance (Offer, 2006). 2.Establish a VA policy and procedures which provide clear and consistent standards for reporting, investigating, and tracking incidents of loss, theft, or potential disclosure of protected data. Include specific timeshares and responsibilities for reporting within the VA chain-of-command, Office of the Inspector General (If appropriate or applicable) and other law enforcement agencies. Ensure the policy and procedure specifies when it is appropriate to notify individuals whose protected data may have been compromised (Offer, 2006)