Premium Essay

Security and Information Sharing Model

In: Computers and Technology

Submitted By Jagrace
Words 381
Pages 2
To set up a security and information sharing model for the company, it will be much better to utilize a manager security structure through Active Directory than through Workgroups. The reason for this is that there are many different departments within the company. Some information should only be available to specific users within various departments (such as managers). Other information should be available to all employees (employee handbooks, calendars, etc) and still other information should be accessible to only certain groups of people in specific departments (accounting, payroll, etc.)
By instituting a managed security structure, it will be much easier to manage the access to resources and the addition or removal of users and/or access to these resources as the company grows and changes.

The file/print/application architecture will be a client/server architecture so that the management of access to information and resources is in the hands of the network administrator as opposed to the individual users. This is an obvious security measure in any company dealing with sensitive information which should not be shared with all employees. Also this will create a centralized management system for the access to information and resources, making it easier to institute changes across the board.

It would be very beneficial to create security group memberships in Active Directory, for the centralized and timely management of security. Simple changes to the security groups could allow or disallow access to sensitive data for individuals or groups, and could be done instantaneously. Also, this type of security management allows for changes to be made in a more efficient way compared to manual creation of security for certain files and folders.

To ensure that security is maintained, it would be critical to plan the different groups, group membership, access…...

Similar Documents

Premium Essay

Information Security

...JONES & BARTLETT LEARNING INFORMATION SYSTEMS SECURITY & ASSURANCE SERIES LABORATORY MANUAL TO ACCOMPANY Security Strategies in Windows Platforms and Applications 1E REVISED 38542_FMxx.indd i 9/5/12 10:48 AM World Headquarters Jones & Bartlett Learning 5 Wall Street Burlington, MA 01803 978-443-5000 info@jblearning.com www.jblearning.com Jones & Bartlett Learning books and products are available through most bookstores and online booksellers. To contact Jones & Bartlett Learning directly, call 800-832-0034, fax 978-443-8000, or visit our website, www.jblearning.com. Substantial discounts on bulk quantities of Jones & Bartlett Learning publications are available to corporations, professional associations, and other qualified organizations. For details and specific discount information, contact the special sales department at Jones & Bartlett Learning via the above contact information or send an email to specialsales@jblearning.com. Copyright © 2013 by Jones & Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. No part of the material protected by this copyright may be reproduced or utilized in any form, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the copyright owner. The Laboratory Manual to accompany Security Strategies in Windowa Platforms and Applications is an independent publication and has not been authorized, sponsored, or......

Words: 25969 - Pages: 104

Premium Essay

Bridgewater Interiors Information Sharing

...Methods of Sharing Information at Bridgewater Interiors Patricia Reed HCS/325 January 30, 2012 Kelli Reid Methods of Sharing Information at Bridgewater Interiors The way that a business shares knowledge inside the organization as well as outside of the organization is very important. Whether a business shares knowledge through traditional means, or the new boundaryless means is critical to the success of the business. What are boundaryless organizations? “Boundaryless organizations communicate mainly through email, phone and other virtual methods rather than more traditional face-to-face communication. The freedom to telecommute with international employees removes geographical barriers to productivity and allows for schedule flexibility” (Hearst Communications, 2012). This paper will discuss the ways Bridgewater Interiors effectively shares knowledge within the organizations, and outside of the organization. This paper will also discuss whether these methods of communication are effective or ineffective, how these techniques can be used in a health care organization, and the impact that technology can have on information sharing. Bridgewater Interiors, a manufacturing company uses a variety of techniques and tools to effectively communicate with its business associates and employees. The first is daily team meetings at the beginning of every shift for all employees. The purpose of the daily team meetings is to exchange information that effects the entire facility,...

Words: 1062 - Pages: 5

Free Essay

Information Sharing Models

...extend to online use.) CHAPTER 19 Information Systems Approach to Organizations of Karl Weick My father worked at a large metropolitan newspaper. I was six years old when he first took me to experience the final hour before the morning edition was "put to bed." The place was alive with activity-shouted orders, quick telephone calls, and copy boys running last-minute changes to the composing room. The whole scene was like watching a huge animal struggling for survival. Many systems theorists regard the image of a living organism as an appro­ priate metaphor to apply to all organizations-one model fits all. Even though mosquitoes, sparrows, trout, and polar bears represent vastly different species in the animal kingdom, they all have systems to provide for nourishment, respira­ tion, reproduction, and elimination of bodily waste. Karl Weick is uncomfortable comparing organizations to live bodies, but he definitely regards organizing as a lively process. Weick is the Rensis Likert Profes­ sor of Organizational Behavior and Psychology at the University of Michigan. Whether he's examining a publishing company, IBM, the city council, or a local jazz band, Weick focuses on the common process of organizing (verb) rather than the static structure of the organization (noun). He sees his approach as capturing a slice of life; traditional analysis is like performing an autopsy. Weick equates organizing with information processing; information is the common raw material that......

Words: 3592 - Pages: 15

Premium Essay

Information Sharing

...operations professionals to the best of my ability? How do I share information across the board as fast as I can? Then, how do I drive that connectivity into my supply base? That’s one thing that’s required if we are to engage suppliers early in the process. Q: Is it fair to say that the new standards you have from DOD will ripple back through your organization? Noshirwani: In my mind it has to—the DOD is our customer. We have strong relationships with our DOD customers, built on our performance and superior solutions we provide. New standards are another aspect of the dynamics of this business. We know we need to listen and be responsive to our customer needs, and provide solutions at ramp speed. Q: A final question: How important to supply chain reengineering is support from top management? Noshirwani: My boss, IDS president Dan Smith, will say at every meeting: If we can’t get our suppliers in line, and if we can’t change how we do business internally, then we’re not going to get to where we need to be to. Time is of the essence. It’s an absolute must happen. Source: Bernstein, M., “Raytheon Goes From Traditional Purchasing to an Integrated Supply Chain,” World Trade, V. 18, No. 11, 2005, pp. 36–38. Used with permission. INTRODUCTION Unfortunately, in too many journal and magazine articles, books, and television programs these days, supply chain process integration is dealt with solely in terms of information system applications—in other words, simply......

Words: 19930 - Pages: 80

Free Essay

Information Sharing

... Element 1 Group work – Identifying Usability Goals: As part of the study to determine the usability and justification of this portal, product and service, I have prepared a user profile and a persona for the intended user of the website http://triposo.com/ This application is an interactive city guide which can be accessed over a number of platforms to assist a number of users to access information of a travel nature. My research has led me to choose the student tourist who has graduated from undergrad school and is taking a year out to travel the world. Profile of users & Persona: • Users of mobile and Wi-Fi platforms • To access on the go • Easy to access • Quick access of processed information/Data • Amount of info to access • Accessibility on various platforms – Android, IPod, Blackberry • Offline accessibility due to location and the ability to get phone or WI-FI coverage. Target Audience: My initial research led to choose the age group of 19yrs to 25yrs old, as this would be the average age of students who could leave home to travel long distances and have the discipline to be responsible. The gender would be unisex as this product isn’t geared to a particular sex but to both sexes. And the social demographic as stated are young adults, the ethnic back grounds would be in effect, Asian, European and afro – American / Caribbean: Age: 19 - 25 Gender: Male / Female Social –Demographic: Young adults. ...

Words: 1276 - Pages: 6

Premium Essay

Information Security

...Information security means protecting information and information systems from unauthorized access, use, disclosure, modification or destruction. Since the early days of writing, heads of state and military commanders understood that it was necessary to provide some mechanism to protect the confidentiality of written correspondence and to have some means of detecting tampering. For over twenty years, information security has held confidentiality, integrity and availability as the core principles of information security. Confidentiality is the term used to prevent the disclosure of information to unauthorized individuals or systems. Confidentiality is necessary (but not sufficient) for maintaining the privacy of the people whose personal information a system holds. In information security, integrity means that data cannot be modified without authorization. When Management chooses to mitigate a risk, they will do so by implementing one or more of three different types of controls. Administrative controls form the framework for running the business and managing people. Logical controls (also called technical controls) use software and data to monitor and control access to information and computing systems. Physical controls monitor and control the environment of the work place and computing facilities. Information security uses cryptography to transform usable information into a form that renders it unusable by anyone other than an authorized user; this process is called......

Words: 4064 - Pages: 17

Premium Essay

Information Security

...production from the worm outbreak last month, and they directed us to improve the security of our technology. Gladys says you can help me understand what we need to do about it.” “To start with,” Charlie said, “instead of setting up a computer security solution, we need to develop an information security program. We need a thorough review of our policies and practices, and we need to establish an ongoing risk management program. There are some other things that are part of the process as well, but these would be a good start.” “Sounds expensive,” said Fred. Charlie looked at Gladys, then answered, “Well, there will be some extra expenses for specific controls and software tools, and we may have to slow down our product development projects a bit, but the program will be more of a change in our attitude about security than a spending spree. I don’t have accurate estimates yet, but you can be sure we’ll put cost-benefit worksheets in front of you before we spend any money.” Fred thought about this for a few seconds. “OK. What’s our next step?” Gladys answered, “First, we need to initiate a project plan to develop our new information security program. We’ll use our usual systems development and project management approach. There are a few differences, but we can easily adapt our current models. We’ll need to appoint or hire a person to be responsible for information security.” The Need for Security Our bad neighbor makes us early stirrers, Which is both healthful and good......

Words: 24411 - Pages: 98

Free Essay

Sharing Informations

...Sharing informations rzgporhjgpj jelkmfjlzej gmjglk mljefmozjemtk sùprjemgjù ùjemgomgk ùmjgmojzeùpg kùj mojezpùk jm jzej mojmùpg kmùj mojek zmùj ezjpùgkmo ùjk jm jùp j jzmojp k ùzjekoerkgùpkegù pk ùk ùpzkgpùkgpùzjkegpùj pùjkg pzejg pùe, mùzergjkmoeg erjgomejkg egjmoejg ejgmeogj germoj mojgr’rgogtre zermgljrm rdjgkmorjk rekg jergjojg rkemogjerojk lr jomrjthomjekr mojh omjrmo jehmoj moejhmojerh ohjm j omj ermo kjmoj hmorhe jom rhjheomj omjr ohj moejmhorj hmoertjhorjhorl jhjrmt eojoh j reml jho hjre hmojmorh ej hmoj hrmoh jmho j moj ehmo jmo hjmo hrjm ehojhmoh jmoejr omhjm orjehomjh mo jemhj meorjhmorhe kmojme hjmoh rjmoej mohjm oehrjmhj eomrjh emo jemh jomrhjeh morj h herjhliermjeho jem ojehtomjerh orjhmr jlmhekj zmoegjmoze hjgmegjmozjg mojezgojg omrjlmg jm gohjr mzlg hjk ggmro j oim ggmz oegu mog mozg umo g omjg mo jrgo jrmgo moigmoergjm mog oriemr zekhjlihe lehg jzg zmrogjrmo jmljr gomjg jgmr ejj mjegomj gmj gemojg omlrjmejg molj rmoej gomej mjgr omjergmolej gmojg emo jgmgo j mojg mo j mojeom j gomej m oj mjem j omg jemoj om jmoejmo jejmj meoj gmog je gjmr o j moj li hli h u h kug k g ug k g kug kugh hku g ku guyk gkyu g uj ghlki h il khyg kgulh ih j ug luh l uig lih i gh l ujgh li hl ih j g ilh jk b :h jl ikh ;j ghl g mzokrgemo zemgo jg oj mok erjmo gk jke mjrg okerm ljgrem lgkzegmrojmog k mzl,g rjn gmozelrg m gl,rkgmjmg rengmj ,enmkjgrml gnrl gml grenkg mer glkrg ,rgmke jmome lrjmoregjkr gmle grmolrg e,ml g,l gùmklerg, gle, mg k,egmlr ,...

Words: 259 - Pages: 2

Premium Essay

Information Security

...Information security, sometimes shortened to InfoSec, is the practice of defending information from unauthorized access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction. It is a general term that can be used regardless of the form the data may take (electronic, physical, etc...)[1] Two major aspects of information security are: • IT security: Sometimes referred to as computer security, Information Technology Security is information security applied to technology (most often some form of computer system). It is worthwhile to note that a computer does not necessarily mean a home desktop. A computer is any device with a processor and some memory (even a calculator). IT security specialists are almost always found in any major enterprise/establishment due to the nature and value of the data within larger businesses. They are responsible for keeping all of the technology within the company secure from malicious cyber attacks that often attempt to breach into critical private information or gain control of the internal systems. • Information assurance: The act of ensuring that data is not lost when critical issues arise. These issues include but are not limited to: natural disasters, computer/server malfunction, physical theft, or any other instance where data has the potential of being lost. Since most information is stored on computers in our modern era, information assurance is typically dealt with by IT security specialists. One......

Words: 768 - Pages: 4

Premium Essay

Information Security

...Why Information Security is Hard – An Economic Perspective Ross Anderson University of Cambridge Computer Laboratory, JJ Thomson Avenue, Cambridge CB3 0FD, UK Ross.Anderson@cl.cam.ac.uk Abstract According to one common view, information security comes down to technical measures. Given better access control policy models, formal proofs of cryptographic protocols, approved firewalls, better ways of detecting intrusions and malicious code, and better tools for system evaluation and assurance, the problems can be solved. In this note, I put forward a contrary view: information insecurity is at least as much due to perverse incentives. Many of the problems can be explained more clearly and convincingly using the language of microeconomics: network externalities, asymmetric information, moral hazard, adverse selection, liability dumping and the tragedy of the commons. risk of forged signatures from the bank that relies on the signature (and that built the system) to the person alleged to have made the signature. Common Criteria evaluations are not made by the relying party, as Orange Book evaluations were, but by a commercial facility paid by the vendor. In general, where the party who is in a position to protect a system is not the party who would suffer the results of security failure, then problems may be expected. A different kind of incentive failure surfaced in early 2000, with distributed denial of service attacks against a number of high-profile web sites. These exploit a......

Words: 5786 - Pages: 24

Premium Essay

Information Security

...Information Security August 10, 2012 One of the biggest issues in the Information Technology field these days is information security. Today almost anything can be found on the internet. Even like how to videos on how to put in a window, break-into a house, or even hack computers. The digital age has many perks but it also has many down falls to it as well. The perks that we enjoy so much from the internet also leaves us open to identity theft and company information theft. This gives Information Technology professionals a lot to think about when they consider Information Technology. One of the biggest threats facing the IT industries today is the end users non-malicious security violations that leave companies vulnerable to attack. In a recent Computer Security Institute survey, 41 percent of the participating U.S organizations reported security incidents. (Guo, 2012 p. 203-236) Also according to the same survey it was found that 14 percent of the respondents stated that nearly all of their company’s loses and or breaches were do to non-malicious and or careless behavior by the end users. (Guo, 2012 p. 203-236) Some of the end users behaviors that help these threats along were the peer-to-peer file-sharing software installed by the end user that might compromise company computers. Some other examples of security being compromised by end users would be people that use sticky notes to write there passwords down and leave them where other people can see......

Words: 1422 - Pages: 6

Premium Essay

Information Security

...Assessment Information Management Dovile Vebraite B00044098 Department of Business School of Business & Humanities Institute of Technology, Blanchardstown Dublin 15. Higher Certificate of Business Information Management 20/08/2014 Contents What is Information Security? ........................................................................ 3 What are the Goals of Information Systems Security? ….……………………………. 4 How big is the Security Problem? ………………………………………………………………. 5 Information Security Threats ……………………………………………………………………… 6 How to Secure the Information Systems? ………………………………………………….. 7 Conclusion …………………………………………………………………………………………………. 8 Bibliography ………………………………………………………………………………………………. 9 What is information security? ‘’Information security, to protect the confidentiality, integrity and availability of information assets, whether in storage, processing or transmission. It is achieved via the application of policy, education, training and awareness, and technology.’’ (Whitman, Mattord, 2011). Information security is the protection of information and information systems from unauthorised access, modification, disruption, destruction, disclosure, or use. In other words it handles the risk management. The definition of information security is based on the concept that if there is a loss of CIA (confidentiality, integrity and availability) of information, then the person or business will suffer harm. What are the goals of......

Words: 1543 - Pages: 7

Free Essay

Information Security

...This chapter describes how to configure normal-range VLANs (VLAN IDs 1 to 1005) and extended-range VLANs (VLAN IDs 1006 to 4094) on the CGR 2010 ESM. It includes information about VLAN membership modes, VLAN configuration modes, VLAN trunks, and dynamic VLAN assignment from a VLAN Membership Policy Server (VMPS). Note For complete syntax and usage information for the commands used in this chapter, see the online Cisco IOS Interface Command Reference, Release 12.2. * Understanding VLANs * Creating and Modifying VLANs * Displaying VLANs * Configuring VLAN Trunks * Configuring VMPS Understanding VLANs A VLAN is a switched network that is logically segmented by function, project team, or application, without regard to the physical locations of the users. VLANs have the same attributes as physical LANs, but you can group end stations even if they are not physically located on the same LAN segment. Any switch module port can belong to a VLAN, and unicast, broadcast, and multicast packets are forwarded and flooded only to end stations in the VLAN. Each VLAN is considered a logical network, and packets destined for stations that do not belong to the VLAN must be forwarded through a router, as shown in Figure 11-1. Because a VLAN is considered a separate logical network, it contains its own bridge MIB information and can support its own implementation of spanning tree. See Chapter 17, “Configuring STP” in the Cisco CGS 2520 Software Configuration Guide . Figure 11-1......

Words: 11170 - Pages: 45

Premium Essay

Information Security

...Security Issues in Legal Context Discussion 5.1: Privacy in the Workplace The Children's Online Privacy Protection Act, which went into effect date, April 21, 2000, affects U. S. commercial Web sites and third-party commercial Web sites that schools permit their students to access. "COPPA requires "operators of websites or online services directed to children and operators of websites or online services who have actual knowledge that the person from whom they seek information is a child (1) To post prominent links on their websites to a notice of how they collect, use, and/or disclose personal information from children; (2) With certain exceptions, to notify parents that they wish to collect information from their children and obtain parental consent prior to collecting, using, and/or disclosing such information; (3) Not to condition a child's participation in online activities on the provision of more personal information than is reasonably necessary to participate in the activity; (4) To allow parents the opportunity to review and/or have their children's information deleted from the operator’s database and to prohibit further collection from the child; and (5) To establish procedures to protect the confidentiality, security, and integrity of personal information they collect from children. Non-profit sites are not included in the act; however, many are voluntarily complying. The Children's Internet Protection Act went into effect April 20,......

Words: 2799 - Pages: 12

Free Essay

Information Security

...Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Analyzing Man-in-the-Browser (MITB) Attacks The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware do not have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. AD Copyright SANS Institute Author Retains Full Rights Analyzing Man in the Browser Attacks | 1 Analyzing Man-in-the-Browser (MITB) Attacks GIAC (GCFA) Gold Certification Author: Chris Cain, cicain08@gmail.com Advisor: Dominicus Adriyanto Accepted: December 22nd 2014 Abstract The Matrix is real and living inside your browser. How do you ask? In the form of malware that is targeting your financial institutions. Though, the machines creating this malware don’t have to target the institution, rather your Internet browser. By changing what you see in the browser, the attackers now have the ability to steal any information that you enter and display whatever they choose. This has become known as the Man-in-the-Browser (MITB) attack. No one is safe......

Words: 5973 - Pages: 24