Term Paper: Security Administrator Handbook (Intelligence Security Street Inc)

/ SEC 315 / By /

Term Paper: Security Administrator Handbook

Company/Industry: Intelligence Security Street Inc

SEC 315: Security Assessment and Solutions

Strayer University

Table of Contents:

Section 1: Main Body

Introduction………………………………………………………………………….3

Network Architecture and Security Considerations……………………………3-4

Wireless Security…………………………………………………………………….4

Remote Access Security…………………………………………………………4-5

Laptop and Removable Media Security……………………………………………5

Vulnerability and Penetration Testing…………………………………………5-6

Physical Security……………………………………………………………………..6

Guidelines for Reviewing and Changing Policies………………………………….7

Section 2: PoliciesPolicy statement, purpose, objectives, standards, procedures and

guidelines, responsibilities, review and change management.

Acceptable Use Policy……………………………………………………………..7-8

Password Policy…………………………………………………………………9-10

Incident Response Policy………………………………………………………..10-11

User Awareness and Training Policy…………………………………………..12-13

Security Administrator…………………………………………………………….13

Section 1: Introduction

Purpose of this Handbook

The purpose of the Security Administrator Handbook is to have you as Security Administrator familiarize yourself of the role, policies, and the guidelines of the Intelligence Security Street, Inc. This handbook will help guide and understand the necessity of protocols and what you as a Security Administrator can and cannot do. Compliance with this handbook is obligatory and violation will be taken into corrective actions. This company does reserve the rights to this handbook and may interpret its contents as it sees fit.

Network Architecture and Security Considerations

Network architecture is designed to secure the segmentation of the network and the layers within the security. All considerations are taken into a crucial tendency of the technical support group in the Information Technology (IT) systems.

Procedures and Guidelines

According to Serpanos & Wolf (2011), the procedural guidelines are as follows:

Wireless Security

  1. Developing a network system where the protocol of the infrastructure will communicateunder a high-performing network.
  2. Communication transmission should be efficient and reliable.
  3. Centralize a network paradigm.
  4. A physical layer to control all methods when bit transmission occurs.
  5. Using a Data Link Control (DLC) system in order to find errors and detect fraudulent activities.
  6. Network layer to deliver data in accordance with DLC protocols.

Wireless security allows the network to be safeguarded and prevent any unauthorized user to access the system or damage any data and computer system.

Procedure and Guidelines

Remote Access Security

  1. Obtain a secure unit system with due diligence and ownership of the company.
  2. Use a secure method such as a secure mounting in addition to network security.
  3. Use a radio frequency system, that way the security administrator can locate where the access point of breach is from.
  4. Use Wireless Access Point (WAP).
  5. Use Wireless Encryption Protocol (WEP).

  10. Remote access allows the security administrator to remotely access the network system through another computer and help identify the issue through a remote network connection.

    Procedure and Guidelines

    According to Bruno (2018), Virtual Private Network (VPN) can be easily accessed by visitors and violators. Using the follow security measures must be implemented while using remote access method.

    Laptop and Removable Media Security

    1. Use telecommunication to help company employee users.
    2. Secure the (VPN) for those who use laptops, iPad, smart phones, and any other electronics that may have access to the company’s private network.
    3. Allow only those who are authorized with appropriate verification, credentials, and company provided electronics access to VPN.

    11. There are many risks when it comes to using a portable device such as, controlling and breaching the network system.

      Procedure and Guidelines

      Vulnerability and Penetrating Testing

      1. In order to transfer any data can use a user-friendly system such as a USB device or a flash drive by encrypting the stored information.
      2. Take every precaution and security measures to make sure that no one breaches the system to steal the data.
      3. Security administrator must be the sole person to make the necessary transfers or deletion from the laptop.
      4. This action must be documented and notified to the compliance department to verify the process was complete and within the given guidelines by following all protocol.

      16. A Vulnerability Assessment and Penetrating Testing (VAPT) are two types of tests that are conducted to identify and determine those who access the security system for malicious purposes or any unauthorized user.

        Procedure and Guidelines

        Physical Security

        1. Hackers have the basic knowledge to a high-end knowledge when it comes to breaching a system. Doing the vulnerability test first and penetrating test second.
        2. Vulnerability assessment gives the security administrator that an access is required and can be granted only by a security administrator.
        3. Penetrating testing is just as it sounds, a hacker will try and penetrate the system by bypassing an administrator without granting the permission. When this occurs an immediate shutdown for that device must be implemented.

        18. Physical security is designed to protect from breach, harm, natural disaster, terrorism, theft, and for any other potential threat or vulnerability. Using precautions and taking security measurements to block and protect the software, hardware, data, and other networks.

          Procedure and Guidelines

          Guidelines for Reviewing and Changing Policies

          1. Immediate locking mechanism.
          2. Fencing.
          3. Panic buttons.
          4. Accessing control system and cards.
          5. Biometric access system.
          6. Fire suppression system.
            • Use surveillance camera to monitor and locate the computer system.
            • Use fire sensor such as smoke alarms.

          27. When changing a computer system or password for instance, use proper protocol by identifying the reason for the change, validate any upgrades, conducting any tests, documenting all actions that are small or big, and finally, notify the appropriate authorities such as the compliance department of the changes. Following the rules and regulations according to these guidelines is required by the Intelligence Security Street, Inc and law.

            Section 2: Policies

            Acceptable Use Policy

            Policy Statement

            Obtaining an acceptable use of the network such as the internet must be in compliance reasons of the company’s policy. The organization provides a documentation of all use that are acceptable reasons and in the manner of which the system can and cannot be used.

            Purpose

            The purpose of this requirement is to identify any fraudulent activity and to authorize only those who are intended to use the system.

            Objectives

            All employee who uses the system or has access to the system, must comply and agree to follow the protocol and guidelines of this organization’s stipulation and constraints. Users are permitted only for the required performance.

            Standards

            Use internet access solely for the company’s purpose and not to engage in any personal reasons for the use.

            Procedures and Guidelines

            Responsibilities

            1. Follow company’s values and goals.
            2. Do not abuse the Code of Conduct for Ethical Computer use.
            3. Must use only for official use.
            4. Company reserves all rights to monitor all actions.
            5. Sexual conduct, malicious acts, offensive materials, and other fraudulent acts are prohibited.

            33. Review and Change Management

              1. All permitted employees are responsible for securing their workstation.
              2. Users must secure and change their passwords according to company’s regulations.
              3. Users will wave all rights to attest against the company if not in compliance.

              34. Employees will review the policy annually and the company will provide the necessary training for the review and if any change in management.

                Password Policy

                Policy Statement

                Users must use two methods of password authentication or verification with multifactor password method in addition to upper case, lower case, number, and any characteristics.

                Purpose

                The purpose of the password verification methods is to safeguard and protect the company’s data and security system.

                Objective

                It is to keep it a secret to oneself for the use of official use and not allow anyone to access but the employee of that computer system. User authentication grants the user permission to identify and approve the user.

                Standards

                Following the standards of the organization allows the security administrator to identify the user. The length of the password must be in compliance of the required attributes such as using upper case, lower case, numbers, and characteristics.

                Procedure and Guidelines

                Responsibilities

                1. The user is responsible for all activities on the computer.
                2. Minimum requirement of password lengths.
                3. Periodic password resets and changes must be made every three (3) months.
                4. Password must contain all the required inputs.
                5. Old password may not be used.
                6. Secure their workstation when not in use.

                43. The user will be responsible for not securing their computer, lost password, and will not grant access if not in compliance with the requirement. Corrective actions will be taken into considerations if not in compliance to the policy.

                  Review and Change Management

                  Password resets will be reviewed, any frequent changes made to current passwords will be monitored and investigated. Management will have security administrator to authorize required password reset and the purpose of reset, which may allow only to change three (3) times within the three-month requirement.

                  Incident Response Policy

                  Policy Statement

                  Ensuring security incident response that are reported and documented will be addresses quickly, efficiently, effectively, and orderly.

                  Purpose

                  The purpose of the incident response it to ensure that corrective actions are taken immediately to reduce any other potential incidents in the future.

                  Objective

                  To have an effective approach and be in consistent within the policy guidelines ensures to quickly identify any potential threats, the user, and if any weakness of the security system that may have caused this incident.

                  Standards

                  Incident response reports are documented in order to make sure that there was no breach or violation at the same time following the standards of the company’s rules.

                  Procedure and Guidelines

                  Responsibilities

                  1. Employee must report the incident immediately.
                  2. Documentation must be filled within the employees working hours.
                  3. Response will be delayed if security administrator is not notified immediately.
                  4. Reporting in a time sensitive manner is crucial for the IT department.
                  5. Fraudulent activity may become corrupted and will be unable to identify if not reported immediately for investigation.

                  47. It is the user’s responsibility to report immediately and document the incident within the company’s timeframe. Failure to comply will be solely on the employee. Security administrator’s responsibility is to identify the problem and investigate the incident once it has been reported.

                    Review and Change Management

                    After the incident has ben rectified, team will review with management and investigate further to prevent any further incidents like this. Management will also have security administrator to monitor for any other activity and contact the user for any further information.

                    User Awareness and Training Policy

                    Policy Statement

                    The user is made aware the uses of the organizations network usage and the policy are in place inform the users to understand and the necessary trainings given to the employee.

                    Purpose

                    The purpose of the user awareness and training given to current and new employees to oblige with the rules and regulations that are signed and consented prior to the hiring process.

                    Objective

                    User has the knowledge of the required information and the necessary training provided by the company. Resources are provided to eliminate any breaches and training is provided to be in compliance of the requirements.

                    Standards

                    Understanding the standards of how the organization is functioned and the purpose of the requirement is based upon how the company should run.

                    Procedures and Guidelines

                    The procedures and guideline are followed according to D, Hovav, & Galletta (2009):

                    Responsibility

                    1. Reduces errors.
                    2. Restricts improper use and behavior.
                    3. Education in security.
                    4. Gives employee the responsibility of every act.
                    5. Briefings, e-mails, and newsletters are provided to guide the employee.

                    52. Organization is responsible to ensure that all employees are aware and UpToDate. Security administrators are in place to make sure that the employee is responsible to accept and following in accordance to the rules and regulations once the information is provided to them.

                      Review and Change Management

                      Boards will review with management for any updates, upgrades, and training that are new and necessary for the employees. Not in compliance with organization will also be reviewed.

                      Security Administrator

                      A security administrator is employed to ensure that the organization is safe and balances the shape of the employees that works for the company. The administrator goes back as many decades and has been a great addition to all companies that use technology. As technology grows, so does the knowledge of a security administrator. According to Goodwin (1950) it has been effective even a decade ago at that time. During that time, an administrator performed well with out any computer and using the computer system today allows them to remotely access and identify any problems within the system. Comparing an administrator from 1950 to today, 2019 has a whole different meaning but serves the same purpose for the goals, visions, and mission of the company.

                      References

                      Bruno, R. (2018). Remote Access Security: Proxy by Hostname to the Rescue! Computers in

                      Libraries38(5), 20–23. Retrieved from

                      http://libdatab.strayer.edu/login?url=https://search.ebscohost.com/login.aspx?direct=true&db=ccm&AN=130171051&site=eds-live&scope=site

                      D, A. J., Hovav, A., & Galletta, D. (2009). User Awareness of Security Countermeasures and ItsImpact on Information Systems Misuse: A Deterrence Approach. Information SystemsResearch20(1), 79–98. https://doi.org/10.1287/isre.1070.0160

                      Goodwin, R. C. (1950). The Administrator’s Responsibility for a Balanced Employment SecurityProgram. Labor Law Journal1(14), 1108. Retrieved from

                      http://libdatab.strayer.edu/login?url=https://search.ebscohost.com/login.aspx?direct=truedb=bth&AN=9261441&site=eds-live&scope=site

                      Serpanos, D. N., & Wolf, T. (2011). Architecture of Network Systems. Burlington, MA: MorganKaufmann. Retrieved fromhttp://libdatab.strayer.edu/login?url=https://search.ebscohost.com/login.aspx?direct=tru&db=nlebk&AN=353481&site=eds-live&scope=site

Place an Order

Plagiarism Free!

Create an Account

Create an account at Top Tutor Online

  • Allows you to track orders.
  • Receive personal messages.
  • Send messages to a tutor.
Create Account

Post a Question/ Assignment

Post your specific assignment

  • Tutors will be notified of your assignment.
  • Review your question and include all the details.
  • A payment Link will be sent to you.
Post a Question

Wait for your Answer!

Make payment and wait for your answer

  • Make payment in accordance with the number of pages to be written.
  • Wait for your Answer as a professional works on your paper.
  • You will be notified when your Answer is ready.
💙🤍💚

Related Posts

Scroll to Top