Unit V Assessment responses

1. Organizations face many challenges when trying to combat malware and hacker attacks. Name and describe five policies that can help ward off these types of security issues. 
Your response should be at least 200 words in length.

Malware is a malicious software program such as a computer virus, worm, or Trojan horse that attacks or attaches itself to other software programs to destroy data, clog memory, reformat hard drives, or cause a the program to not run properly (Laudon & Laudon, 2016, p. 308) A hacker is someone who attempts to gain or gains access to a computer system without authorization. They do this by seeking out and exploiting weaknesses within an organizations security measures (Laudon & Laudon, 2016, p. 312).

One way an organization can protect itself from a hacker is by employing the use of a firewall. A firewall is a combination of hardware and software that is used to prevent hackers from gaining access to private networks by controlling the incoming and outgoing communications traffic (Laudon & Laudon, 2016, p. 328).

Encryption and Public Key Infrastructure systems can be used to prevent hackers from accessing private servers and information. Encryption transforms data into a cipher text which cannot be read by anyone other than the individual sending the information or the individual intended to receive the information due to the use of an encryption key. Public key infrastructure is the use of public key cryptography or digital certificates and a certificate authority to validate a user’s identity to gain access to systems and information (Laudon & Laudon, 2016, p 331).

Another way to protect against hackers and malware is through the use of intrusion detection systems. These systems are used to identify suspicious network traffic and attempts to breach databases and gain access to files. They full-time monitoring tools that are strategically placed at a networks most vulnerable points and can be programmed to shut down a section or entire network if unauthorized traffic is discovered (Laudon & Laudon, 2016, pp 328-329).

Antivirus and antispyware software technology protects information systems by preventing, detecting, and removing malware, viruses, worms, spyware/adware, and Trojan horses. A downside to antivirus software is that it is only effective against viruses and malware that has already been discovered therefore it must be updated continually. Because of this disadvantage a company needs to incorporate additional protection in order to prevent a system from being corrupted in the event that an unknown virus attacks their system (Laudon & Laudon, 2016, p 329).

Reference:

Laudon, K. C., & Laudon, J. P. (2016). Management information systems: Managing the digital firm (14th ed.).

2. Differentiate between a security policy and an acceptable use policy. Be sure to provide examples of what each might contain.

Your response should be at least 200 words in length.

A security policy is a statement that an organization creates that identifies and ranks information risks, acceptable security goals, and the mechanisms for achieving those goals (Laudon & Laudon, 2016, p. 324). An example of a security policy is the computer based training that the Air Force mandates that their service members take in order to use their network and equipment. The training itself provides information on how to handle privacy act information, proper use of different communications platforms and the risks associated with those platforms. You must then take and pass an examination covering all areas discussed in order to obtain a certificate of training that is sent to the network administrators who then grant access to the domain.

An acceptable use policy defines the acceptable uses of information resources and computing equipment that a firm contains. This policy outlines the dos and don’ts of how employees may use the company’s computers, peripherals, and the information contained within them. It also sets the rules regarding privacy, employee/user responsibilities, as well as personal use of the organization’s equipment and network (Laudon & Laudon, 2016, p. 324). An example of an acceptable use policy is a form that outlines an organization’s use policy which is given to an employee. The employee is then required to read and acknowledge, by signature, this form that is then kept on file for use in the event that an employee violates the policy. The Air Force uses this type of process for their use policies for various communications platforms to include government cell phones, secure networks, and land mobile radio equipment.

Reference:

Laudon, K. C., & Laudon, J. P. (2016). Management information systems: Managing the digital firm (14th ed.).

Place an Order

Plagiarism Free!

Scroll to Top