Critical Thinking About Employee
Why is leadership outlook on security critical to employee buy-in at all levels?
Establishing a security culture within the company can mitigate risk to employees on the site and off the site at home. Security meeting with all personnel to discuss security concerns can help identify risk and implement corrective and defensive actions for employees. Different departments have different levels of security required for the success of the project. Ensuring the training and execution of employee security increases the integrity of the project.
Example: the threat to secure information off-site is a high-level concern for the company and management. An employee in a leadership position takes a secure laptop home for off-site work and the laptop is compromised by a third-party user all information is exposed for absorption. If the company takes more effort in securing the information on a company server allowing remote access through secure FOB login increases the security of the information from third-party exposures.
Order custom essay Critical Thinking About Employee with free plagiarism report
450+ experts on 30 subjects
Starting from 3 hours delivery
How can the CIA triad of security be applied to an organization and not just a single system?
In the effect of confidentiality, the level of security is set to the employee access to information at that level if needed. Throughout the organization, this rule of confidentiality must apply for the organization not to take on a loss. Information will be shared between departments on a level to level bases or by authorized request for the change in the level of security related to the information purposes.
Integrity in an organization can be recognized by the digital fingerprinting. Digital fingerprint applications can be used to ensure the security of the data information has not been changed by an unauthorized user. If an attack has taken place the fingerprinting of the drive can reveal if the information has been modified or changed and then can be gathered for evidence of an infraction in the system.
The Availability of the system is very important for handling threats in the moment and in the prediction of a threat. The assurance of the system is available for the security of the information data using service-oriented architectures can be applied to smaller companies as well as larger ones. Smaller companies focusing on the effort of security to uptime availability will help smaller companies against greater threats.
What privacy issues should be considered with employee access to software systems even when the software is housed within the organization?
The reason for the employee access being so important falls on the fact of accessibility. The employee already has access to the system on site and access to end-user consoles. If the employee is relieved of their duties as a worker on the project the treat surfaces as a bad actor and information being extorted and taken off-site. SQL injections become a threat to the system because of port accesses to the system. Once the employee is relieved all access to the system should be locked out and immediately reviewed under access history.
How should the consideration of organization loss be implemented in the software development process?
Software development takes on a high-risk factor while in the development stage. Project managers must plan to mitigate the risk to the project. Analyzing the build and the implementation of software being added to the development can help protect against bad decisions. Risk management can be known to identify risk, classify and priorities, plan, monitor for triggers, mitigate action, communicate up the chain. Following and executing these planned steps can help mitigate organizational loss during and after the development stage of the project.
What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
In the effort to promote a security policy will take making clear that security is the responsibility of all personnel. Making a clear stand and backing management in enforcing the policy shows accountability at the highest level of the organization. Promoting security training and awareness meetings for all employees is a great step. Organizational moral can be a big part of the promotion for security policies being introduced. Hold weekly or monthly employee seminars that show examples of bad decision making with results of the impact for training. Educate employees about off site risk and the effects on the organization if impacted. Customizing the security policies to fit the employee everyday tasking within the company can have great results. Implementing a rewards program for motivation of employees is a great management strategy. Making employees fell ownership in the security of the organization can increase integrity for security of the company.
Why is the Web such a large attack surface? What are four things that can be done to reduce the attack surface for a web application?
The web is a changing everyday and the network is under constant new threat. Preventing attacks on a surface as large as the web is almost impossible. The speed in which analyzing and identifying new threats are way to slow to the time in which they are being created. The reason for this is because of the failure of the attack also creates a learning curve for the next attack. The most feasible plan of prevention would be to implement updated patches where the attacks have occurred to shrink the attack surface. Eradicating vulnerabilities can help mitigate opportunity for attacks in the same manner using the same software of injection sites. Eliminating none used data in the network can close access form dormant malware in the system. Installing anti viruses’ software can create continuous monitoring of the system for malware and stealth attacks.
What are the three security issues with utilizing client-side plug-ins in a web application? Give examples to support your conclusion.
Client-side plug-ins help end user view files and data on the operating system. First these plugins have their own amount of data that will have to be added to the operating system in order to function. In this case changes would be made to the system that could over whelm the buffer causing buffer overflow. Second these changes made by the client plugin is considered to be a security breach because of the third-party software. The use of a streaming video with HTML properties can be injected with malicious code by an attacker, if accessed through the system can absorb personnel data.
Summarize the risks of using JavaScript in a web application from a security perspective.
JavaScript has the capability to alter the system without the help of the end-user for success. JavaScript has the ability to send and receive information from the server and if corrupted can control the traffic lines of communication. The vulnerability is great because if JavaScript is corrupted it can be used to gather important information and reroute that information through HTTP or HTTPS connections. The biggest concern to me is the ability to control domain access changing of authentication to the system.
What limitations should be placed on system output to prevent information leakage in a web application?
Simplify- use development code that has minimal attack surface and is sufficient for a successful development. Control and minimize port access to the system for security purposes and annual scans of the system.
Restrictions- implementing restrictions to the access to the system can increase integrity. Every user should have lesser access privileges than the administrator. Access permissions should be strictly controlled by administrator only to prevent data leakage. Access given to the third party should be monitored and once completed all permissions will be removed and reviewed for data leakage.
Scrub- scrub all older data from the system that is not in use because of information transfers by use plugins. Run scan on the system to review access and remove changes to the operating system for normal running setting.
What are the security issues surrounding the use of apps on mobile devices to connect to a web application? What are three steps that can be taken to increase security around the use of app interfaces?
Mobile devices have apps which stand for applications that can be used on an operating system be simply connecting to them through designed interface. Theses web applications on mobile devices can serve as content host and deliver them as soon as they are connected. Hacker will take advantage of these opportunities to inject an employee’s mobile device to gain access to an organizations organizational network.
Increasing the security of the app interface will be first secure application coding. Encryption of the application coding can make it hard for hackers to read. Test for code vulnerabilities before use or connecting to the organizational network. Validation of the application before you buy and download to mobile device can increase the security.
Second- making sure to secure all network connections through implementing security measures and monitoring of data traffic in and out the system. Controlling unauthorized access to the system and data can improve protective measure of security installed.
Third- when an organization implements a policy of bring your own device, they should be using extra security measures as well. Implementing a VPN to have a secure connection will prevent attackers from using an unsecure network of a device by an employee. Block all unauthorized devices and let there be no exceptions to this rule. The use of a mobile developer can assist in this issue and increase the chances of success.
Cite this Page
Critical Thinking About Employee. (2023, Feb 14). Retrieved from https://phdessay.com/critical-thinking-about-employee/
Run a free check or have your essay done for you
