[SOLVED] Discussion 1 Replies
Im studying for my Computer Science class and dont understand how to answer this. Can you help me study?
please read below posts and provide replies to each one in 125 words.No need to provide answer to the main question.Just go through the below student posts and reply accordingly.
Main que:
Your boss mentions that recently a number of employees have received calls from individuals who didn’t identify themselves and asked a lot of questions about the company and its computer infrastructure. At first, he thought this was just a computer vendor who was trying to sell your company some new product, but no vendor has approached the company. He also says several strange e-mails requesting personal information have been sent to employees, and quite a few people have been seen searching your company’s trash dumpsters for recyclable containers. Your boss asks what you think about all of these strange incidents. Respond and be sure to provide recommendations on what should be done about the various incidents.
Ka-The organization must develop the information security awareness programs and training and then provide guidance and advices to their employees in requiring the policys clarification. Also, the policy will need to be developed in encouraging employees in raising the possible information security problems or issues with the managers immediately. Security measures or precautions likely emails that contain the information which is been classified, as the organization confidential, should be encrypted when is sent external of the network of the organization. To an utmost extent likely, emails from company will not ask any of the sensitive or the personal data or information, that will be usually requested in the phishing attack likely in the given scenario or case where employees received emails and were asked about personal information and the attacks will needs to be reported to IT or the company Infrastructure security department immediately. The site might obtains personal information from unsuspecting clients or installing the malicious software and those circumstances will need to immediately reported in protecting the company data theft or loss. (Bazzell & Carroll, 2016)
Moreover, company should take the measures by monitoring internet transmission on the networks will include tracking internet sites that are been visited, the content of the information or the messages received or sent, the time spent by individual employee on internet through company property and other actions of the Internet usage. Any of the evidence of the misuse of information by employee must be reported as violation. Sensitive or confidential information is been transmitted over internet should be encrypted. Any downloaded software should comply with provisions of company computer software and hardware requirements.
Phishing is an attempt for acquiring the sensitive information like as username, passwords and the credit card information, often for the malicious reasons by hidden as trustworthy individual in electronically communication like as email. (Kenneth, Heather & Richard, 2017) Associates of company must take responsibility to recognize the phishing scams or attacks. Passwords should be changed very often most likely for every 2 or 3 months and the strong password should be set for the accounts. As attacker in the scenario were searching company scrap dumpsters, so the documents shred services should be in the place in destroying any of the documents that will contain the sensitive or the personal information or any sort or type of the confidential information that will be usually from the fax. Place dumpsters in the area where they could be monitored likely by arranging the electronic detection device that include the motion sensitive camera. Measures could be taken by the implementing of infrastructures network with firewall, Proxy system, Gateway will reduces the risks of the attacks.
she-Corporate organizations are becoming susceptible to cyber-assaults every day because of a lack of proper security. Securing IP addresses, organization exclusive records, and Employee information is most important to no longer fall as a victim to cyber-assaults.
To keep in a massive picture it is greater vital to at ease information inside the agency because the crucial statistics are disclosed to all employees rather than the key gamers are the principle motive for facts breaches.
To conquer breaches and attacks:
Companies ought to have a privateness coverage up to date were the best key personnel can get admission to the records and for the employee-owned devices which cause extra threats must have an audit path created. So with this, we will realize the statistics of login and the person that accessed the device at some particular time.
The organization must educate its very own personnel about the statistics breaches and precautions to ease the data for which they have to get right of entry to. All employees should be nicely informed approximately data sharing, data protection, and online behaviors.
They have to have the right information about what is going on of their gadgets and if there is a suspicious activity spotted it ought to be without delay mentioned to a network protection or help group.
Most importantly IT branch has to be proactive to take steps beforehand like facts encryption, sensitive statistics with encrypted keys, controlling get admission to the employees and all of the information must ultimate with the enterprise.
Recently forensic professionals have been investigating Yahoo data breach prompted in past due February this yr.500 million bills have been hacked the usage of cast cookies which allow gaining access to money owed without coming into passwords. The hacked information includes the date of births, solutions to security questions and all email addresses.
This breach is prompted due to the usage of or taking those forged cookies via the consumer account which is a third-party breach. Having regarded these records about malicious assaults proper precautions and green steps to be taken and endorsed which I stated above.
