Security Information
Class XXXX, Section XXXX, Fall 2013
Self-assessment
It is necessary to evaluate quantitative indicators that define the state of the Information Technology infrastructure. Information assurance metrics is not studied enough. The assurance level of IT infrastructure is evaluated by subjective considerations. In accordance with study carried out by Shrock, the categories that are presented in the majority of offered metrics include security, quality of service, and availability. The notion of security includes integrity, authentication vulnerability, and confidentiality. Quality of service means band width, jotter round trip time and a delay.
Shrock claims the necessity to define purpose, meaning and taxonomies of IA metrics. The most successful taxometrics from Seddighs viewpoint are the WISSRR 2001 workshop.
Shrock proposed the key attributes of IT infrastructure namely: security, quality of service, and availability. As the ability of IT network to exchange data between users is highly influenced by these 3 factors.
Information Assurance Metrics aspects that can be presented in three main categories: security, quality of service and availability. Every of these categories can have the same 3 sub-categories such as organizational measures, technical elements and operational practices.
The issue of security and quality of service and information availability aspects are presented in the current template. However, it is necessary to point out that additional clarification of the template is necessary as well.
Read more about Research Paper Writing Help for Any Student. Feel free to order your paper from Essays-Services and forget about your worries.
Security and Quality of Service
Security Screening Personnel
Question 1. Are new employees background-screened with a Finger Print Back Ground Check? A. All Staff are screened (2 points) B. Only some staff are screened (1 point) C. No Staff are screened (0 points) Question 2. Do all employees submit the complete hiring pack with two forms of ID?
A. Yes (2 points)
B. Sometimes (1 point)
C. No (0 points)
Question 3. Do all members of the staff submit the signed MHAS confidentiality statement?
A. Yes (2 points)
B. No (0 points)
Question 4. Are Incident Response Staff Training Procedures organized
on regular basis?
A. Yes (2 points)
B. Rarely (1 point)
C. Never (0 points)
Question 5. Are Hardware Malfunction, suspected Malicious Program and Incident Reporting Procedures?
A. Currently used (2 points)
B. Rarely updated (1 point)
C. Never (0 points)
Question 6. Is application of information system backup policies of server, testing and employee workstation?
A. Regular (2 points)
B. Rare (1 point)
C. Seldom (0 points)
Question 7. Is an inventory of sensitive data of all areas completed in accordance with the CSU Sensitive Data Audit?
A. Yes (2 points)
B. No (0 points)
Security standards of computing device Information
Question 8. Do computers remote and mobile devices comply with the computing device security standard?
A. Yes (2 points)
B. No (0 points)
Security Information and Event Log Management
Question 9. Are there any established written, for all procedures for analysis of security event logs that can assess potential vulnerability of network?
A. Yes (2 points)
B. No (0 points)
Question 10. Is the review of event logs concerning the security information done regularly?
A. Yes (2 points)
B. No (0 points)
Question 11. Are actions on security events taken in a timely manner?
A. Yes (2 points)
B. No (0 points)
Question 12. Are the formal logging procedures verified during the year?
A. Every month (2 points)
B. Once in 3 months (1 point)
C. Never (0 points)
Information availability
Question 13. Are the business operations continuity plan established for all departments during the previous year?
A. Yes (2 points)
B. No (0 points)
Question 14. Is there CSU executive order?
A. Yes (2 points)
B. No (0 points)
Question 15. Are the resources that are stored on shared drive protected from accidental deletion, misuse and non-authorized modification?
A. Yes (2 points)
B. No (0 points)
Question 16. Do all employees have equal access to documents on the shared drive?
A. Yes (good) (2 points)
B. No (0 points)
Question 17. Are Savings and Deleting permitted only to senior staff?
A. Yes (good) (2 points)
B. No (0 points)
Question 18. Is the file accessible only to one employee at a time?
A. Yes (2 points)
B. No (0 points)
Recommendations for the Numbers of Point Collected
0-15 points:
The number of points that have been scored testified to the fact that your IT infrastructure is vulnerable in terms of quality, information availability and, what is more important, security.
Improvements are also necessary in terms of security screening, it is important to implement all Finger Print Back Ground Check procedures as well as singing of MHAS statement and hiring pack. Additionally, an inventory of sensitive data of all areas has to be completed.
The security has to be maintained through review of event logs and verification of logging procedures. As far as information availability is concerned, it is necessary to apply business operations continuity plan, CSU order and ensure protection of shared drive from misuse.
15-25 points:
The number of points scored indicates that additional attention should be drawn to the issue more regular and profound preventive measures in terms of security, information availability and quality. It is advisable to fulfill timely and to do the regular check of the security procedures and ensure in-time analysis of incidents.
25-36 points:
The number of points received indicates that the general most applicable measures are taken. However, it is possible to apply for the additional measures in order to increase the protection level of IT infrastructure.
