I’m studying for my Linux class and don’t understand how to answer this. Can you help me study?
You are working as an IT security professional for an organization (called Web Site 101) that has 300 employees, one large corporate office with three floors. Your organization is a website development company with gross revenue of two million dollars per year.
Recently security problems have become a hot topic with management and you have been asked by the CISO (chief information security officer) to write a security recommendation paper for your organization. Security problems include:
- Data loss due to employee negligence
- Physical break ins
- Employees complain they do not understand what is expected of them from a security standpoint
- The network administrators complain the company allows free access to anything on the network for anyone who asks
- Web Site 101 home Web page was recently hacked
You are to write a paper that identifies the security issues the firm is facing and make recommendations to help correct the security issues at Web Site 101. The paper should cover access control methods, physical access controls, risk assessment, environmental controls, and other items you feel important to ensure future information security at Web Site 101.
Security auditors deploy many of the tools routinely used by penetration testers of an organization’s security staff during their security assessments. The key difference is that they are performed by an independent auditor. Auditors provide an impartial and unbiased view of the state the security landscape of an organization. Using credible sources, outline the rules of engagement (best practices) that a security auditor would follow as an ethical practicing professional (minimum 250 words).