Remote Access Security Policy Analysis - 931 Words

Remote Access Security Policy 1) Control Matrix: A listing of the risk and 1 or more countermeasure to address the risk. (200 points) Answer The risks associated with remote access and offsite use of EPHI (Electronic Personal Health Information) can be grouped into three categories: Risks that may occur during: Access Storage and Transmission. Accessing EPHI or Health information ( to view or enter): Risks Countermeasures Brute force user ID and password attacks. Log-on/password information is lost or stolen. This results in improper access, compromising privacy and confidentiality of the data, unauthorized viewing of the data, and tampering of the data. Ensure the strength of the password is strong enough such that it resists brute force attacks. Implement a two-level or multi-level authentication while granting remote access to systems containing EPHI. Generate and use only unique usernames when granting a remote access to a workforce member Unauthorized access to IT systems, applications and EPHI data by employees while working offsite. Conduct security workforce awareness and training program prior to granting remote access. The employees should be granted different levels of access based on their role and job function. Home or other offsite workstations are left unattended which leads to improper access to EPHI. Establish appropriate procedures for session termination. Contamination of systems by infected external device which is used to gain remote access.Show MoreRelatedIs4550 Week 5 Lab1611 Words   |  7 Pagesand Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * IdentifyRead MoreThe Information Security Team Commits Confidentiality, Integrity, And Availability Of Assets1205 Words   |  5 PagesThe Information Security team commits to the confidentiality, integrity, and availability of assets. Even more, security policies clarify how the company intends to protect company assets against similar breaches in the future. For example, the Monitoring and Logging Policy define the following procedures to review: systems logs; access reports; administrator and operator logs; fault logs. Monitoring and logging are important to any information security program. In general, monitoring ensures usersRead MoreEvaluation Of A Central Security Management System Essay1636 Words   |  7 Pagesbased on policy. The responsible security management should provide the policy to the secure agent in the endpoint in response to the attack, or a priori for use when communication with the server is severed. 4.1.4 REMOTE POLICY MANAGEMENT A central security management system defines the configuration of the security controls and functions as a form of a security policy for each endpoint. The security policy is communicated to the secure agent that authenticates and enforces the policy at the endpointRead MoreNt1310 Unit 1 Assignment 11060 Words   |  5 PagesInstall OpenVPN onto Windows Server 2012r2 into the H1 Country Club Network for Remote Access OpenVPN is an open-source software application that implements virtual private network (VPN) techniques for creating secure point-to-point or site-to-site connections and remote access facilities. OpenVPN allows authentication using certificates or username/password. OpenVPN can work in two different modes regarding encryption. It can use static encryption or Public Key Infrastructure (PKI). The advantageRead MoreTft2 Cyberlaw, Regulations, and Compliance1320 Words   |  6 PagesRunning Head: Policy Statements 1 Policy Statements Kevin Corey Western Governors University Policy Statements 2 Internationally security techniques and standards, such as ISO 17799, establish guidelines that organizations must implement in order to maintain information security. Information must be protected from those without a readily need to know to perform organizational business functions. Unauthorized access to information can have a detrimental impact on an organizationRead MoreOne of the Leading Concerns of Todays Businesses953 Words   |  4 Pages Security continues to be one of the leading concerns of businesses today. With increasing interconnection of networks, extending work outside of the traditional office, and electronic commerce with customers the vectors for attacks are growing. A carefully crafted security policy is the first step to securing your enterprise. Upon review of your current business practices we have several recommendations to help increase your security posture. Social Engineering Social engineering is the practiceRead MoreRisk Management Plan For A Risk Assessment879 Words   |  4 Pagesthreats and vulnerabilities †¢ Security †¢ Responsibilities assigned †¢ Recommendations for mitigation †¢ Cost-benefit analysis †¢ Documentation †¢ Milestones The approach to a risk assessment could be done a couple different ways. One of the ways it could be done is by using a what-if analysis that will help to identify the threats and hazards. Use a checklist of known threats and hazards to help determine any threats and hazards you may have. A failure mode and effect analysis could also be done to identifyRead MoreAssessment of the Scada, Stuxnet Worm on US and Global Infrastructures1598 Words   |  6 Pagesspecific devices and programmable controllers down to the manufacturer and operational block level (Network Security, 2010). The Stuxnet worm is widely believed to be designed to quickly navigate the Microsoft-based platform of the Iranian Bushehr reactor and disable it from operating, as this nation is widely believed to be using the reactor to produce uranium for their weapons program (Network Security, 2010). The stealth-like nature and speed of the Stuxnet worm has also been problematic to catch evenRead MoreAssignment : Des igning Technical Safeguards1050 Words   |  5 PagesAssignment 1: Designing FERPA Technical Safeguards Darryl W. Anderson CIS 349 January 15, 2017 In the past, academic and administrative computer systems were isolated, either for security reasons or as a result of limited interconnectivity with other computers. Today, nearly any information that an administrator, teacher, student or parent might is available through a network connection. Course lectures are presented are viewed and students submit their assignments via the internetRead MoreDepartment Of Homeland Security : Access Control Local It Policy807 Words   |  4 PagesHomeland Security Access Control local IT policy 1. Purpose This directive established the Department of Homeland Security (DHS) policy for the protecting the data center from unauthorized access by preventing personnel who are not authorized to use the resources of the organization from gaining access and potentially causing harm. 2. Scope This directive applies to all Tier I staff of the DHS data center. This document provides the minimum DHS level of information systems/computer security requirements