Security Controls And The Utilization Of Technical And...

3.4.1 Control Methods Security controls include the utilization of technical and nontechnical strategies (NIST, 2002). Technical controls are protections that are consolidated into PC hardware, programming, or firmware such as access control mechanisms, ID, encryption techniques and intrusion detection program or software). Nontechnical controls on the other hand are administration and operational controls that includes security approaches; operational methodology; and physical and environmental security NIST, 2002). SunTrust Bank should implement technical controls with respect to how information and data are being encrypted, what program is being utilized to identify any intrusion to their network and system and how customers/clients are being verified. Concerning nontechnical control, SunTrust administration should provide appropriate security controls for every resources and assets in the organization. 3.4.2 Control Categories NIST classified both technical and nontechnical control techniques as either preventive or detective. Preventive controls restrain attempts by the attackers to damage security strategy and policy such as access control authorization, encryption, and validation (NIST, 2002). Detective controls, however, should caution of violation or attempted violations of security such as audit trails, intrusion detection methods, and checksums NIST 2002, p.20). Hence, SunTrust bank should endeavor to enhance their intrusion detection system or IDS forShow MoreRelatedInformation Data Backup Challenges At The High Level Management1507 Words   |  7 Pages...................................................4 3.1 Risk hedging†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.4 3.2 Risk avoidance†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.4 3.3 Risk control†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.4 3.4 Risk assumption†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.4 3.5 Risk reduction†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.4 3.6 Risk Sharing†¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦Ã¢â‚¬ ¦.4 3 Possible Strategies for Risk Mitigation...........................................................................................................................5 4 RolesRead MoreSoftware Architecture in Banking8917 Words   |  36 Pagesbe interacting with other systems and so the new system will need to perform fast enough to allow everyone to complete the necessary tasks. Also, the reliability and security of the system are two of the most important thing to focus on. The system needs to be reliable such that it does not crash and has a very high uptime. The security is important because banks hold a large amount of private information. If this private information became available to people who should not have access, the companyRead MoreManagement of Information Systems8243 Words   |  33 Pageswhy managing their typical resources such as equipment and people are important, it is worthwhile to take a moment to examine the growing interdependence between a firm’s ability to use information technology and its ability to implement corporate strategies and achieve corporate goals. Specifically, business firms invest heavily in inform ation to achieve six strategic business objectives: †¢ Operational excellence †¢ New products, services, and business models †¢ Customer and supplierRead MorePrinciples of Information Security, 4th Ed. - Michael E. Whitman Chap 0118683 Words   |  75 PagesLicensed to: CengageBrain User Licensed to: CengageBrain User Principles of Information Security, Fourth Edition Michael E. Whitman and Herbert J. Mattord Vice President Editorial, Career Education Training Solutions: Dave Garza Director of Learning Solutions: Matthew Kane Executive Editor: Steve Helba Managing Editor: Marah Bellegarde Product Manager: Natalie Pashoukos Development Editor: Lynne Raughley Editorial Assistant: Jennifer Wheaton Vice President Marketing, Career Education TrainingRead MoreCissp Dictionary8729 Words   |  35 Pages(Triple DES): An enhancement to the original DES algorithm that uses multiple keys to encrypt plaintext. See also DES. AAA: Shorthand for the system controls authentication, authorization, and accountability. Abstraction: A process of viewing an application from its highest-level functions, which makes lower-level functions abstract. Access control: The ability to permit or deny the use of an object (a passive entity such as a system or file) by a subject (an active entity such as a person orRead MoreHuman Resources Management150900 Words   |  604 Pagesmanagement of human resources (HR) increasingly is being seen as positively affecting performance in organizations, both large and small. A joint venture between General Electric and a Japanese company, GE Fanuc is a manufacturer of factory automation and control products. Headquartered in Virginia with 1,500 employees, the HR department primarily performed administrative support activities. But when Donald Borwhat, Jr., took over as Senior Vice President of Human Resources, he and his staff began by restructuringRead MoreData, Analytics, and Competitive Advantage14733 Words   |  59 Pagescan acquire technology—but data is oftentimes considered a defensible source of competitive advantage. The data a firm can leverage is a true strategic asset when it ’s rare, valuable, imperfectly imitable, and lacking in substitutes (see Chapter 2 Strategy and Technology: Concepts and Frameworks for Understanding What Separates Winners from Losers). If more data brings more accurate modeling, moving early to capture this rare asset can be the difference between a dominating firm and an also-ran.Read MoreManaging Information Technology (7th Edition)239873 Words   |  960 PagesSTUDY II-4 Mining Data to Increase State Tax Revenues in California CASE STUDY II-5 The Cliptomaniaâ„ ¢ Web Store: An E-Tailing Start-up Survival Story CASE STUDY II-6 Rock Island Chocolate Company, Inc.: Building a Social Networking Strategy CASE STUDY III-1 Managing a Systems Development Project at Consumer and Industrial Products, Inc. CASE STUDY III-2 A Make-or-Buy Decision at Baxter Manufacturing Company CASE STUDY III-3 ERP Purchase Decision at Benton Manufacturing