Вы находитесь на странице: 1из 2

Chapter 12 Apply your knowledge 3 It looks that Robin Hood should use the Capacity planning which is a process

that monitors current activity and performance levels, and forecasts the resources needed to provide desired levels of service. Robin Hood first priority should be to develop a base model based on workload and performance specifications. Then you project demand and user requirements over a one to three year time period and analyze the model to see what is needed to maintain satisfactory performance and requirements. 1. The CASE tools include system evaluation and maintenance features, including: Performance monitor that provides data on program execution times. Program analyzer that scans source code provides data element cross-reference information, and helps evaluate the impact of a program change. Interactive debugging analyzer that locates the source of a programming error. Reengineering tools. Automated documentation. Network activity monitor. Workload forecasting tool. 2. Robin Hoods IT department should ask if they see one of the following signs: The systems maintenance history indicates that adaptive and corrective maintenance are increasing steadily. Operational costs or execution times are increasing rapidly, and routine perfective maintenance does not reverse or slow the trend. A software package is available that provides the same or additional services faster, better, and less expensively than the current system. New technology offers a way to perform the same or additional functions more efficiently. Maintenance changes or additions are difficult and expensive to perform. Users request significant new features to support business requirements. 3. Physical Security Special attention must be paid to critical equipment located in operations centers, where servers, network hardware, and Perimeter security is essential in any room or area where computer equipment is operated or maintained. Network Security Data must be encrypted. Network traffic can be intercepted and possible altered, redirected, or recorded. Private Key encryption is symmetric, because a single key is used to encrypt or decrypt data. A public key encryption is asymmetric because it uses a pair of keys: a public and a private key. Wired Equivalent privacy requires each client to use a special, preshared key. WPA2 would be a great improvement because it is the industry standard that has major improvements based on the protocols created by the Wi-Fi alliance. Application Security protect all server-based applications. They need to analyze the applications functions, identify possible security concerns, and carefully study all available documentation. Understanding of services, hardening, and applications permissions input validation techniques, software patches and updates (third party software with automatic updates for vulnerabilities, but it is costly), and software logs (including system error messages, login histories, file manipulation and other information to help find the attacker). Disable applications not needed as part of the services. Hardening helps to remove unnecessary accounts, services, and features. Also includes antivirus and antispyware software and remove malware. Application permissions allow unrestricted access for a super user or admin. To prevent unauthorized or destructive changes the application should be configured so that non privileged users can access data but not make changes to build in functions and configurations.

File Security They need to configure settings, users personal information, and other sensitive data are stored in files. EFS which is fully implemented on Windows 7 professional, to encrypt and limit access data by changing properties for tthat folder of document. Establishing permissions for the proper employee should be looked at. The most common permissions are read a file (read contents of a file), Write a file (change the content of a file), Execute a file(able to run a file, if its a program), Read a directory (list the contents of a directory), write a directory (can add or remove files from a directory). The system Administrator along with management approval should be used when giving out selected permissions with access. If an employee leaves there access needs to be taken out of the loop. Specific users should be added to specific User groups rather than just to individuals. User Security A privileged escalation attack happens when a users account has been compromised which is where they try to increase user access to get in. Use identity management to control the procedures necessary to identify legitimate users and system components. Identity management strategy must have balance technology, security, security, privacy, cost, and user productivity. Password protection with minimum lengthens and making them complex by using shit and number keys in the password. Furthermore social engineering can be used where the hack basically interview the needed information from the unexprecting employee to gain unauthorized access to the company. Pretexting is commonly used. It is best to use proper training to employees and there awareness of the potential threat and what policys are put in place to prevent it. User resistance is used to make everyone in the company aware and our commitment to security and make them feel they are a real part of it so that through using better passwords and be more alert to security issues and for the company to be successful in there security program. New technologies such as biometrics, security tokens to increase security. Procedural Security (operational security). Management must work to establish a corporate culture that stresses the importance of security, and how task is to be performend from e-mails to large scale backups. Protecting oneself from dumpster diving attacks, and providing need to know policies by limiting important information.

Вам также может понравиться