Best IT Documents.com Blog


Building Mission & Vision Statements

Posted in Business (600) by Guest on the April 25th, 2009

Mission statements are defining statements for an organization. An organization exists to accomplish its mission. The mission statement typically defines:

o The business of the organization,

o The product of the organization,

o The customers of the organization.

When stating the mission of the organization, focus outside of the organization, looking at customers, suppliers, and competitors of the organization. Defining the business with a focus on the customer ensures the organization meets the needs of the customers. Defining the business with a focus on competitors ensures the organization does not fall behind its competitors. Defining the business with a focus on suppliers ensures the organization maintains a constant supply of products consistent with the organization’s direction.

Mission statements do not have to be short to be effective.

Vision Statements

While Mission statements define the organization, vision statements state the goals and objectives of the organization. This is a vision of where the organization will be in the future. Vision statements can also be referred to as the organization’s objectives, guiding principles or operating principles.

A good Vision statement has several characteristics:

o Goals are stated concisely,

o goals are measurable,

o The statement is consistent with the organization’s Mission.

Guiding Principles (for a Product Development Organization)

Guiding Principles (for a Product Development Organization)

o Build a strong and sufficient sales and implementation support team

o Be customer driven

o Provide graduated product offerings

o Evolve product to be a fully shrink-wrapped product

o Be a positive contributing profit centre meeting a revenue goal

o Increase use/penetration of product within customer base

o Improve the productivity of the processes within the Organization

Mission and Vision Statements
Often organizations merge the mission and vision statements into one statement, defining the organization and its goals. Generally this is called the organization’s vision.

When combined as a mission and a vision, the statement must define the business of the organization, and set the vision for the future using measurable goals. A combined statement defines the ideal toward which the organization is striving.

An Organization’s Mission and Goals

Mission
The Organization’s Administration serves product producers by assisting them to stabilize their income through the effective and efficient delivery of the Organization’s Program.

Goals
The Organization’s goals are the ends towards which effort will be directed to accomplish its mission:

o Producer-Friendly Administration

The Organization will deliver the Program in a highly producer-friendly manner.

o Quality Service

The Organization will provide excellent quality services to producers and other stakeholders.

o Effective Program

The Organization will maximize the effectiveness of the Program in benefiting participants.

o Efficient Administration

The Organization’s operations will be efficient.

o Delivery Integrity

The Organization will safeguard the integrity of the Program delivery.

o Empowered Staff

The Organization will empower its staff to achieve the Organization’s goals and objectives.

Note on Specifics
The mission statement and goals are combined to create the organization’s vision. Specific names were removed from the sample. The complete vision for the organization is documented in the organization’s strategic business plan. In the strategic business plan, each goal is documented with specific expected measurements and suggested methods to measure the goal.

Comments Off on Building Mission & Vision Statements

What to do with Correlated Data

Posted in Data Center - SOC - NOC,Security (1500) by Guest on the April 19th, 2009

Threat Analysis – This is a process of taking the correlated data and determining what it means and then prioritizing the data. Includes the reduction of False Positives.

 

Forensic Analysis – The ability to analyze correlated events historically for trending and for prosecution.
 

Policy Analysis – Correlation provides a holistic view, providing a complete picture of your security posture.

 

Comments Off on What to do with Correlated Data

Why is Correlation and Threat Analysis Important

Posted in Security (1500) by Guest on the April 16th, 2009

Reduce operating costs through efficiency and better resource allocation:

Monitor existing environment and deploy additional security measures without increasing resources

Improve decision-making processes

Dramatically reduce response times

Avoid the costs associated with a breach

Downtime, theft, or damage to reputation

Maximize utilization of existing security infrastructure

Allows customers to manage their “Best of Breed” products and to truly get the full use those resources

Increase security awareness at all organizational levels

Ensure better overall enterprise protection

Benefits to the Security Organization

Real time view of event data from all systems

Centralized repository for event data from all systems

Provides threat rankings based on severity, allowing the analyst to focus on true threat vs. false alarms

Enhances ability to proactively respond to threat in the fastest time possible, with most complete information

Increases efficiency of security operation, reducing costs

Scales to monitor global networks

 

Comments Off on Why is Correlation and Threat Analysis Important

Tons of free miscellanious Research Documents

Posted in Business (600) by Guest on the April 15th, 2009

As time permits this list of files will increase in content
Download here: All_PPTs.zip 101 Security.ppt
2000 Accounts.ppt
8021x simplified.ppt
Administration of a Windows 2000 Network.ppt
Advanced Windows NT Security.ppt
Application Support with MSI.ppt
Business Data Communications and Networking.ppt
Communications Decency Act.doc
COPPA.ppt
Distributed File System.ppt
Distributed Firewall Architecture.ppt
Download Windows 2000 Performance Tuning & Optimization Part 1.ppt
DSL and Cable Users Need To Know.doc
E-appliance & VPNs.ppt
E-Gov Privacy.ppt
Education.ppt
Email Behind The Scenes.doc
Email Security Issues.doc
General Security Threats.ppt
Group Policy in Windows Server 2003.ppt
Information Security Defense Strategy.ppt
IntroComputerNetwork.ppt
IPSec VPNs The Real World.ppt
M4 Osi-lyrs.ppt
Malicious Information gathering.ppt
MSVista_Overview.ppt
Net Sec.ppt
NT Management.ppt
NT Security Infastructure.PPT
NT Security.ppt
Operating System.ppt
Overview Of Active Directory.ppt
Password Choices.doc
Policies – Procedures.ppt
Secure Framework.doc
SecureWebServer.ppt
Securing Active Directory.ppt
Securing NT – 1.ppt
Security Audit – Concepts and practice.ppt
The Architecture of Computer Hardware and Systems Software.ppt
The Sources Of Threat.doc
Towards Standards.ppt
Troubleshooting with the Sysinternals Tools.ppt
Understanding Users – Groups.ppt
Vendor Management Program – Training.ppt
Virtual Private Networks  GOOD.ppt
VPN 100.ppt
Vulnerabilsity Assessment.doc
W2K Domain Controllers.ppt
What is a policy.doc
What is the Safety of your privacy.doc
Why Education and Awareness.ppt
Windows 2000 Directory Services Overview.ppt
Windows 2000 Internals 3.ppt
Windows 2003 Server presentation.ppt
Windows NT 2k.ppt
Windows Operating System.ppt
WinSecurity.ppt
Wireless Security.ppt
Wizard Windows 2K.ppt
xDSL.ppt
Chap01.PPT
Chap02.PPT
Chap03.PPT
Chap04.PPT
Chap05.PPT
Chap06.PPT
Chap07.PPT
Chap08.PPT
Chap09.PPT
Chap10.PPT
Chap11.PPT
Chap12.PPT
Chap13.PPT
Chap14.PPT
Chap15.PPT
Chap16.PPT
Chap17.PPT
Chap18.PPT
Chap19.PPT
Chap20.PPT
Chap22.PPT
Chap25.PPT
Exchange Topologies.ppt
Intro.ppt
Chap01.PPT
Chap02.PPT
Chap03.PPT
Chap04.PPT
Chap05.PPT
Chap06.PPT
Chap07.PPT
Chap08.PPT
Chap09.PPT
Chap10.PPT
Chap11.PPT
Chap12.PPT
Chap13.PPT
Chap15.PPT
Chap16.PPT
Chap17.PPT
Chap18.PPT
Chap19.PPT
Chap20.PPT
Chap22.PPT
Chap25.PPT
Intro.ppt
Data Communications.ppt
dns.ppt
EIA Wiring.doc
Fast Ethernet Training.ppt
Interconnecting Your Hubs.doc
Internetworking.ppt
Media Access Control and Physical Layer.ppt
OSI 1.ppt
Topology Raw Frames L-1-1.ppt
Unit1-kn.ppt
Unit2-kn.ppt
Unit3-kn.ppt
Unit4-kn.ppt
Unit5-kn.ppt
Unit6-kn.ppt
Unit7-kn.ppt
Unit8-kn.ppt
M1 Comintro.ppt
M10 Lan-tokn.ppt
M11 Lan-noso 8 bw.ppt
M12 bw Lan-impl.ppt
M12 Lan-prod.ppt
M13 10 bw Lan-mgmt.ppt
M14 Lan-wprl.ppt
M16 Lan-dsgn.ppt
M17 14 bw Fddi-1.ppt
M18 Lan-link.ppt
M19 16 bw Dig-nets.ppt
M2 Com-stds.ppt
M20 Mod-dod.ppt
M21 Contplng.ppt
M22 Sec1.ppt
M23 Sec-netw.ppt
M24 Virus.ppt
M25 Mod-futr.ppt
M3 Osi-over.ppt
M5 Lan-over.ppt
M6 Lan-alts.ppt
M7 Lan-act.ppt
M8 Lan-stds.ppt
M9 Lan-8023.ppt
Mod23p.ppt
Comments Off on Tons of free miscellanious Research Documents

Viruses, Spyware and Malware Impacts

Posted in Security (1500) by Guest on the April 14th, 2009

Performance Impacts to your System(s)

Tax – Memory resources
Tax – Processor resources
Pop-ups
Trojans
Malware
Spyware
Greyware
Virus propagation
 

P2P applications / file sharing
Hidden applications
Removal of restore points
Keystroke loggers
 

Results in a:

Compromise use
Compromise data
Compromise email
Compromise confidentiality
System could be used to attack other systems
Shares
Hidden Shares
Hidden Files
Cookies
Keystroke Loggers

 

File system integrity
Un-authorized applications

Countermeasures:

Patch remediation
Antivirus updates
AntiSpyware updates
Virus removal

Policies:

Acceptable use
Restrict website access (firewall)
No USB or CD usage

Comments Off on Viruses, Spyware and Malware Impacts

Sample Visio – Requirements for Security Auditing – Logging Tool

Log Consolidation – Must have the capability to consolidate security logs of various types across platforms and software. Log Consolidation – Must have the capability to consolidate security logs of various types across platforms and software. Log Audit Reports – Intelligent reporting, not just dumps of logs.

Real time problem alerting.  

Centralized security console – where real time alerts are sent and managed.

Automatic scheduling of reports.  

Capability to customize input from non-standard log files.

Remote installation to platforms.

Centralized management console – where configurations, schedules and servers are managed.

Free Document download – Vulnerability Assessment Indentity Flow:

VA_Identity_Flow.vsd

http://www.bestitdocuments.com/IT_Business_solutions.html

Comments Off on Sample Visio – Requirements for Security Auditing – Logging Tool

Blended Threats

Posted in Security (1500) by Guest on the April 12th, 2009

A blended threat is a security attack or threat that uses multiple methods and techniques to propagate an attack
Combine hacking, DoS, and worm-like propagation
Can rapidly compromise millions of machines
Often spread without human interaction
Require multiple layers of protection and response to neutralize

Exploit software vulnerabilities
Email virus
Network virus/worm
Backdoors
Instant Messenger virus
Attack security software
Trojan horses
Network shares
Other digital data threats

Misuse of protocols
Misuse of service ports
DoS based on crafted payloads
Bandwidth or Flood attacks

ICMP echo request Flood
TCP data segment Flood
TCP SYN/RST Flood
TCP SYN Floods
TCP, UDP, ICMP floods
 Buffer Overflows

Protocol Attacks
SYN Flood
ICMP echo reply flood
UDP Flood


Protocol Tunneling
Backdoor Intrusions
Low-bandwidth DoS/DDOS attacks
Logic Attacks
Land attack
Ping of Death
Teardrop

Once a vulnerability is discovered
It rarely, if ever goes away
Vulnerability population decreases over time
But remains a vector for propagation of new attacks
Time from Vulnerability identification to exploit is decreasing

  • Systematic? 
  • Or coincidental side effect of the web?
  • Secure Software?

Unlikely given commercial pressures to perform

Defensive Posture

Vulnerability Scanning
Patch Application
Security Policy & Enforcement
Anti-Virus
Anti-Spam
Anti-Phishing
Host Intrusion Prevention
Network Intrusion Prevention

http://www.bestitdocuments.com/

Comments Off on Blended Threats

Legacy Browser Settings

Posted in Business (600),O S (375),Security (1500) by Guest on the April 11th, 2009

Microsoft Internet Explorer 6.0

Advanced Properties Tab – within Internet Options (the ones that are checked)

Browsing
Always send URLs as UTF-8
Close unused folders in History and Favorites
Disable script debugging
Enable folder view for FTP sites
Enable Install On Demand
Enable Offline items to be synchronized on a schedule
Enable page transitions
Enable third party browser extensions
Notify when downloads complete
Reuse windows for launching shortcuts
Show IE on the desktop
Always underline links
Use inline Autocomplete

HTTP 1.1 Settings
Use HTTP 1.1

Microsoft VM
Java console enabled
JIT compiler for virtual machine enabled

Multimedia
Enable Automatic Image Resizing
Enable Image Toolbar
Play animations in web pages
Play sounds in web pages
Play videos in web pages
Show pictures
Smart image dithering

Search from the Address bar
Just go to the most likely site

Security
Check for publisher’s certificate revocation
Empty Temporary Internet Files folder when browser is closed
Enable Profile Assistant
Use SSL 2.0
Use SSL 3.0
Warn about invalid site certificates
Warn if forms submittal is being redirected

Privacy Tab
Medium High Setting
Blocks 3rd-party cookies that do not have a compact privacy policy
Blocks 3rd-party cookies that use personally identifiable information without your explicit Consent
Blocks 1st-party cookies that use personally identifiable information without implicit consent

Security Tab – Internet Zone

Medium Setting
Safe browsing and still functional
Prompts before downloading potentially unsafe content
Unsigned ActiveX controls will not be downloaded
Appropriate for most Internet sites

Microsoft Internet Explorer 5.0
Advanced Settings Tab:

Accessibility
None

Browsing
Always send URLs as UTF-8
Close unused folders in History + Favorites
Disable script de-bugging
Enable folder view for FTP sites
Enable off-line items to be synchronized on a schedule
Enable page hit counting
Enable page transitions
Enable personalized Favorites Menu
Reuse windows for launching shortcuts
Show friendly HTTP error messages
Show Go button in Address Bar
Show Internet Explorer on the desktop

Underline Links
Always

HTTP 1.1 Settings
Use HTTP 1.1

Microsoft VM
JIT compiler for virtual machine enabled (requires restart)

Multimedia
Play animations
Play sounds
Play videos
Show pictures
Smart image dithering

Search from Address Bar
Display results and go back to the most likely site

Security
Check for publisher’s certification revocation
Enable Profile Assistant
Use Fortezza
Use SSL 2.0
Use SSL 3.0
Warn about invalid site certificates
Warn if forms submitted is being redirected

Security Settings Tab
ActiveX Controls and Plug-ins
Download signed ActiveX controls
Prompt
Download unsigned ActiveX controls
Disable
Initialize and script ActiveX controls not marked as safe
Disable
Run ActiveX controls and plug-ins
Enable
Script ActiveX controls marked safe for scripting
Enable

Cookies
Allow cookies that are stored on your computer
Enable
Allow per-session cookies (not started)
Enable

Downloads
File downloads
Enable
Font downloads
Enable

Microsoft VM
Java permission
High safety

Miscellaneous
Access data source
Disable
Drag and drop or copy and paste files
Enable
Installation of desktop items
Prompt
Launching programs and files in an I FRAME
Prompt
Navigate sub-forms across different domains
Enable
Software channel permissions
Medium safety
Submit non-encrypted form data
Enable
User data persistence
Enable

Scripting
Active scripting
Enable
Allow paste operations via script
Enable
Scripting of Java applets
Enable

User Authentication

Logon
Automatic logon only in Intranet zone

Netscape Navigator 6.0 Advanced Settings
Advanced
Enable features that help interpret web pages:
Enable Java
Enable JavaScript for Navigator
Enable JavaScript for Mail & Newsgroups

Cache
Memory Cache: 4096 KB
Disk Cache: 50000 KB
Compare the page in the cache to the page on the network:
Automatically

Proxies
Manual proxy configuration:
HTTP Proxy:www.buzz.navsup.navy.mil
Socks V5

Software Installation
Enable software installation. (You will be prompted for each update)

Mouse Wheel
Scroll the document by: Use the system default

System
Windows should use Netscape 6 to open these file types:
HTML Documents
JPEG images
GIF images
PNG images
XML documents
XUL documents

Windows should use Netscape 6 to handle these protocols:
http:
https:
ftp:
Chrome:
Gopher

Offline and Disk Space

When starting Netscape 6:
Ask me if I want online or offline mode
When going online:
Ask me if I want to send my unsent messages
When going offline:
Ask me if I want to download messages for offline use

Netscape Navigator 4.76
Security
Show a warning before:
Entering an encrypted site
Leaving an encrypted site
Viewing a page with an encrypted/unencrypted mix
Sending unencrypted information to a Site

Certificate to identify you to a web site:
Ask Every Time

Advanced Security (SSL) Configuration:
Enable SSL (Secure Sockets Layer) v2
Enable SSL (Secure Sockets Layer) v3

Advanced Settings – under Preferences

Automatically Load Images
Enable Java
Enable JavaScript
Enable JavaScript for Mail and News
Enable style sheets
Accept all Cookies
Document in cache is compared to document on network: once per session

Comments Off on Legacy Browser Settings

Unhappy employees Risk Factors

Posted in Business (600),Security (1500) by Guest on the April 10th, 2009

Employees are a greater risk to computer-security for companies than the much-feared hacker, and experts say. Eight in 10 computer-security breaches are caused by staff members, many of whom are simply disgruntled, says a risk consultant

Eighty per cent of IT security breaches are the result of actions by staff

Fifty per cent are disgruntled employees, sitting there with a gripe against the company

Often, they strike back because they feel they are underpaid or are about to be dismissed. Most of the rest do it for fraud, with a small minority of computer-security breaches a result of negligence, he added.

Employees who work closely with the computer system pose the greatest risk. These guys are inside any security measures you put them in. They are trusted personnel, especially IT managers. They are gods on the network and can see any information they want” and, thus, can wreak the most damage.

There are three types of security breaches to which the employer is exposed: Breaches of sensitive or classified information. These can simply be the weapon of a disgruntled employee trying to seek revenge, though fraud is often the motive. Selling a companies proprietary software code to a competitor is a increasingly common example.

Corrupting files by deleting or changing the data is usually the act of someone seeking revenge for perceived mistreatment and it would be very difficult to discover before the damage is done.

 

Encryption is where a vital database is either deleted or encrypted. In the latter case, the data is still there, just inaccessible. An employee, working on a contract basis, who encrypted files so that nobody else could access them once his contract expired. The motive, it was discovered, was he hoped to be offered a new contract to help the company access its “”lost” data. If the encryption is secure, then the company would find it difficult to undo the damage.

Much of the work is done using time-bomb viruses, which kick in only several weeks after the employee has left the organization.

In some cases, negligence — “”lack of education” can also cause security breaches.

People have these IT systems and are taught how to use them but are not necessarily taught about security.

Comments Off on Unhappy employees Risk Factors

Excellent Resource – Vulnerability Assessments

Posted in Application (380),Security (1500),Web Services (250) by Guest on the April 8th, 2009
Comments Off on Excellent Resource – Vulnerability Assessments