Evaluate the physical, logical, and behavioral security (as explained ?in the assigned textbook reading) of your current or a past workplace. ?You may instead use a family member or friend

1

IT510 * Unit 6 Reading PDF This is the last unit in the course! Welcome to the last unit reading document. The work this week wraps up your knowledge of systems projects with a letter and proposal, security concerns, and the investigation into testing, maintenance, auditing, and conversion.

Email Email can be sent internally or to people outside of the organization. Subject lines must be descriptive of the content contained in the email. A salutation and signature are crucial elements. When creating an email for a school assignment, use the format shown below.

Subject: Descriptive of Content ———————————————————————————————————————- Dear recipient's name, The first paragraph is brief and explains why you are writing the email. Keep paragraphs short and focused. Single-space them, leaving a blank line between paragraphs and sections of the email for readability. End with a brief conclusion, which may be a thank you or an indication that you will follow up with another email or phone call soon. Your first and last names Job title or company (if applicable to the email)

Example:

Subject: BYOD suggestion for the Alpaca Scout leaders ——————————————————————————————————————— Dear Ms. Chen, In reviewing your technology needs, it was noticed that a few Alpaca Scout leaders wondered if they could use their own tablets or laptops to complete some of the necessary documentation of scouting activities. There are inherent risks in sharing data on personal devices, but this concept may be worth reviewing, as there is also the potential for financial savings. Some restrictions on the system and other regulations may limit the risks as well. Let me know how you feel about investigating this possibility. I will call you soon to hear your thoughts and set up a meeting to discuss it further. Sam Wayfair Systems Analyst

2

Physical Security Unfortunately, many homes and businesses are not physically secure enough and may suffer computer-related losses. Physical security includes protection from the environment, disasters, theft, and vandalism. Good practices can take the form of workplace rules such as locking computers before walking away from them and disallowing downloads from the Internet. Security cameras, good lighting, smoke detectors, locked doors with limited access, and keeping some equipment from the public eye are also good strategies, as are monitoring temperature and humidity, backing up data in a different location, and avoiding fire and flood hazards. In the home, simply putting away a laptop when you leave is an additional safety measure. Some critical thinking can assess a situation and provide more tactics.

Logical Security You will read more about logical accesses as you prepare your initial post for this unit. Passwords are an important first step! You have undoubtedly encountered rules about password length and using a combination of capital and small case letters, numbers, and certain characters. It is also important not to use dictionary words or personal identification that can be easy to guess (like your birthday, favorite colors, dog's name, or address). It is also crucial not to use the same password for multiple logins, because once a hacker learned the password, they would be able to get into all of these places. Another rule to consider is whether or not to require new passwords at regular intervals. According to many security experts, the frequent changing of passwords often results in poor practices such as creating similar ones, using patterns, reusing the same passwords for several different logins, or reverting to the use of ordinary words. These all can make it easier for a hacker to gain access. Biometrics can add another step to authentication. These are personal physical traits (and sometimes behavioral) that make each person unique, like thumbprints or retina scans. You might like to investigate password managers if you have not done so previously. These are software programs that will store passwords, making it easier to have many different ones and to not rely on memory or writing them down elsewhere. Far too often, computer users write lists of passwords and leave them in notebooks, on sticky notes, on scraps of paper stored in a wallet or purse, or in easily opened documents. These practices leave the user open to password theft, which can then incur identity and financial losses.

Behavioral Security If you took IT504, you worked on an Acceptable Use Policy. Behavioral security is setting rules for human behavior, which is impossible to fully control, but with policies, training, and clear consequences outlined, problems can be minimized. While it is clear the above information is to help you understand the three areas of security you will assess in the discussion this week, there is one more behavioral activity to consider: As you write your post, remember not to violate the privacy and security of your workplace by identifying it by name. Use a false name or identify it in general terms ("a financial institution," for example).

3

Time Management Reminder Make sure you follow all school-mandated policies for late work and that all of Unit 6 is submitted before midnight this coming Tuesday night.

* * * * *

If You Are New to IT This section will be presented in each Reading PDF for those who are new to the field or just wish to solidify understanding of computer concepts relevant to the unit or the course. It is a good idea for seasoned professionals to scan this information, too, in case there is something new to learn.

More About Security The ebooks listed below are in the course's Library list as "optional." Click on More Tools > Library to look for these items. Meyers, M., Jernigan, A., & Lachance, D. (2019). CompTIA IT fundamentals+ all-in-one exam guide

(exam fc0-u61) (2nd ed.). McGraw Hill. https://libauth.purdueglobal.edu/sso/skillport?context=144895

• Chapter 4: “Data Storage and Sharing” (review)

• Chapter 11: “IT Security Threat Mitigation” Meyers, M. (2019). CompTIA A+ certification all-in-one exam guide (exams 220-1001 & 220-1002)

(10th ed.). McGraw Hill. https://libauth.purdueglobal.edu/sso/skillport?context=144455

• Chapter 13: “Users, Groups, and Permissions”

• Chapter 21: “The Internet”

• Chapter 27: “Securing Computers”

System Backups Backing up a company's data is of utmost importance, because loss of data affects the ability to do business. There are also records that must be kept for financial, tax, compliance, and other reasons. There are several methods used for database backups:

A full backup is when an entire database is copied and stored elsewhere. Typically, this is done on weekend nights when there is little business activity, as it may slow down the system during the backup process. A differential backup copies and stores all content that changed since the last full backup. This will not take as long as a full backup and could be done nightly. An incremental backup copies and stores the content that was changed since the last backup, whether it was a full or differential one. Should there be data loss, the information saved in this kind of backup will need to be "stitched" into a copy of the full backup.

4

There are other kinds of backups, including a full-computer backup, which records the structure of all software and inner hardware. A mirror backup copies but does not compress the files, so it tends to be faster; it needs more space and may not be secure, however. RAID — Redundant Array of Independent (or Inexpensive) Disks — technology can also provide necessary redundancy and protection against hard drive failure and subsequent loss of data. Backing up data in the cloud or elsewhere off-site is recommended. Should a company's servers be destroyed by a fire or tornado, for example, the data would still be saved if the backups were stored off- site. Similarly, should a hacker infect a database with a virus, a fresh start would be possible if everything were saved elsewhere.