School is a private school with 300 students ranging from grade 7 to 12, and 30 staff members and teachers. At the request of Principle Symons, an asset list followed by a qualitative risk assessment was conducted and documented In order to ensure the proper level of protection required for each asset. There are two servers running services for Premier Collegiate School, the first for administration businesses and the second for the student’s needs.
These servers are critical to the confidentiality, Integrity, and availability of this schools services and business functions. Data housed on these servers must be protected and kept confidential, and the proper authorization and authentication methods should be Implemented as well. The principle maintains a notebook computer that is used for both business and personal uses and therefore is critical in maintaining a secure environment at all times and even remotely. Students are required to have privately owned laptops so he same type of security would also be required as well.
These critical assets either generate revenue or represents intellectual property of the organization. Other assets such as the administrators, teachers, and student desktops provided by Premier Collegiate School would be considered major because it contains customer privacy data that must be properly protected. Other major assets include routers, switches, wireless access points, cabling, and server racks. IT personnel, students, and staff are also considered security risks and therefore he proper level of user security awareness training, workshops, and seminars should be provided to users on the network.
Other security measures such as an acceptable usage policy and password policies should be properly implemented to ensure users are responsible for and understand their actions on the network. In addition, It would be best practice to implement the proper administrative, technical, and physical safeguards to properly secure each asset. Administrative safeguards are actions and rules implemented to protect information. Technical safeguards are applied to reward and software information systems.
Physical safeguards are actions that an organization takes to protect Its actual, tangible resources. Unit 1 Assignment 1 in order to ensure the proper level of protection required for each asset. There are confidentiality, integrity, and availability of this schools services and business and the proper authorization and authentication methods should be implemented as are responsible for and understand their actions on the network. In addition, it would organization takes to protect its actual, tangible resources.