Organizational Context

Hi all ….

apart from gossips , did you learn anything ?  

I am sure you did.

Okay here is the presentation . But literally it is the same as the lesson in text book . some additional slides exist .

https://drive.google.com/open?id=14f4XsHjNqDIw3MZirQx1I6DDAx0H8PzB

Prevention vs Detection

Hello all, did you come up with 10 guidelines for the school database ? (homework guys homework )

Prevention of Computer  Misuse

1. Students can be given separate user accounts and passwords, so that each student is accountable on the nature of computer use within the school.
2. staff should be given necessary training and education on  how confidential the grading's information are . (FERPA awareness) and they could be trained to use PCs
3. system could be configured so that it only accepts strong passwords. (validations of inputs)
4. password updates could be made mandatory ( at least once a month to change passwords) and notified to users when the dates for password updates are closing
5. the server areas  could be secured by a security guards (physical security)
6. computer labs could be CCTV enabled to monitor any suspicious activity
7. install a reputed / corporate level firewall or a virus guard to prevent any malicious elements arriving to a system
8. set proper file access permissions - edit and read privileges based on the  information  required for each person
9. block abusive , harmful , suspicious  , content , limit email attachments
10. User access levels such as student ;level,  teacher level etc…

Detection of Computer Misuse

1. enable firewalls to immediately notify any harmful entry of information to the internal network
2. A good virus guard to run time to time automatically to detect any hidden issue and immediately take action such as notify , sound alert , block content ,  quarantine etc
3. good maintenance and frequent monitoring of system logs , database logs , server logs to identify any malicious activity
4. Appointed security guards , and CCTV monitoring guard rooms to keep looking at possibilities of threats
5. if someone attempts to guess a password , user login information more than 3 times , to automatically lock the account , and seek admin support for recovery .
6. configure automatic session expiry in case of a computer left unused but logged in
7. force the system users to enter, valid and strong password only ( realtime validate mechanisms of the strength of the password) 
8. force the systems users to randomly complete security questions , change passwords , prvent them entering the old passwords will detect possible unauthorized access
9. link  email addresses , mobile accounts to systems login information(2FA) so that an illegal entry is notified immediately to the legitimate user via email or mobile.
10. ??? එහෙනම් අන්තිම එක තනියම ලියමු නේ ?  
    

ADA 508 and ADA Compliance

Hello folks … ADA is where we began today  (I mean on .. will you have a look pls ?

ADA 508 & ADA COMPLIANCE

The US Rehabilitation Act of 1973 was amended in 1986 and again in 1998 to include all information technology, including computer hardware, software and documentation. These amendments also created enforcement measures to mandate compliance for websites, documents, and applications developed with US Federal funding or for US government agencies.

These amendments are known as Section 508 and they dictate specific accommodations for various types of content. The “Section 508 refresh” or Section 255 Standards Refresh updates the requirements. A final rule with more details about the standards is expected in the fall of 2012 and codified into law in 2013.

WHO NEEDS TO FOLLOW THESE REQUIREMENTS?

U.S. government websites and applications and those developed using US Federal funds must comply with Section 508. Many state agencies and corporations have adopted the standards.

ADA Compliance

The Department of Justice (DOJ) published the Americans with Disabilities Act (ADA) Standards for Accessible Design in September 2010. These standards state that all electronic and information technology must be accessible to people with disabilities.

The ADA differs from Section 508 regulations, which are an amendment to the Rehabilitation Act of 1973 and apply to all information technology, including computer hardware, software and documentation.

WHO NEEDS TO FOLLOW THESE REQUIREMENTS?

The ADA standards apply to commercial and public entities that have “places of public accommodation” which includes the internet. The DOJ is currently determining the specific regulations but that does not mean website discrimination will be tolerated

Who does the law affect?

· Americans with disabilities and their friends, families, and caregivers

· Private employers with 15 or more employees

· Businesses operating for the benefit of the public

· All state and local government agencies

HOW DOES A COMPANY COMPLY WITH THE ADA?

The ADA encourages self-regulation of accessibility standards and the Department of Justice is currently developing regulations to provide specific guidance to the entities covered by the ADA. Organizations are encouraged to use the WCAG 2.0 level AA guidelines as a guide on how to become accessible until the DOJ defines the regulations

Sarbanes Oxley Act–SOX 2002

The Sarbanes–Oxley Act of 2002

Sarbanes-Oxley Act A bill whose goal was to renew investors’ trust in corporate executives

and their firms’ financial reports; the act led to significant reforms in the content and preparation of disclosure documents by public companies

In the legal system Sarbanes–Oxley Act of 2002, established requirements for internal controls to govern the creation and documentation of accurate and complete financial statements. (compliance usually refers to behavior in accordance with legislation )

Further , this act demonstrates that an outsourcing firm has effective internal controls in accordance with the Sarbanes-Oxley Act of 2002.eg:

• · Set clear, firm business specifications for the work to be done
• · Establish reliable satellite or broadband communications between your site and the outsourcer’s location.
• · Require vendors to have project managers at the client site to overcome cultural barriers and facilitate communication with offshore programmers.
• · Require a network manager at the vendor site to coordinate the logistics of using several communications providers around the world.

The Sarbanes–Oxley Act of 2002 was passed in response to public outrage over several major accounting scandals, including those at Enron*, WorldCom, Tyco, Adelphia, Global Crossing, and Qwest—plus numerous restatements of financial reports by other companies, which clearly demonstrated a lack of oversight within corporate America. The goal of the bill was to renew investors’ trust in corporate executives and their firms’ financial  reports. The act led to significant reforms in the content and preparation of disclosure documents by public companies. However, the Lehman Brothers accounting fiasco and resulting collapse as well as other similar examples raise questions about the effectiveness of Sarbanes–Oxley in preventing accounting scandals.

Section 404 of the act states that annual reports must contain a statement signed by the CEO and CFO attesting that the information contained in all of the firm’s SEC filings is accurate. The company must also submit to an audit to prove that it has controls in place to ensure accurate information. The penalties for false attestation can include up to 20 years in prison and significant monetary fines for senior executives. Section 406 of the act also requires public companies to disclose whether they have a code of ethics and to disclose any waiver of the code for certain members of senior management..

*The Enron scandal, publicized in October 2001, eventually led to the bankruptcy of the Enron Corporation, an American energy company based in Houston, Texas. In addition to being the largest bankruptcy reorganization in American history at that time, Enron was cited as the biggest audit failure. Enron was formed in 1985 , when Jeffrey Skilling was hired, he developed a staff of executives that were able to hide billions of dollars in debt from failed deals and projects.This was done by the use of accounting loopholes, special purpose entities, and poor financial reporting. As a consequence of the scandal, new regulations and legislation were enacted to expand the accuracy of financial reporting for public companies.One piece of legislation, the Sarbanes–Oxley Act, increased penalties for destroying, altering, or fabricating records in federal investigations or for attempting to defraud shareholders.