Hello all, did you come up with 10 guidelines for the school database ? (homework guys homework )
Prevention of Computer Misuse
- Students can be given separate user accounts and passwords, so that each student is accountable on the nature of computer use within the school.
- staff should be given necessary training and education on how confidential the grading's information are . (FERPA awareness) and they could be trained to use PCs
- system could be configured so that it only accepts strong passwords. (validations of inputs)
- password updates could be made mandatory ( at least once a month to change passwords) and notified to users when the dates for password updates are closing
- the server areas could be secured by a security guards (physical security)
- computer labs could be CCTV enabled to monitor any suspicious activity
- install a reputed / corporate level firewall or a virus guard to prevent any malicious elements arriving to a system
- set proper file access permissions - edit and read privileges based on the information required for each person
- block abusive , harmful , suspicious , content , limit email attachments
- User access levels such as student ;level, teacher level etc…
Detection of Computer Misuse
- enable firewalls to immediately notify any harmful entry of information to the internal network
- A good virus guard to run time to time automatically to detect any hidden issue and immediately take action such as notify , sound alert , block content , quarantine etc
- good maintenance and frequent monitoring of system logs , database logs , server logs to identify any malicious activity
- Appointed security guards , and CCTV monitoring guard rooms to keep looking at possibilities of threats
- if someone attempts to guess a password , user login information more than 3 times , to automatically lock the account , and seek admin support for recovery .
- configure automatic session expiry in case of a computer left unused but logged in
- force the system users to enter, valid and strong password only ( realtime validate mechanisms of the strength of the password)
- force the systems users to randomly complete security questions , change passwords , prvent them entering the old passwords will detect possible unauthorized access
- link email addresses , mobile accounts to systems login information(2FA) so that an illegal entry is notified immediately to the legitimate user via email or mobile.
- ??? එහෙනම් අන්තිම එක තනියම ලියමු නේ ?
No comments:
Post a Comment