Tuesday, April 3, 2018

Prevention vs Detection

Hello all, did you come up with 10 guidelines for the school database ? (homework guys homework Smile with tongue out )

Prevention of Computer  Misuse

  1. Students can be given separate user accounts and passwords, so that each student is accountable on the nature of computer use within the school.
  2. staff should be given necessary training and education on  how confidential the grading's information are . (FERPA awareness) and they could be trained to use PCs
  3. system could be configured so that it only accepts strong passwords. (validations of inputs)
  4. password updates could be made mandatory ( at least once a month to change passwords) and notified to users when the dates for password updates are closing
  5. the server areas  could be secured by a security guards (physical security)
  6. computer labs could be CCTV enabled to monitor any suspicious activity
  7. install a reputed / corporate level firewall or a virus guard to prevent any malicious elements arriving to a system
  8. set proper file access permissions - edit and read privileges based on the  information  required for each person
  9. block abusive , harmful , suspicious  , content , limit email attachments
  10. User access levels such as student ;level,  teacher level etc…


Detection of Computer Misuse

  1. enable firewalls to immediately notify any harmful entry of information to the internal network
  2. A good virus guard to run time to time automatically to detect any hidden issue and immediately take action such as notify , sound alert , block content ,  quarantine etc
  3. good maintenance and frequent monitoring of system logs , database logs , server logs to identify any malicious activity
  4. Appointed security guards , and CCTV monitoring guard rooms to keep looking at possibilities of threats
  5. if someone attempts to guess a password , user login information more than 3 times , to automatically lock the account , and seek admin support for recovery .
  6. configure automatic session expiry in case of a computer left unused but logged in
  7. force the system users to enter, valid and strong password only ( realtime validate mechanisms of the strength of the password) 
  8. force the systems users to randomly complete security questions , change passwords , prvent them entering the old passwords will detect possible unauthorized access
  9. link  email addresses , mobile accounts to systems login information(2FA) so that an illegal entry is notified immediately to the legitimate user via email or mobile.
  10. ??? එහෙනම් අන්තිම එක තනියම ලියමු නේ ? Open-mouthed smile 
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)