Using the Case In Point company, Chain Link Consulting, Inc., described below, make a security checklist that considers all six information security levels. The six security levels are:
1. Physical - operations center for technical equipment, guards
2. Network - firewalls, encrypting network traffic
3. User - passwords, social engineering
4. Procedural - classification levels for access to certain documents
5. File - file permissions, encryption
6. Application - Software logs, application permission
These securities level are interconnected and help in making the decisions regarding system security. The checklist should be in the form of a Word document the company can give to their clients to assess real-world vulnerabilities.
CASE IN POINT 12.4: CHAIN LINK CONSULTING, INC.
Chain link Consulting is an IT consulting firm that specializes in system security issues. The company's president has asked you to help her put together a presentation to a group of potential clients at a trade show meeting next month. First, she wants you to review system security issues, considering all six security levels. Then she wants you to come up with a list of ways that Chain link could test a client's security practices, in order to get a real-world assessment of vulnerability. To make matters more interesting, she told you it was OK to be creative in your recommendations, but not to propose any action that would be illegal or unethical. For example, it would be OK to pose as a job applicant with false references to see if they were being checked, but it would not be appropriate to pick a lock and enter the computer room. Your report is due tomorrow. What will you suggest?