Griffith University Security Policy

  1. What is a security policy and why does an organization need security policy?

A security policy is mainly a document that outlines how an enterprise plans to manage its security, and protect critical information technology infrastructures or assets.

  1. Provide an example of your own, which would be caused by missing security policies?

One of the main problems associated with lack of proper security policies is confusion during breach. Other problems include data loss, system vulnerability, and data leakage or data breach. In most cases, organizations suffer during security breach because they have not defined the appropriate behavior, the firewall policies, any password standards, and o acceptable use policies because of the general, lack of clear-cut security policy, organization do not know the subsequent actions in the event that a breach is detected (Prosise,  Mandia,  Pepe, 2003).

  1. What are the basic things that need to be explained to every employee about a security policy? 

Some of the key things that an organization must explain include the fact that security policies alone do not eliminate chances of security breach; it is their behaviors around these security structures that protect data and IT assets (David, et al, 2011).

The people must also be told about the acceptable use policies in place to avoid misuse of IT infrastructures.

Additionally, all employees must undergo a mandatory security drill whenever new updates are installed and new IT infrastructures are introduced.

Finally, employee should also be made aware of the data management procedures, and standards to avoid or reduce accidental data exposure or sharing

New employees must be informed about the security policies at the time of orientation before they start working actively in the organization

It is also important to understand that by having a security policy, there is no guarantee that the data breach or data loss is eliminated. It is therefore the duty of the staff to ensure that the security policies are periodically updated and the staff informed about the new security policy updates (Peltier, Peltier, &, Blackley, 2003).

  1. You have an e-mail server that processes sensitive emails from important people. What kind of things should be put into the security policy for the email server?

All the incoming emails must be relayed through the centrals mail hubs to scan the emails before they are directed to recipients

Passwords must be strong and verified. Only authors users should be swallowed to access the email servers

Only authorized users will relay their incoming emails through the company’s mail servers a way of improving the schools email system integrity. Others include Authentication / Encryption, Restrict maximum incoming connections rate, Message integrity validation, Identity Confirmation, and Multi-layer access control

  1. List and explain five latest vulnerability scanners.

The vulnerably scanner include a number of computer programs developed to assess the computer networks, computer system as well as any other computing applications for any flaw.  Organizations can use these vulnerability assessment applications. To manage vulnerability, some of the latest vulnerability scanners include

a).Nmap- this is a port scanner, and a network-mapping tool that scans and assess computer networks, operating system, and ports. it has scripts that can  detect vulnerability by adapting to networks leniency, and networks congestion

b). Networks vulnerability scanner such as Nessus used with the UNIX systems ht is constantly updated with over 46000 plugging. It has remote authenticated security check. It also has a client’s server architecture that can be managed from the web-based interface (Chen et al, 2007, pp. 75-84).

c). Web application security scanner such as w3af – this is an internet application and attack audit framework that help organizations by identifying web application vulnerabilities.

d). Database security scanner such as QualysGuard, McAfee Security Scanner for Databases, and Scuba are some of the key SaaS vulnerability assessment tools that maps networks and reports on vulnerability. It also offers internal scans based on asset prioritization and communicate back and forth from, cloud based system (Russell, &, Cohn, 20123).

e). ERP security scanner– ERPScan from  can conduct complex security assessments while scanning SAP servers for software vulnerabilities, misconfigurations, segregation of duties (Foreman, 2010)..

  1. Read the Griffith university plan and critique the policy

The policy has not defined the school’s information system, the acceptable use policy, and details the job description, roles and responsibilities of all the staff in charge of information technology assets and functions geared at ensuring that the integrity of the integrity and security of the system is managed


Russell J, &, Cohn R, (20123). Vulnerability Scanner. Book on Demand.

Chen et al.,(2007). “Large-Scale Analysis of Format String Vulnerabilities in Debian Linux”, Jun. 14, , ACM, pp. 75-84.

Peltier  T, Peltier  J, &, Blackley J, (2003). Managing A Network Vulnerability Assessment. Auerbach Publications

David K, O’Gorman J, Kearns D, &, Aharoni M, (2011). Metasploit: The Penetration Tester’s Guide. No Starch Press; 1ST Edition

Prosise  C,  Mandia  K,  Pepe M, (2003). ncident Response and Computer Forensics. Second Edition. McGraw-Hill/Osborne

Foreman, P, (2010). Vulnerability Management, page 1. Taylor & Francis Group.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s