What are the main security issues that New Century should address? Prepare a memo that lists the primary concerns and offers a specific recommendation for dealing with each issue.

What will be an ideal response?

---

Answers will vary. Using the material in the chapter, students should be able to develop a checklist of key issues, with recommendations for each. A sample checklist follows:
Physical Security Issues
• Computer room security
Biometric scanning systems
Motion sensors
• Servers and desktop computers
Keystroke loggers
Tamper-evident cases
BIOS-level passwords; boot-level passwords; power-on passwords
• Mobile devices
Universal Security Slot (USS)
Tracking software
Stringent password requirements
Account lockout thresholds
Network Security Issues
• Encrypting network traffic
Encryption vs. plain text
Public key encryption
• Wi-Fi Protected Access (WPA)
Wired Equivalent Privacy (WEP)
Private networks
Tunnels
Virtual private networks
• Ports and services
Destination ports
Services
Port scans
Denial of service attacks
Firewalls
Protocols that control traffic
Application Security Issues
Services
Security holes
Permissions
Input validation
Patches and updates
File Security Issues
Permissions
User groups
User Security Issues
Identity management
Password protection
Social engineering
User resistance
Procedural Security
Establish clear managerial policies and controls.
Build a corporate culture that stresses security.
Define how particular tasks are to be performed.
Stress employee responsibility for security.
Guard against dumpster diving.
Use paper shredders and instruct employees as to when, why, and how they are used.
Develop a system of classification levels and communicate it effectively.




?