Cis 329 Week 7 Discussion: Secure Boot. Essay Sample
Type of paper: Essay
Topic: Employee, Workplace, Security, Project, Management, Employment, System, Software
According to Microsoft, the Secure Boot security standard ensures that computers boot only trusted software from the manufacturer. The firmware checks the signature of all boot software during system startup, and if the signatures are authenticated, then the firmware passes control to the operating system. Some of the software checked for signatures are operating systems and hardware drivers. If software with an unidentified signature e.g. malware is found, the firmware prevents the PC from loading the operating system and locks the user out of the system.
However, despite the good intentions Secure Boot has from a security standpoint, I do not support the Secure Boot technology as it is because it violates some fundamental software use principles. First, the system denies access and control of the system to the owner in case unsigned software is found, and second, Secure Boot is under control of the PC manufacturer which means PC owners can be denied control of their devices at any time even without being informed which a violation of device owner rights.
The fact that Microsoft has allowed the ability to disable Secure Boot on x86 devices that ship with Windows 8 but not on ARM-based systems not a justifiable long-term strategy. I believe that Microsoft should lock their bootloaders but provide users with the option to disable Secure Boot since users might love the device but prefer a different operating system. For example, Google’s Nexus devices have locked bootloaders but these can be disabled using developer tools while some even have hardware switches.
CIS 329 Week 8 Discussion: Setting Bring Your Own Device (BYOD) Policies.
In the BYOD policy, companies should have the ability to remotely wipe company data on an employee's lost or stolen personal device. While this a crude approach, the risk of company data and personal information falling into the wrong hands is quite high. In fact, devices should be wiped immediately they are reported as stolen which is once the employee is convinced they have not misplaced the device, or they are sure it is lost/stolen. However, employees should be informed of the wiping policy before they agree to use their personal devices for work.
BYOD hidden costs such as employee behavior costs and subscription costs can be managed through proper BYOD implementation and monitoring. Employee behavior costs can be reduced by, not putting too much trust on employees to do the right thing. This is because employees will rack up huge international roaming charges, opt for maximum data plans and purchase subscription apps while free alternatives exist. The solution to this hidden cost is to create and enforce a mobile usage policy to regulate and monitor BYOD costs. Subscription costs can be reduced by eliminating stipends and using reimbursements based on itemized wireless billing and employee roles. This will ensure employees are held accountable for their expenditure, and over-purchasing is reduced.
CIS 332 Week 7: Most Beneficial New Features of AD from a Security Standpoint.
Flexible Authentication Secure Tunneling (FAST) and Dynamic Access Control are the most significant features added to Server 2012 from a security view.
Dynamic Access Control (DAC) allows system administrators to assign permissions and apply access-control restrictions using a set of well-defined rules such as the configuration of the accessing device, resource sensitivity and user roles. For example, a user is given different permissions depending on he is accesses resources from an office workstation or using a VPN for remote access. When DAC is not implemented, a user accessing restricted resources provides a security risk since some critical information should only be accessed using company machines. However, the use of dynamic access control ensures that permissions change dynamically without the need for the administrator’s intervention when the user’s location, role or job changes.
Flexible Authentication Secure Tunneling (FAST) is a pre-authentication framework used in Kerberos to provide a secure channel the KDC (Key Distribution Centre) and the client. Implementation of FAST makes it easy to chain different techniques of authentication, utilize multiple key management systems, and add support for new key agreement algorithms. Lack of FAST implementation makes the reply key susceptible to brute force attacks.
Two of the refreshed features in Server 2012 that stand out in terms of network efficiency and cost effectiveness are Group Managed Service Accounts (GMSAs) and Domain Join through DirectAccess.
Domain Join via DirectAccess helps users to access shared resources, applications and websites remotely via an intranet without using a VPN. It thus provide more secure access to remote users and improved performance. Implementation of DirectAccess in Server 2008 could not be virtualized and was heavily reliant on iPv6. However, in Server 2012, DirectAccess can be virtualized and is compatible with IPv4 which means the conversion technologies that used to slow it down are no longer needed.
Group Managed Service Accounts (GMSAs) are used for automation of password management, to delegate management duties to administrators, and to simplify SPN management across multiple servers. When GMSAs are used, the need to manage password synchronization between different service instances by system administrators is eliminated. This enables GMSA to support hosts that have stayed offline for a long time, and also provide host management services for hosts that simultaneously run several instances of the same service. These capabilities of GMSA help improve network efficiency and overall performance by making it possible to set up a server farm that uses a single identity. The single global identity allows client machines to be successfully authenticated without the need to know about the instance they are connecting to.
CIS 332 Week 8 Discussion: Choosing the Best Active Directory User Creation Tool and Organizational Unit Design Best Practices.
There are different user creation scenarios in Active Directory, but only two are discussed. The first scenario involves creating a single user such as a new employee and the other involves creating user objects in bulk e.g. while setting up a new system and you have to create user accounts for all employees from scratch.
When creating a single user, the Directory System Agent (dsa.msc) tool of the Active Directory Users and Computers is used because the addition of one user is a one-off manual task. However, this tools is not eligible for repetitive tasks such as bulk addition of users since it involves the addition of one user at a time. However, the tool is easy to use due to the GUI. When creating user objects in bulk, the best tool to use is Windows PowerShell, which provides a command-line interface that can be used to perform Active Directory management tasks or to execute scripts that automate repetitive tasks. In this case, the administrator can create a command template using PowerShell then use a script to read employee details from CSV file. When the script is run, the system creates new user accounts and passwords based on the details. PowerShell is thus a handy and efficient tools when creating using accounts in bulk or where user account creation needs to be automated.
When designing organizational units (OU), the two best practices I consider most important are moving Group Policy Objects (GPOs) under a simple OU structure, and optimizing the number of OUs. In terms of keeping the OU structure simple, a possible configuration is create a master organizational unit and then nest all other units under it while taking care to have too many nested layers (no more than 10 layers in depth). Optimizing the number of OUs is another best practice that depends on the overall Active Directory goals and how to manage GPO deployment and delegation. Too few OUs will result in overhead in configurations whereby too many OUs will be nested under each other making them difficult to manage. On the other hand, many OUs will result in too many administrators and display poor planning. The best OU configuration is to scale the number of OUs starting from a minimum and extending to fit organizational needs since OU deletion is cumbersome.
CIS 498 Week 7 Discussion: Social Organizations and Core Competencies.
Effective change leader in relation to adoption of social media initiatives by organizations is important because since it helps build a collaborative culture where employees share experiences, discuss common interests, form new communities, create more engaging learning experiences, and improve on two-way communication.
CIOs are often encountered with ethical issues when implementing social media initiatives. Some of these ethical issues include whether or not CIOs should incur expense and place effort in monitoring employee use of social media in a business context i.e. In regard to data access, information sharing, and privacy. Another ethical issue is whether or not to inform employees that their social media activity is being monitored. These are weighty issues and can only be solved by mutual employer-employee policy agreement on what employees can say about their employers on social media, as well as issues on the use/misuse of company resources for social media initiatives (i.e. whether the employee act as a representative of the company or himself).
The top three core competencies in IT based my ranking are Communication, Problem Solving, and Organizational Understanding respectively. Communication comes at the top since it is a basic requirement for an IT employee to communicate effectively regardless of his role. The IT profession involves Problem Solving, and thus IT professionals should be adept at coming up with meaningful solutions to problems in their field. Finally, organizational understanding helps an employee understand their role, tasks and responsibilities in the realization of organizational objectives.
CIS 498 Week 8 Discussion: Cultural Change and Project Sponsorship.
I believe project management causes cultural change because all project management processes revolve around people. This claim is validated by the simple fact that success in a project is determined by the behavior of people participating. In this case, project management can also influence people’s beliefs, behaviors and interactions leading to cultural change. For example, in an integrative IT environment that uses virtual teams, the teams are not co-located which means project managers have to understand the behavior, culture and emotions of team members to ensure project success. On the other hand, project management is also bound to influence cultural changes, relationships and communication among team members.
I would aspire to be the CIO of an organization such as the Raspberry PI foundation since the organization relies on project sponsors and community support to create innovations that advance child and education. In this case, the role of a project sponsor would be to secure resources such as funding, expert advisors, monitor project progress, provide the business case, approve budget and schedule changes, and select the project manager. The project sponsor is pivotal to the organization's success since he is responsible for the overall success of the project by providing the services stated above and others not mentioned. The sponsor is usually someone well established and experienced in their line of work and thus he/she will bring a lot of input in the form of resources and sound judgment which will help the project succeed.