Computer Sciences and Information Technology
DIFFERENTIATE THE ROLES OF INTERNAL AND EXTERNAL SECURITY CONTROLS
This is a cybersecurity course. The rubric is attached

Purpose – In this Assignment, you will look at security controls, and how they are tested.

Assignment Instructions:
Using the Reading, the library, and Internet research, answer or explain the following in a minimum 400-word paper that covers the following and includes three or more APA style references:

Differentiate perimeter controls from internal controls. Give examples.
What controls constitute a defense in depth strategy? Explain.
How are security controls tested and verified?

DIFFERENTIATE THE ROLES OF INTERNAL AND EXTERNAL SECURITY CONTROLS
When it comes to cybersecurity, access control is an important aspect as it determines what can be viewed by authorized personnel within a computing environment. Through such action, risk is minimized within an organization, especially in this era where companies are sensitive of brand image. Perimeter security are man-made barriers aimed at keeping intruders out to regulate access, whereas, internal control is a set of policies made by an organization to safeguard its assets and promote accountability. Perimeter controls limit physical access to the organizations outside environment, buildings, rooms and tangible IT assets. Internal controls on the other hand touches on limited access to data, the network connections and system files (Rouse 2014). Examples of perimeter controls include:
• Firewalls: check the packets of data that move to and fro within the network and decides which ones will be granted access and which ones will be denied access.
• Fences and walls
• Vehicle barriers
• Pedestrian barriers
Examples of internal controls include:
• Vendor Patching: updating software to the latest version to prevent hacking.
• Encryption Policy: specifications of encryption algorithms, key lengths and timings to be used.
• Confidentiality Agreements: a legal document that binds employees to keeping the company information as secrets.
A defense in depth strategy is creation of a system that protects, detects and responds to attacks. Perimeter controls constitute a defense in depth strategy though the implementation of firewalls, routers and Intrusion Detection systems. What a firewall basically does is, it checks the packets of data that move to and fro within the network and decides which ones will be granted access and which ones will be denied access. A set of regulations are normally in place to determine these parameters. Threat protection is a reason why firewalls are proving to be very important. As much as antiviruses provide a solution against viruses, Firewalls provide better protection to guarding a computer against threats. One can choose between an appliance firewall and a client firewall to protect the network as well as the connection to the internet. What an appliance firewall does is, it is configured to monitor all the data that travels on the network within the computer; it is inbuilt within the computer. A client firewall on the other hand ensures that there is a secure connection between the internet and the computer itself. The system is then designed in layers that overlap each other so that prevention, detection and response is realized (Breithaupt & Merkow 2014). Through the use of a layered system, if one layer fails, then there are two more layers that can still be relied upon.
Security controls can be tested through:
• Establishment of Security Metrics: determining the scope of the security program so as to measure performance, determine operational statistics, and compliance goals.
• Vulnerability and Penetration testing: helps the organization to determine the extent of security. Weaknesses are discovered during the vulnerability assessment tests while they are exploited in the penetration tests to determine if possible threats can be launched through the current weaknesses.
• Internal Auditing: the documented organizational policies, as well as stakeholders’ responses to interviews in regard to their understanding of the activities in place with respect to cybersecurity are used to evaluate security control operations (Bakertilly 2017).
Verification can be achieved through constant monitoring of the control environment to make sure that the cybersecurity program is effective within the organization.
Reference
Baker Tilly. (2017). Monitoring and verifying cybersecurity controls effectiveness. Retrieved from https://www.bakertilly.com/insights/monitoring-and-verifying-cybersecurity-controls-effectiveness/
Breithaupt, J., & Merkow, M. (2014). Principle 3: Defense in Depth as Strategy | Information Security Principles of Success | Pearson IT Certification. Retrieved from http://www.pearsonitcertification.com/articles/article.aspx?p=2218577&seqNum=4
Rouse, M. (2014). What is access control? – Definition from WhatIs.com. Retrieved from https://searchsecurity.techtarget.com/definition/access-control

Published by
Essays
View all posts