• Home   /  
  • Archive by category "1"

Is 4550 Unit 9 Assignment 1

Unformatted text preview: ITT IS4550 Assess and Audit and Existing IT Security Policy Framework Definition Unit 9 LABS Brandon Ford [Pick the date] Sharon Green Unit 9 5/10/2014 LAB 9 – Assessment Worksheet Part A – Risks, Threats and Vulnerabilities Risk-Threat-Vulnerability Unauthorized access from public Internet User destroys data in application and deletes all files Hacker penetrates your IT infrastructure and gains access to your internal network Intra-office employee romance gone bad Fire destroys primary data center Communication circuit outages Workstation OS has a know software vulnerability Unauthorized access to organization owned workstations Loss of production data Denial of service attack on organization e-mail Server Remote communications from home office LAN server OS has a known software vulnerability User downloads a unknown e-mail attachment workstation Browser has a software vulnerability Service provider has a major network outage Weak ingress/egress traffic filtering degrades performance User inserts CD' and USB' hard drives with personal photos, music and videos on organization owned computers VPN tunneling between remote computer and ingress/egress router WLAN access points are needed for LAN connectivity with in a warehouse Need to prevent rogue users from unauthorized WLAN access. Primary Domain Impacted LAN-WAN System Application System Application User System Application LAN-WAN Workstation User System Application System Application Remote Access LAN-WAN Workstation Workstation Remote Access Remote Access Workstation Remote Access LAN LAN Sharon Green Unit 9 5/10/2014 Part B Risk-Threat-Vulnerability Unauthorized access from public Internet IT Security Policy Definition Acceptable Use Policy User destroys data in application and deletes all files Backup Recovery Policy Hacker penetrates your IT infrastructure and gains access to your internal network Intra-office employee romance gone bad Fire destroys primary data center Communication circuit outages Workstation OS has a known software vulnerability Unauthorized access to organization owned workstations Loss of production data Denial of service attack on organization e-mail Server Remote communications from home office LAN server OS has a known software vulnerability User downloads a unknown e-mail attachment workstation Browser has a software vulnerability Service provider has a major network outage Threat Assessment & Management Policy Acceptable use Policy Disaster Recovery Policy Asset management Policy Threat Assessment & Management Policy Risk management Policy Backup Recovery Policy IRT Policy UAP/Remote Access Policy Threat Assessment Policy Security Awareness Training Threat Assessment Policy Asset management Policy Weak ingress/egress traffic filtering degrades performance Asset management Policy User inserts CD' and USB' hard drives with personal photos, music and videos on organization owned computers Acceptable Use Policy VPN tunneling between remote computer and ingress/egress router Acceptable Use Policy WLAN access points are needed for LAN connectivity with in a warehouse Vulnerability Assessment & Management Policy Need to prevent rogue users from unauthorized WLAN access. Asset management Policy Sharon Green Unit 9 5/10/2014 Questions and Answers 1. What is the purpose of having a policy framework definition as opposed to individual policies? A policy framework is a logical structure that is established to organize policy documentation into groupings and categories that make it easier for employees to find and understand the contents of various policy documents. 1. When should you use a policy definition as a means of risk mitigation and element of a layered security strategy? Policy definition should include the following steps: • Performing a risk analysis of current and planned systems operations and their governance that effectively balances protective measures and mission performance • Defining a continuous monitoring strategy for situational awareness (threat detection) • Undertaking Contingency and Continuity of Operations (COOP) planning to reduce the consequences of and loss of data and infrastructure and any work stoppage • Completing a gap analysis to identify policy compliance shortfalls for the intended operational environment 2. In your gap analysis of the IT security policy framework definition provided, which policy definition was missing for all access to various IT systems, applications, and data throughout the scenario? Incident Response Policy 3. Do you need policies for telecommunications and internet providers? No. Just for the users. Pg 252 4. Which policy definitions from the list provided in LAB 9 Part B helps optimize Performance of an organizations Internet connection. Acceptable Use Policy Sharon Green Unit 9 5/10/2014 Asset management Policy Threat Assessment Policy 5. What is the purpose of a Vulnerability Assessment & Management Policy for an IT infrastructure? Vulnerability Assessment and Management - Conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. 6. Which policy definition helps achieve availability goals for data recovery when data is lost or corrupted? Data Recovery Security Policy 7. Which Policy definitions reference a Data Classification Standard and use of cryptography for confidentiality purposes? Data at Rest and Data in Transit 8. Which policy definitions from the sample IT security policy framework definition mitigate Risk in the user domain? Acceptable Use Policy 9. Which policy definitions from the sample IT security policy framework definition mitigates risk in the LAN-to-WAN Domain? Security Awareness Training Policy 10. How does IT security policy framework make it easier to monitor and enforce throughout an organization? Helps you develop a strong control mindset to support business objectives, legal obligations and the organizations core values. Sharon Green Unit 9 5/10/2014 11. Which policy definition requires an organization to list its mission critical business operations and functions and the accompanying IT systems, applications, and data bases that support it? Asset Identification and Classification Policy 12. Why is it common to find a Business Continuity Plan Policy Definition and a Security Incident Response Team Policy Definition? Both help with continuing business after a disaster. 13. False. A Data classification Standard will define whether or not you need to encrypt the data while residing in the Database. 14. False. Your upstream ISP must be part of your DOS/DDOS risk management strategy the LAN to WAN domains internet ingress/egress. This is best defined in a policy definition for internet ingress/egress availability. ...
View Full Document

JC Balthazar Prof. Carter IS 4450 Lab 9 Part 1: Assess and Audit an Existing IT Security Policy Framework Definition Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks:  Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure  Review existing IT security policies as part of a policy framework definition  Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy  Identify gaps in the IT security policy framework definition  Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure Week 5 Lab Part 1: Assessment Worksheet (PART A) Sample IT Security Policy Framework Definition Overview Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap.

One thought on “Is 4550 Unit 9 Assignment 1

Leave a comment

L'indirizzo email non verrà pubblicato. I campi obbligatori sono contrassegnati *