FOR MORE CLASSES VISIT
www.tutorialoutlet.com
Case Study #1: Technology & Product Review for Endpoint Protection Solutions
Case Scenario:
Red Clay Renovations (the “client”) has requested that your company research and recommend
an Endpoint Protection Platform which will provide host-based protection for the laptop PC’s used by its
construction managers and architects.
1. Choose one of the Endpoint Protection Platform products
from the Gartner Magic Quadrant analysis.Explain
FOR MORE CLASSES VISIT
www.tutorialoutlet.com
Case Study #1: Technology & Product Review for Endpoint
Protection Solutions
Case Scenario:
Red Clay Renovations (the “client”) has requested that your company
research and recommend
an Endpoint Protection Platform which will provide host-based
protection for the laptop PC’s used by its
construction managers and architects. These employees design and
manage construction projects using
a Web based project management system. The laptops are also used to
access web-based corporate
email servers and additional web-based applications used for internal
business operations. Their laptops
are running the Windows 8/8.1 operating system and cannot be
upgraded to Windows 10 due to
compatibility problems in a business critical, proprietary software
package. The Windows 8/8.1 laptops
currently use Microsoft Windows Defender and Microsoft Windows
Firewall to provide host-based
protection against malware, spyware, and intrusions.
The client’s IT manager wants an Endpoint Protection product that is
easy to use, is deployable
on individual laptops as host-based protection, and automatically
updates itself (patches and virus
definition files). The “automatic” updates could be a problem since
3. (.docx or .doc file) for grading
using your assignment folder. (Attach the file.)
Additional Information
1. There is no penalty for writing more than 3 pages but, clarity and
conciseness are valued. If
your essay is shorter than 3 pages, you may not have sufficient
content to meet the
assignment requirements (see the rubric).
2. You are expected to write grammatically correct English in every
assignment that you submit
for grading. Do not turn in any work without (a) using spell check, (b)
using grammar check,
(c) verifying that your punctuation is correct and (d) reviewing your
work for correct word
usage and correctly structured sentences and paragraphs.
3. You are expected to credit your sources using in-text citations and
reference list entries. Both
your citations and your reference list entries must comply with APA
6th edition Style
requirements. Failure to credit your sources will result in penalties as
provided for under the
university’s Academic Integrity policy.
NIST Special Publication 800-34 Rev. 1 Contingency Planning Guide
for
Federal Information Systems
Marianne Swanson
Pauline Bowen
Amy Wohl Phillips
Dean Gallup
David Lynes NIST Special Publication 800-34 Rev. 1 Contingency
Planning Guide for
Federal Information Systems
Marianne Swanson
Pauline Bowen
Amy Wohl Phillips
Dean Gallup
David Lynes May 2010 U.S. Department of Commerce
4. Gary Locke, Secretary
National Institute of Standards and Technology
Patrick D. Gallagher, Director Certain commercial entities,
equipment, or materials may be identified in this document in
order to describe an experimental procedure or concept adequately.
Such identification is not
intended to imply recommendation or endorsement by the National
Institute of Standards and
Technology, nor is it intended to imply that the entities, materials, or
equipment are
necessarily the best available for the purpose.
There are references in this publication to documents currently under
development by NIST in
accordance with responsibilities assigned to NIST under the Federal
Information Security
Management Act of 2002. The methodologies in this document may
be used even before the
completion of such companion documents. Thus, until such time as
each document is
completed, current requirements, guidelines, and procedures (where
they exist) remain
operative. For planning and transition purposes, federal agencies may
wish to closely follow
the development of these new documents by NIST. Individuals are
also encouraged to review
the public draft documents and offer their comments to NIST.
NSPUE2 CONTINGENCY PLANNING GUIDE FOR FEDERAL
INFORMATION SYSTEMS Reports on Computer Systems
Technology
The Information Technology Laboratory (ITL) at the National
Institute of Standards and Technology
(NIST) promotes the U.S. economy and public welfare by providing
technical leadership for the nation’s
measurement and standards infrastructure. ITL develops tests, test
methods, reference data, proof of
concept implementations, and technical analysis to advance the
development and productive use of
5. information technology. ITL’s responsibilities include the
development of technical, physical,
administrative, and management standards and guidelines for the cost-
effective security and privacy of
sensitive unclassified information in federal computer systems. This
Special Publication 800-series
reports on ITL’s research, guidance, and outreach efforts in computer
security and its collaborative
activities with industry, government, and academic organizations. ii
CONTINGENCY PLANNING GUIDE FOR FEDERAL
INFORMATION SYSTEMS Authority
This document has been developed by the National Institute of
Standards and Technology (NIST) in
furtherance of its statutory responsibilities under the Federal
Information Security Management Act
(FISMA) of 2002, Public Law 107-347.
NIST is responsible for developing standards and guidelines,
including minimum requirements, for
providing adequate information security for all agency operations and
assets, but such standards and
guidelines shall not apply to national security systems. This guideline
is consistent with the requirements
of the Office of Management and Budget (OMB) Circular A-130,
Section 8b(3), “Securing Agency
Information Systems,” as analyzed in A-130, Appendix IV: Analysis
of Key Sections. Supplemental
information is provided in A-130, Appendix III.
This guideline has been prepared for use by federal agencies. It may
be used by nongovernmental
organizations on a voluntary basis and is not subject to copyright.
Attribution would be appreciated by
NIST.
Nothing in this document should be taken to contradict standards and
guidelines made mandatory and
binding on federal agencies by the Secretary of Commerce under
statutory authority. Nor should these
guidelines be interpreted as altering or superseding the existing
6. authorities of the Secretary of Commerce,
Director of the OMB, or any other federal official. NIST Special
Publication 800-34, Revision 1, 150 pages (May 2010) National
Institute of Standards and Technology
Attn: Computer Security Division, Information Technology
Laboratory
100 Bureau Drive (Mail Stop 8930) Gaithersburg, MD 20899-8930 iii
CONTINGENCY PLANNING GUIDE FOR FEDERAL
INFORMATION SYSTEMS Compliance with NIST Standards and
Guidelines
NIST develops and issues standards, guidelines, and other
publications to assist federal agencies in
implementing the Federal Information Security Management Act
(FISMA) of 2002 and in managing costeffective programs to protect
their information and information systems. 1 • Federal Information
Processing Standards (FIPS) are developed by NIST in accordance
with
FISMA. FIPS are approved by the Secretary of Commerce and are
compulsory and binding for
federal agencies. Since FISMA requires that federal agencies comply
with these standards,
agencies may not waive their use. • Guidance documents and
recommendations are issued in the NIST Special Publication (SP)
800series. Office of Management and Budget (OMB) policies
(including OMB FISMA Reporting
Instructions for the Federal Information Security Management Act
and Agency Privacy
Management) state that, for other than national security programs and
systems, agencies must
follow NIST guidance. 1 • Other security-related publications,
including NIST interagency and internal reports (NISTIRs)
and ITL Bulletins, provide technical and other information about
NIST’s activities. These
publications are mandatory only when so specified by OMB. While
agencies are required to follow NIST guidance in accordance with
OMB policy, there is flexibility within NIST’s
guidance in how agencies apply the guidance. Unless otherwise
7. specified by OMB, the 800-series guidance documents
published by NIST generally allow agencies some latitude in the
application. Consequently, the application of NIST guidance
by agencies can result in different security solutions that are equally
acceptable, compliant with the guidance, and meet the
OMB definition of adequate security for federal information systems.
When assessing federal agency compliance with NIST
guidance, auditors, evaluators, and assessors should consider the
intent of the security concepts and principles articulated
within the particular guidance document and how the agency applied
the guidance in the context of its specific mission
responsibilities, operational environments, and unique organizational
conditions. iv CONTINGENCY PLANNING GUIDE FOR
FEDERAL INFORMATION SYSTEMS Acknowledgements The
authors, Marianne Swanson and Pauline Bowen of the National
Institute of Standards and
Technology (NIST), Amy Wohl Phillips, Dean Gallup, and David
Lynes of Booz Allen Hamilton, wish to
thank their colleagues who reviewed drafts of this document and
contributed to its technical content. The
authors would like to acknowledge Kelley Dempsey, Esther Katzman,
Peter Mell, Murugiah Souppaya,
Lee Badger, and Elizabeth Lennon of NIST, and David Linthicum of
Booz Allen Hamilton for their keen
and insightful assistance with technical issues throughout the
development of the document.