SlideShare a Scribd company logo

Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

Download as DOCX, PDF
C
cockekeshia

Week 7 Worksheet 4: LAN/WAN Compliance and Auditing Course Learning Outcome(s) · Analyze information security systems compliance requirements within the Workstation and LAN Domains.  · Design and implement ISS compliance within the LAN-to-WAN and WAN domains with an appropriate framework.  As auditors, we presume that no data produced on a computer is 100% secure regardless of whether it’s a standalone device or connected to a local area network (LAN) or a wide area network (WAN). Organizations implement controls, which are developed and implemented based on regulations and best security practices. Security is implemented throughout an organizations enterprise – from the host the user sits and throughout the devices data traverses or is stored. Here’s an example of a basic enterprise and the security controls that may be implemented. Remember, controls can be physical or logical devices, software or encryption. Host – A host is a computer, tablet or other device that a user interfaces with to perform a function. The device you’re reading this on is a host. The security controls that could be implemented onto a host include a Host Based Intrusion Detection Systems (HIDS), Host Based Intrusion Prevention System (HIPS), a software Firewall, and Antivirus protection. Policy controls implemented on a host include Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Login requirements, lockout settings and others that restrict what a user can and can’t do while logged into a host and software to manage (allow and deny) policies electronically (ePo). Local Area Network – Think of a LAN as an internal network used by an organization that allows user to execute functions using various applications and storage while also having the ability to connect to other organizations using the Internet or Virtual Private Networks (VPN’s). A host connects to a switch and data is routed to a router where it either access systems on the LAN or to a router where it’s going to exchange data with another LAN or WAN. The devices that comprise a LAN and WAN are similar with a difference in that a WAN is built to a much larger scale. As stated, in a network, there are many devices, servers, switches, routers, storage, Call Managers (for VoIP communications), firewalls, web content filters, security appliances that manage Network Intrusion Detection Systems (NIDS), Network Intrusion Prevention Systems (NIPS) and other organization unique systems. Often as a cost savings measure, services such as security, web content filtering, storage, IP telephony, Software licensing (SaaS) and others can be outsourced to a third party vendor. An agreement is made between the organization and the vendor on the expected requirements and documented in the contract. These requirements are known as Service Level Agreements (SLA).At no point does an organization relieve itself of regulatory requirements for data protection by contracting it o.

Education
1 of 7
Week 7 Worksheet 4: LAN/WAN Compliance and Auditing Course Learning Outcome(s) · Analyze information security systems compliance requirements within the Workstation and LAN Domains. · Design and implement ISS compliance within the LAN-to- WAN and WAN domains with an appropriate framework. As auditors, we presume that no data produced on a computer is 100% secure regardless of whether it’s a standalone device or connected to a local area network (LAN) or a wide area network (WAN). Organizations implement controls, which are developed and implemented based on regulations and best security practices. Security is implemented throughout an organizations enterprise – from the host the user sits and throughout the devices data traverses or is stored. Here’s an example of a basic enterprise and the security controls that may be implemented. Remember, controls can be physical or logical devices, software or encryption. Host – A host is a computer, tablet or other device that a user interfaces with to perform a function. The device you’re reading this on is a host. The security controls that could be implemented onto a host include a Host Based Intrusion Detection Systems (HIDS), Host Based Intrusion Prevention System (HIPS), a software Firewall, and Antivirus protection. Policy controls implemented on a host include Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Login requirements, lockout settings and others that restrict what a user can and can’t do while logged into a host and software to manage (allow and deny) policies electronically (ePo). Local Area Network – Think of a LAN as an internal network
used by an organization that allows user to execute functions using various applications and storage while also having the ability to connect to other organizations using the Internet or Virtual Private Networks (VPN’s). A host connects to a switch and data is routed to a router where it either access systems on the LAN or to a router where it’s going to exchange data with another LAN or WAN. The devices that comprise a LAN and WAN are similar with a difference in that a WAN is built to a much larger scale. As stated, in a network, there are many devices, servers, switches, routers, storage, Call Managers (for VoIP communications), firewalls, web content filters, security appliances that manage Network Intrusion Detection Systems (NIDS), Network Intrusion Prevention Systems (NIPS) and other organization unique systems. Often as a cost savings measure, services such as security, web content filtering, storage, IP telephony, Software licensing (SaaS) and others can be outsourced to a third party vendor. An agreement is made between the organization and the vendor on the expected requirements and documented in the contract. These requirements are known as Service Level Agreements (SLA).At no point does an organization relieve itself of regulatory requirements for data protection by contracting it out to a third party or organization external to itself. Regulatory controls must be incorporated into the SLA’s and audited by the company contracting services out to ensure compliance. Repercussions for not meeting SLA requirements should also be included in the SLA. Read the scenario below and complete the associated worksheet. Tidewater LLC is an organization that produces and sells apparel for men, women and children online. The company has grown 70% over the past 2 years and is building a new facility to support the continued growth. All current services with the exception of managing their website are hosted by various third party vendors. Because of the growth, the leadership within the organization has not been able to validate compliance of the SLA’s and feel that the vendors do not have the best interest of
Tidewater LLC in mind. Currently, there is a CIO and web developer acting as the IT staff. Tidewater LLC is in the process of recovering all IT services into the server facility being housed in their new facility. Tidewater LLC wishes establish and staff an IT department with a system administrator, network administrator, two general technicians, cyber security specialist and a full time system auditor. The new office is a 2000sqft open office with the server room located in an adjacent room. Hardware supporting the organizations IT services include 100 desktop computers supporting the staff, network switches, routers, a firewall, Maciffy Security Appliance to provide intrusion detection, prevention and antivirus protection, Network Attached Storage (NAS) for users to have a home drive as well as a shared networked drive for collaboration and sharing, an IIS server for website management and a call manager for VoIP. Wi-Fi access points will be added as the network installation progresses. Email will be managed by an exchange server. The only service outsourced is a100mbps connection for Internet and VPN’s between the organization and its suppliers. Current employees are assigned desk with computer. There are no prerequisite requirements such as training for users to have accounts created. All data is stored by a third party vendor in a shared environment. No controls are implemented to prevent any user from accessing any other user’s files or folders. You’ve been retained as an organizations auditor and your first task is to determine what controls need to be implemented so that the organization achieves a high level of sustained security and compliance. Utilizing the NIST 800-53A, develop a control sheet that the organization should implement and will not impede with the organization’s mission. This control sheet should encompass controls that apply to the users and systems within the organization. You will brief these controls to the CEO and CIO and explain why you choose these controls and any impact it will have to the organization.
From the Access Control (AC) family of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Security Awareness and Training Policy and Procedures (AT) of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Audit and Control (AU) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
From the Configuration Management (CM) section of the NIST 800-53A, select four controls you would recommend be implemented. Control Definition Why Chosen From the Security Assessment and Authorization (CA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
From the Contingency Planning (CP) section of the NIST 800- 53A, select two controls you would recommend be implemented. Control Definition Why Chosen From the Identification and Authentication Policy and Procedures (IA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

Recommended

Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 

Recommended

Scenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxScenario Overview Now that you’re super knowledgeable about se.docx
Scenario Overview Now that you’re super knowledgeable about se.docxtodd331
 
Network Security Policies
Network Security PoliciesNetwork Security Policies
Network Security PoliciesAamir Sohail
 
How to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityHow to Overcome Network Access Control Limitations for Better Network Security
How to Overcome Network Access Control Limitations for Better Network SecurityCryptzone
 
Dr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowDr. Eric Cole - 30 Things Every Manager Should Know
Dr. Eric Cole - 30 Things Every Manager Should KnowNuuko, Inc.
 
SECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESSECURING THE CLOUD DATA LAKES
SECURING THE CLOUD DATA LAKESHappiest Minds Technologies
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Maintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixMaintaining Continuous Compliance with HCL BigFix
Maintaining Continuous Compliance with HCL BigFixHCLSoftware
 
The Federal Information Security Management Act
The Federal Information Security Management ActThe Federal Information Security Management Act
The Federal Information Security Management ActMichelle Singh
 
Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfBoney Maundu Slim
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Deployment websese
Deployment webseseDeployment websese
Deployment websesethanglx
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Tools of noc
Tools of nocTools of noc
Tools of nocmunawarul
 
Security PFE
Security PFESecurity PFE
Security PFEAmy Busick
 
Building Secure Services in the Cloud
Building Secure Services in the CloudBuilding Secure Services in the Cloud
Building Secure Services in the CloudSumo Logic
 
LD7007 Network Security.docx
LD7007 Network Security.docxLD7007 Network Security.docx
LD7007 Network Security.docxstirlingvwriters
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAMJonathan Fuller
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
at least 2 references in each peer responses! I noticed .docx
at least 2 references in each peer responses! I noticed .docxat least 2 references in each peer responses! I noticed .docx
at least 2 references in each peer responses! I noticed .docxcockekeshia
 
At least 2 pages longMarilyn Lysohir, an internationally celebra.docx
At least 2 pages longMarilyn Lysohir, an internationally celebra.docxAt least 2 pages longMarilyn Lysohir, an internationally celebra.docx
At least 2 pages longMarilyn Lysohir, an internationally celebra.docxcockekeshia
 

More Related Content

Similar to Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)MHumaamAl
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfsarah david
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point FirewallsBen Rothke
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfVishnuGone
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET Journal
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxsarah david
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfBoney Maundu Slim
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
Deployment websese
Deployment webseseDeployment websese
Deployment websesethanglx
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the CloudRapidScale
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud securityRaj Sarode
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaSftculotta27
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Brianna Johnson
 
Tools of noc
Tools of nocTools of noc
Tools of nocmunawarul
 
Building Secure Services in the Cloud
Building Secure Services in the CloudBuilding Secure Services in the Cloud
Building Secure Services in the CloudSumo Logic
 
LD7007 Network Security.docx
LD7007 Network Security.docxLD7007 Network Security.docx
LD7007 Network Security.docxstirlingvwriters
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayDotha Keller
 

Similar to Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx (20)

Cis controls v8_guide (1)
Cis controls v8_guide (1)Cis controls v8_guide (1)
Cis controls v8_guide (1)
 
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdfthe_role_of_resilience_data_in_ensuring_cloud_security.pdf
the_role_of_resilience_data_in_ensuring_cloud_security.pdf
 
Auditing Check Point Firewalls
Auditing Check Point FirewallsAuditing Check Point Firewalls
Auditing Check Point Firewalls
 
SailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdfSailPoint VS CyberArk.pdf
SailPoint VS CyberArk.pdf
 
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A ReviewIRJET- Data Security in Local Network through Distributed Firewalls: A Review
IRJET- Data Security in Local Network through Distributed Firewalls: A Review
 
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptxthe_role_of_resilience_data_in_ensuring_cloud_security.pptx
the_role_of_resilience_data_in_ensuring_cloud_security.pptx
 
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdfComputer Networking for Small & Medium Businesses - Boney Maundu.pdf
Computer Networking for Small & Medium Businesses - Boney Maundu.pdf
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
Deployment websese
Deployment webseseDeployment websese
Deployment websese
 
Compliance in the Cloud
Compliance in the CloudCompliance in the Cloud
Compliance in the Cloud
 
Chap 6 cloud security
Chap 6 cloud securityChap 6 cloud security
Chap 6 cloud security
 
Vazata Federal IaaS
Vazata Federal IaaSVazata Federal IaaS
Vazata Federal IaaS
 
Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...Information Technology Security Is Vital For The Success...
Information Technology Security Is Vital For The Success...
 
Tools of noc
Tools of nocTools of noc
Tools of noc
 
Security PFE
Security PFESecurity PFE
Security PFE
 
Building Secure Services in the Cloud
Building Secure Services in the CloudBuilding Secure Services in the Cloud
Building Secure Services in the Cloud
 
LD7007 Network Security.docx
LD7007 Network Security.docxLD7007 Network Security.docx
LD7007 Network Security.docx
 
ISS CAPSTONE TEAM
ISS CAPSTONE TEAMISS CAPSTONE TEAM
ISS CAPSTONE TEAM
 
Access Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance EssayAccess Control For Local Area Network Performance Essay
Access Control For Local Area Network Performance Essay
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 

More from cockekeshia

at least 2 references in each peer responses! I noticed .docx
at least 2 references in each peer responses! I noticed .docxat least 2 references in each peer responses! I noticed .docx
at least 2 references in each peer responses! I noticed .docxcockekeshia
 
At least 2 pages longMarilyn Lysohir, an internationally celebra.docx
At least 2 pages longMarilyn Lysohir, an internationally celebra.docxAt least 2 pages longMarilyn Lysohir, an internationally celebra.docx
At least 2 pages longMarilyn Lysohir, an internationally celebra.docxcockekeshia
 
At least 2 citations. APA 7TH EditionResponse 1. TITop.docx
At least 2 citations. APA 7TH EditionResponse 1. TITop.docxAt least 2 citations. APA 7TH EditionResponse 1. TITop.docx
At least 2 citations. APA 7TH EditionResponse 1. TITop.docxcockekeshia
 
At each decision point, you should evaluate all options before selec.docx
At each decision point, you should evaluate all options before selec.docxAt each decision point, you should evaluate all options before selec.docx
At each decision point, you should evaluate all options before selec.docxcockekeshia
 
At an elevation of nearly four thousand metres above sea.docx
At an elevation of nearly four thousand metres above sea.docxAt an elevation of nearly four thousand metres above sea.docx
At an elevation of nearly four thousand metres above sea.docxcockekeshia
 
At a minimum, your outline should include the followingIntroducti.docx
At a minimum, your outline should include the followingIntroducti.docxAt a minimum, your outline should include the followingIntroducti.docx
At a minimum, your outline should include the followingIntroducti.docxcockekeshia
 
At least 500 wordsPay attention to the required length of these.docx
At least 500 wordsPay attention to the required length of these.docxAt least 500 wordsPay attention to the required length of these.docx
At least 500 wordsPay attention to the required length of these.docxcockekeshia
 
At a generic level, innovation is a core business process concerned .docx
At a generic level, innovation is a core business process concerned .docxAt a generic level, innovation is a core business process concerned .docx
At a generic level, innovation is a core business process concerned .docxcockekeshia
 
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docxAsymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docxcockekeshia
 
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docxAstronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docxcockekeshia
 
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docxAstronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docxcockekeshia
 
Astronomers have been reflecting laser beams off the Moon since refl.docx
Astronomers have been reflecting laser beams off the Moon since refl.docxAstronomers have been reflecting laser beams off the Moon since refl.docx
Astronomers have been reflecting laser beams off the Moon since refl.docxcockekeshia
 
Astrategicplantoinformemergingfashionretailers.docx
Astrategicplantoinformemergingfashionretailers.docxAstrategicplantoinformemergingfashionretailers.docx
Astrategicplantoinformemergingfashionretailers.docxcockekeshia
 
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docx
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docxAsthma, Sleep, and Sun-SafetyPercentage of High School S.docx
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docxcockekeshia
 
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docxAsthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docxcockekeshia
 
Assumption-Busting1. What assumption do you have that is in s.docx
Assumption-Busting1. What assumption do you have that is in s.docxAssumption-Busting1. What assumption do you have that is in s.docx
Assumption-Busting1. What assumption do you have that is in s.docxcockekeshia
 
Assuming you have the results of the Business Impact Analysis and ri.docx
Assuming you have the results of the Business Impact Analysis and ri.docxAssuming you have the results of the Business Impact Analysis and ri.docx
Assuming you have the results of the Business Impact Analysis and ri.docxcockekeshia
 
Assuming you are hired by a corporation to assess the market potenti.docx
Assuming you are hired by a corporation to assess the market potenti.docxAssuming you are hired by a corporation to assess the market potenti.docx
Assuming you are hired by a corporation to assess the market potenti.docxcockekeshia
 
Assuming that you are in your chosen criminal justice professi.docx
Assuming that you are in your chosen criminal justice professi.docxAssuming that you are in your chosen criminal justice professi.docx
Assuming that you are in your chosen criminal justice professi.docxcockekeshia
 
assuming that Nietzsche is correct that conventional morality is aga.docx
assuming that Nietzsche is correct that conventional morality is aga.docxassuming that Nietzsche is correct that conventional morality is aga.docx
assuming that Nietzsche is correct that conventional morality is aga.docxcockekeshia
 

More from cockekeshia (20)

at least 2 references in each peer responses! I noticed .docx
at least 2 references in each peer responses! I noticed .docxat least 2 references in each peer responses! I noticed .docx
at least 2 references in each peer responses! I noticed .docx
 
At least 2 pages longMarilyn Lysohir, an internationally celebra.docx
At least 2 pages longMarilyn Lysohir, an internationally celebra.docxAt least 2 pages longMarilyn Lysohir, an internationally celebra.docx
At least 2 pages longMarilyn Lysohir, an internationally celebra.docx
 
At least 2 citations. APA 7TH EditionResponse 1. TITop.docx
At least 2 citations. APA 7TH EditionResponse 1. TITop.docxAt least 2 citations. APA 7TH EditionResponse 1. TITop.docx
At least 2 citations. APA 7TH EditionResponse 1. TITop.docx
 
At each decision point, you should evaluate all options before selec.docx
At each decision point, you should evaluate all options before selec.docxAt each decision point, you should evaluate all options before selec.docx
At each decision point, you should evaluate all options before selec.docx
 
At an elevation of nearly four thousand metres above sea.docx
At an elevation of nearly four thousand metres above sea.docxAt an elevation of nearly four thousand metres above sea.docx
At an elevation of nearly four thousand metres above sea.docx
 
At a minimum, your outline should include the followingIntroducti.docx
At a minimum, your outline should include the followingIntroducti.docxAt a minimum, your outline should include the followingIntroducti.docx
At a minimum, your outline should include the followingIntroducti.docx
 
At least 500 wordsPay attention to the required length of these.docx
At least 500 wordsPay attention to the required length of these.docxAt least 500 wordsPay attention to the required length of these.docx
At least 500 wordsPay attention to the required length of these.docx
 
At a generic level, innovation is a core business process concerned .docx
At a generic level, innovation is a core business process concerned .docxAt a generic level, innovation is a core business process concerned .docx
At a generic level, innovation is a core business process concerned .docx
 
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docxAsymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
 
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docxAstronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
 
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docxAstronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
 
Astronomers have been reflecting laser beams off the Moon since refl.docx
Astronomers have been reflecting laser beams off the Moon since refl.docxAstronomers have been reflecting laser beams off the Moon since refl.docx
Astronomers have been reflecting laser beams off the Moon since refl.docx
 
Astrategicplantoinformemergingfashionretailers.docx
Astrategicplantoinformemergingfashionretailers.docxAstrategicplantoinformemergingfashionretailers.docx
Astrategicplantoinformemergingfashionretailers.docx
 
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docx
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docxAsthma, Sleep, and Sun-SafetyPercentage of High School S.docx
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docx
 
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docxAsthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
 
Assumption-Busting1. What assumption do you have that is in s.docx
Assumption-Busting1. What assumption do you have that is in s.docxAssumption-Busting1. What assumption do you have that is in s.docx
Assumption-Busting1. What assumption do you have that is in s.docx
 
Assuming you have the results of the Business Impact Analysis and ri.docx
Assuming you have the results of the Business Impact Analysis and ri.docxAssuming you have the results of the Business Impact Analysis and ri.docx
Assuming you have the results of the Business Impact Analysis and ri.docx
 
Assuming you are hired by a corporation to assess the market potenti.docx
Assuming you are hired by a corporation to assess the market potenti.docxAssuming you are hired by a corporation to assess the market potenti.docx
Assuming you are hired by a corporation to assess the market potenti.docx
 
Assuming that you are in your chosen criminal justice professi.docx
Assuming that you are in your chosen criminal justice professi.docxAssuming that you are in your chosen criminal justice professi.docx
Assuming that you are in your chosen criminal justice professi.docx
 
assuming that Nietzsche is correct that conventional morality is aga.docx
assuming that Nietzsche is correct that conventional morality is aga.docxassuming that Nietzsche is correct that conventional morality is aga.docx
assuming that Nietzsche is correct that conventional morality is aga.docx
 

Recently uploaded

Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPoojaSen20
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdfssuser54595a
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesFatimaKhan178732
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 

Recently uploaded (20)

Staff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSDStaff of Color (SOC) Retention Efforts DDSD
Staff of Color (SOC) Retention Efforts DDSD
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
PSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptxPSYCHIATRIC History collection FORMAT.pptx
PSYCHIATRIC History collection FORMAT.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
18-04-UA_REPORT_MEDIALITERAСY_INDEX-DM_23-1-final-eng.pdf
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Separation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and ActinidesSeparation of Lanthanides/ Lanthanides and Actinides
Separation of Lanthanides/ Lanthanides and Actinides
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 

Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

  • 1. Week 7 Worksheet 4: LAN/WAN Compliance and Auditing Course Learning Outcome(s) · Analyze information security systems compliance requirements within the Workstation and LAN Domains. · Design and implement ISS compliance within the LAN-to- WAN and WAN domains with an appropriate framework. As auditors, we presume that no data produced on a computer is 100% secure regardless of whether it’s a standalone device or connected to a local area network (LAN) or a wide area network (WAN). Organizations implement controls, which are developed and implemented based on regulations and best security practices. Security is implemented throughout an organizations enterprise – from the host the user sits and throughout the devices data traverses or is stored. Here’s an example of a basic enterprise and the security controls that may be implemented. Remember, controls can be physical or logical devices, software or encryption. Host – A host is a computer, tablet or other device that a user interfaces with to perform a function. The device you’re reading this on is a host. The security controls that could be implemented onto a host include a Host Based Intrusion Detection Systems (HIDS), Host Based Intrusion Prevention System (HIPS), a software Firewall, and Antivirus protection. Policy controls implemented on a host include Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Login requirements, lockout settings and others that restrict what a user can and can’t do while logged into a host and software to manage (allow and deny) policies electronically (ePo). Local Area Network – Think of a LAN as an internal network
  • 2. used by an organization that allows user to execute functions using various applications and storage while also having the ability to connect to other organizations using the Internet or Virtual Private Networks (VPN’s). A host connects to a switch and data is routed to a router where it either access systems on the LAN or to a router where it’s going to exchange data with another LAN or WAN. The devices that comprise a LAN and WAN are similar with a difference in that a WAN is built to a much larger scale. As stated, in a network, there are many devices, servers, switches, routers, storage, Call Managers (for VoIP communications), firewalls, web content filters, security appliances that manage Network Intrusion Detection Systems (NIDS), Network Intrusion Prevention Systems (NIPS) and other organization unique systems. Often as a cost savings measure, services such as security, web content filtering, storage, IP telephony, Software licensing (SaaS) and others can be outsourced to a third party vendor. An agreement is made between the organization and the vendor on the expected requirements and documented in the contract. These requirements are known as Service Level Agreements (SLA).At no point does an organization relieve itself of regulatory requirements for data protection by contracting it out to a third party or organization external to itself. Regulatory controls must be incorporated into the SLA’s and audited by the company contracting services out to ensure compliance. Repercussions for not meeting SLA requirements should also be included in the SLA. Read the scenario below and complete the associated worksheet. Tidewater LLC is an organization that produces and sells apparel for men, women and children online. The company has grown 70% over the past 2 years and is building a new facility to support the continued growth. All current services with the exception of managing their website are hosted by various third party vendors. Because of the growth, the leadership within the organization has not been able to validate compliance of the SLA’s and feel that the vendors do not have the best interest of
  • 3. Tidewater LLC in mind. Currently, there is a CIO and web developer acting as the IT staff. Tidewater LLC is in the process of recovering all IT services into the server facility being housed in their new facility. Tidewater LLC wishes establish and staff an IT department with a system administrator, network administrator, two general technicians, cyber security specialist and a full time system auditor. The new office is a 2000sqft open office with the server room located in an adjacent room. Hardware supporting the organizations IT services include 100 desktop computers supporting the staff, network switches, routers, a firewall, Maciffy Security Appliance to provide intrusion detection, prevention and antivirus protection, Network Attached Storage (NAS) for users to have a home drive as well as a shared networked drive for collaboration and sharing, an IIS server for website management and a call manager for VoIP. Wi-Fi access points will be added as the network installation progresses. Email will be managed by an exchange server. The only service outsourced is a100mbps connection for Internet and VPN’s between the organization and its suppliers. Current employees are assigned desk with computer. There are no prerequisite requirements such as training for users to have accounts created. All data is stored by a third party vendor in a shared environment. No controls are implemented to prevent any user from accessing any other user’s files or folders. You’ve been retained as an organizations auditor and your first task is to determine what controls need to be implemented so that the organization achieves a high level of sustained security and compliance. Utilizing the NIST 800-53A, develop a control sheet that the organization should implement and will not impede with the organization’s mission. This control sheet should encompass controls that apply to the users and systems within the organization. You will brief these controls to the CEO and CIO and explain why you choose these controls and any impact it will have to the organization.
  • 4. From the Access Control (AC) family of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Security Awareness and Training Policy and Procedures (AT) of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Audit and Control (AU) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
  • 5. From the Configuration Management (CM) section of the NIST 800-53A, select four controls you would recommend be implemented. Control Definition Why Chosen From the Security Assessment and Authorization (CA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
  • 6. From the Contingency Planning (CP) section of the NIST 800- 53A, select two controls you would recommend be implemented. Control Definition Why Chosen From the Identification and Authentication Policy and Procedures (IA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen