SlideShare a Scribd company logo

COM520 Written Assignment 6 Assignment Policy for Securin.docx

Download as DOCX, PDF
D
drandy1

COM520 Written Assignment 6 Assignment: Policy for Securing the Windows Environment Assignment Requirements Securing Windows applications requires hardening each application to prevent vulnerabilities from being exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You have been given the task of reviewing security policies and recommending appropriate security controls to respond to vulnerabilities identified by the security team in the new ERP software. You will be provided a list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Submission Requirements  Format: Microsoft Word  Font: Arial, Size 12, Double-Space  Citation Style: APA Style  Length: 1–2 pages Self-Assessment Checklist  I have properly selected the best security control that best satisfies each ERP vulnerability.  I have provided a proper justification of choosing each security controls. Required Resources  Text Sheet: Case Scenario for Rationale: Importance of Windows Access Control and Authentication (see below)  Worksheet: Security Controls and Vulnerabilities (see below) COM520 Written Assignment 6 Case Scenario for Rationale: Importance of Windows Access Control and Authentication Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7 Windows Limited carries a variety of Windows and related products. It supplies builders with all of the tools and supplies to install finished Windows in any type of building. Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer responsiveness. The ERP software collects and stores information including: • Raw material costs • Labor costs • Materials and labor requirements for products • Purchasing requirements Ken 7 Windows Limited has identified six basic roles for users in the new ERP software: • Administrators—maintain ERP data and system operation. • Planners—run planning software and generate requirements reports. • Shop Floor users —enter operational data (receiving, shipping, and product progress during manufacturing). • Managers—manage department personnel. • Purchasing users—generate purchasing documents based on planning requirements. • Accounting users—maintain cost and accounting data. Access controls limit what users or roles can do with different types of data. For example, consider the following types of data: • Cost information—raw materials and labor costs, including the cost of finished goods. • Manufacturing details—cost, amount of labor, and time required to produce finished goods. • Purchasing requirements—rules for determining when raw materials, components,.

Education
1 of 7
COM520 Written Assignment 6 Assignment: Policy for Securing the Windows Environment Assignment Requirements Securing Windows applications requires hardening each application to prevent vulnerabilities from being exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You have been given the task of reviewing security policies and recommending appropriate security controls to respond to vulnerabilities identified by the security team in the new ERP software. You will be provided a list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Submission Requirements -Space –2 pages Self-Assessment Checklist
control that best satisfies each ERP vulnerability. security controls. Required Resources Windows Access Control and Authentication (see below) COM520 Written Assignment 6 Case Scenario for Rationale: Importance of Windows Access Control and Authentication Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7 Windows Limited carries a variety of Windows and related products. It supplies builders with all of the tools and supplies to install finished Windows in any type of building. Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer
responsiveness. The ERP software collects and stores information including: • Raw material costs • Labor costs • Materials and labor requirements for products • Purchasing requirements Ken 7 Windows Limited has identified six basic roles for users in the new ERP software: • Administrators—maintain ERP data and system operation. • Planners—run planning software and generate requirements reports. • Shop Floor users —enter operational data (receiving, shipping, and product progress during manufacturing). • Managers—manage department personnel. • Purchasing users—generate purchasing documents based on planning requirements. • Accounting users—maintain cost and accounting data. Access controls limit what users or roles can do with different types of data. For example, consider the following types of data: • Cost information—raw materials and labor costs, including the cost of finished goods.
• Manufacturing details—cost, amount of labor, and time required to produce finished goods. • Purchasing requirements—rules for determining when raw materials, components, or supplies should be purchased. Through access control: • Cost information can be viewed only by Accounting users. • Manufacturing details can be viewed only by Shop Floor users. • Purchasing requirement can be viewed only by Purchasing users. During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about users being able to access restricted data. • Accounting users are able to login to shop floor computers. • Purchasing users are able to access human resource (HR) applications and data. The ERP implementation team suggested the following access control measures to protect restricted data. • Create an organizational unit (OU) in Active Directory for shop floor computers. • Deploy Group Policy Objects (GPOs) to restrict shop floor
users to the shop floor OU. • Define data access controls in the ERP software to deny access for all non-HR users to restricted data. Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in reducing costs and increasing profits. COM520 Written Assignment 6 Worksheet: Security Controls and Vulnerabilities You can select from a short list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Select from these security controls: a. Place a firewall between the Internet and your Web server. b. Place a firewall between your Web server and your internal network. c. Remove the mail server service. d. Require encrypted connections for all remote ERP clients.
e. Apply the latest security patches. f. Use a packet sniffer to view the contents of network packets. g. Require all personnel attend a lunch and learn session on updated security policies. Identified ERP software vulnerabilities: 1. The ERP software vendor reports that some customers have experienced denial-of- service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web server computers. 2. Users that leave their workstations logged in during long durations of inactivity could allow attackers to hijack their session and impersonate them in the application. 3. Attackers with packet sniffers and proxy software could potentially intercept exchanges of private data. 4. Four software vulnerabilities in previous ERP software versions could allow attackers to escalate their permissions and assume administrator privileges. 5. Incorrect Web server configuration may allow unencrypted
connections to exchange encrypted information.

Recommended

COM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docxCOM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docx
monicafrancis71118
 
Assignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docxAssignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docx
lascellesjaimie
 
COM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docxCOM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docx
mccormicknadine86
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
monicafrancis71118
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
mccormicknadine86
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
jack952975
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software review
Jermund Ottermo
 

Recommended

COM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docxCOM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docx
monicafrancis71118
 
Assignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docxAssignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docx
lascellesjaimie
 
COM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docxCOM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docx
mccormicknadine86
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
monicafrancis71118
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
mccormicknadine86
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
jack952975
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software review
Jermund Ottermo
 
Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
PINKU29
 
Software development
Software developmentSoftware development
Software development
Rudi Hartono
 
Computer system overview
Computer system overviewComputer system overview
Computer system overview
Vikrant Singh Parmar
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
Kimber Spradlin
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
Publicly traded global multi-billion services company
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
ssuser219889
 
Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]
Luigi Tommaseo
 
Sudheendra
SudheendraSudheendra
Sudheendra
Sudheendra P
 
SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MIS
bit allahabad
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
Abhishek Kumar Ravi
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
Birodh Rijal
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
Sweta Kumari Barnwal
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD
Ankita Agrawal
 
App store and SAM strategy
App store and SAM strategyApp store and SAM strategy
App store and SAM strategy
RMayo22
 
Cometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General OfferCometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General Offer
Jakub Hajek
 
SE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software EnginerringSE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software Enginerring
Amr E. Mohamed
 
IQ Inc Web Presentation
IQ Inc Web PresentationIQ Inc Web Presentation
IQ Inc Web Presentation
IQInc
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
ElanusTechnologies
 
Softweare Engieering
Softweare Engieering Softweare Engieering
Softweare Engieering
Huda Alameen
 
COMM 166 Final Research Proposal GuidelinesThe proposal should.docx
COMM 166 Final Research Proposal GuidelinesThe proposal should.docxCOMM 166 Final Research Proposal GuidelinesThe proposal should.docx
COMM 166 Final Research Proposal GuidelinesThe proposal should.docx
drandy1
 
COMMENTS You wrote an interesting essay; however, it is lacking t.docx
COMMENTS You wrote an interesting essay; however, it is lacking t.docxCOMMENTS You wrote an interesting essay; however, it is lacking t.docx
COMMENTS You wrote an interesting essay; however, it is lacking t.docx
drandy1
 

More Related Content

Similar to COM520 Written Assignment 6 Assignment Policy for Securin.docx

Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
PINKU29
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
ssuser219889
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
Birodh Rijal
 

Similar to COM520 Written Assignment 6 Assignment Policy for Securin.docx (20)

Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
 
Software development
Software developmentSoftware development
Software development
 
Computer system overview
Computer system overviewComputer system overview
Computer system overview
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
 
Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]
 
Sudheendra
SudheendraSudheendra
Sudheendra
 
SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MIS
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD
 
App store and SAM strategy
App store and SAM strategyApp store and SAM strategy
App store and SAM strategy
 
Cometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General OfferCometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General Offer
 
SE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software EnginerringSE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software Enginerring
 
IQ Inc Web Presentation
IQ Inc Web PresentationIQ Inc Web Presentation
IQ Inc Web Presentation
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
 
Softweare Engieering
Softweare Engieering Softweare Engieering
Softweare Engieering
 

More from drandy1

COMM 166 Final Research Proposal GuidelinesThe proposal should.docx
COMM 166 Final Research Proposal GuidelinesThe proposal should.docxCOMM 166 Final Research Proposal GuidelinesThe proposal should.docx
COMM 166 Final Research Proposal GuidelinesThe proposal should.docx
drandy1
 
COMMENTS You wrote an interesting essay; however, it is lacking t.docx
COMMENTS You wrote an interesting essay; however, it is lacking t.docxCOMMENTS You wrote an interesting essay; however, it is lacking t.docx
COMMENTS You wrote an interesting essay; however, it is lacking t.docx
drandy1
 
CommentsPrice is the easiest way to make profit – all you.docx
CommentsPrice is the easiest way to make profit – all you.docxCommentsPrice is the easiest way to make profit – all you.docx
CommentsPrice is the easiest way to make profit – all you.docx
drandy1
 
COMM 1110 Library Research Assignment Objective To ensu.docx
COMM 1110 Library Research Assignment Objective To ensu.docxCOMM 1110 Library Research Assignment Objective To ensu.docx
COMM 1110 Library Research Assignment Objective To ensu.docx
drandy1
 
COMM 1110 Persuasive Speech Evaluation Objective To lea.docx
COMM 1110 Persuasive Speech Evaluation Objective To lea.docxCOMM 1110 Persuasive Speech Evaluation Objective To lea.docx
COMM 1110 Persuasive Speech Evaluation Objective To lea.docx
drandy1
 
Comment The ANA is such an astonishing association. They help .docx
Comment The ANA is such an astonishing association. They help .docxComment The ANA is such an astonishing association. They help .docx
Comment The ANA is such an astonishing association. They help .docx
drandy1
 
Comments Excellent paper. It’s obvious that you put quite a bit of .docx
Comments Excellent paper. It’s obvious that you put quite a bit of .docxComments Excellent paper. It’s obvious that you put quite a bit of .docx
Comments Excellent paper. It’s obvious that you put quite a bit of .docx
drandy1
 
Community Assessment and Analysis PresentationThis assignment co.docx
Community Assessment and Analysis PresentationThis assignment co.docxCommunity Assessment and Analysis PresentationThis assignment co.docx
Community Assessment and Analysis PresentationThis assignment co.docx
drandy1
 
Comment Commentonat least 3 Classmates’Posts (approximately  150.docx
Comment Commentonat least 3 Classmates’Posts (approximately  150.docxComment Commentonat least 3 Classmates’Posts (approximately  150.docx
Comment Commentonat least 3 Classmates’Posts (approximately  150.docx
drandy1
 
Communication permeates all that we do, no matter who we are. In thi.docx
Communication permeates all that we do, no matter who we are. In thi.docxCommunication permeates all that we do, no matter who we are. In thi.docx
Communication permeates all that we do, no matter who we are. In thi.docx
drandy1
 
Combating BriberyIn May 2011, the Commission for Eradication of .docx
Combating BriberyIn May 2011, the Commission for Eradication of .docxCombating BriberyIn May 2011, the Commission for Eradication of .docx
Combating BriberyIn May 2011, the Commission for Eradication of .docx
drandy1
 
Community Health Assessment and Health Promotion-1000 words-due .docx
Community Health Assessment and Health Promotion-1000 words-due .docxCommunity Health Assessment and Health Promotion-1000 words-due .docx
Community Health Assessment and Health Promotion-1000 words-due .docx
drandy1
 
COMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docx
COMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docxCOMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docx
COMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docx
drandy1
 
Community Career DevelopmentRead the following case study an.docx
Community Career DevelopmentRead the following case study an.docxCommunity Career DevelopmentRead the following case study an.docx
Community Career DevelopmentRead the following case study an.docx
drandy1
 

More from drandy1 (20)

COMM 166 Final Research Proposal GuidelinesThe proposal should.docx
COMM 166 Final Research Proposal GuidelinesThe proposal should.docxCOMM 166 Final Research Proposal GuidelinesThe proposal should.docx
COMM 166 Final Research Proposal GuidelinesThe proposal should.docx
 
COMMENTS You wrote an interesting essay; however, it is lacking t.docx
COMMENTS You wrote an interesting essay; however, it is lacking t.docxCOMMENTS You wrote an interesting essay; however, it is lacking t.docx
COMMENTS You wrote an interesting essay; however, it is lacking t.docx
 
Commercial Space TravelThere are about a half dozen commercial s.docx
Commercial Space TravelThere are about a half dozen commercial s.docxCommercial Space TravelThere are about a half dozen commercial s.docx
Commercial Space TravelThere are about a half dozen commercial s.docx
 
CommentsPrice is the easiest way to make profit – all you.docx
CommentsPrice is the easiest way to make profit – all you.docxCommentsPrice is the easiest way to make profit – all you.docx
CommentsPrice is the easiest way to make profit – all you.docx
 
COMM 1110 Library Research Assignment Objective To ensu.docx
COMM 1110 Library Research Assignment Objective To ensu.docxCOMM 1110 Library Research Assignment Objective To ensu.docx
COMM 1110 Library Research Assignment Objective To ensu.docx
 
COMM 1110 Persuasive Speech Evaluation Objective To lea.docx
COMM 1110 Persuasive Speech Evaluation Objective To lea.docxCOMM 1110 Persuasive Speech Evaluation Objective To lea.docx
COMM 1110 Persuasive Speech Evaluation Objective To lea.docx
 
Comment The ANA is such an astonishing association. They help .docx
Comment The ANA is such an astonishing association. They help .docxComment The ANA is such an astonishing association. They help .docx
Comment The ANA is such an astonishing association. They help .docx
 
Comments Excellent paper. It’s obvious that you put quite a bit of .docx
Comments Excellent paper. It’s obvious that you put quite a bit of .docxComments Excellent paper. It’s obvious that you put quite a bit of .docx
Comments Excellent paper. It’s obvious that you put quite a bit of .docx
 
Community Assessment and Analysis PresentationThis assignment co.docx
Community Assessment and Analysis PresentationThis assignment co.docxCommunity Assessment and Analysis PresentationThis assignment co.docx
Community Assessment and Analysis PresentationThis assignment co.docx
 
Comment Commentonat least 3 Classmates’Posts (approximately  150.docx
Comment Commentonat least 3 Classmates’Posts (approximately  150.docxComment Commentonat least 3 Classmates’Posts (approximately  150.docx
Comment Commentonat least 3 Classmates’Posts (approximately  150.docx
 
Communication permeates all that we do, no matter who we are. In thi.docx
Communication permeates all that we do, no matter who we are. In thi.docxCommunication permeates all that we do, no matter who we are. In thi.docx
Communication permeates all that we do, no matter who we are. In thi.docx
 
Combating BriberyIn May 2011, the Commission for Eradication of .docx
Combating BriberyIn May 2011, the Commission for Eradication of .docxCombating BriberyIn May 2011, the Commission for Eradication of .docx
Combating BriberyIn May 2011, the Commission for Eradication of .docx
 
Comment using your own words but please provide at least one referen.docx
Comment using your own words but please provide at least one referen.docxComment using your own words but please provide at least one referen.docx
Comment using your own words but please provide at least one referen.docx
 
Communicating and Collaborating Family InvolvementIn this uni.docx
Communicating and Collaborating Family InvolvementIn this uni.docxCommunicating and Collaborating Family InvolvementIn this uni.docx
Communicating and Collaborating Family InvolvementIn this uni.docx
 
Community Health Assessment and Health Promotion-1000 words-due .docx
Community Health Assessment and Health Promotion-1000 words-due .docxCommunity Health Assessment and Health Promotion-1000 words-due .docx
Community Health Assessment and Health Promotion-1000 words-due .docx
 
COMMUNITY HEALTH ASSESSMENTWINSHIELD SURVEYGUIDELINES1.  C.docx
COMMUNITY HEALTH ASSESSMENTWINSHIELD SURVEYGUIDELINES1.  C.docxCOMMUNITY HEALTH ASSESSMENTWINSHIELD SURVEYGUIDELINES1.  C.docx
COMMUNITY HEALTH ASSESSMENTWINSHIELD SURVEYGUIDELINES1.  C.docx
 
COMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docx
COMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docxCOMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docx
COMMUNITY CORRECTIONSPrepared ByDatePROBATIONDescr.docx
 
Community Concerns  Please respond to the followingIn your.docx
Community Concerns  Please respond to the followingIn your.docxCommunity Concerns  Please respond to the followingIn your.docx
Community Concerns  Please respond to the followingIn your.docx
 
Community Engagement InstructionsPart I PlanStudents wi.docx
Community Engagement InstructionsPart I PlanStudents wi.docxCommunity Engagement InstructionsPart I PlanStudents wi.docx
Community Engagement InstructionsPart I PlanStudents wi.docx
 
Community Career DevelopmentRead the following case study an.docx
Community Career DevelopmentRead the following case study an.docxCommunity Career DevelopmentRead the following case study an.docx
Community Career DevelopmentRead the following case study an.docx
 

Recently uploaded

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
negromaestrong
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
heathfieldcps1
 

Recently uploaded (20)

Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
Seal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptxSeal of Good Local Governance (SGLG) 2024Final.pptx
Seal of Good Local Governance (SGLG) 2024Final.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Third Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptxThird Battle of Panipat detailed notes.pptx
Third Battle of Panipat detailed notes.pptx
 
The basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptxThe basics of sentences session 3pptx.pptx
The basics of sentences session 3pptx.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Asian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptxAsian American Pacific Islander Month DDSD 2024.pptx
Asian American Pacific Islander Month DDSD 2024.pptx
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 

COM520 Written Assignment 6 Assignment Policy for Securin.docx

  • 1. COM520 Written Assignment 6 Assignment: Policy for Securing the Windows Environment Assignment Requirements Securing Windows applications requires hardening each application to prevent vulnerabilities from being exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You have been given the task of reviewing security policies and recommending appropriate security controls to respond to vulnerabilities identified by the security team in the new ERP software. You will be provided a list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Submission Requirements -Space –2 pages Self-Assessment Checklist
  • 2. control that best satisfies each ERP vulnerability. security controls. Required Resources Windows Access Control and Authentication (see below) COM520 Written Assignment 6 Case Scenario for Rationale: Importance of Windows Access Control and Authentication Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7 Windows Limited carries a variety of Windows and related products. It supplies builders with all of the tools and supplies to install finished Windows in any type of building. Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer
  • 3. responsiveness. The ERP software collects and stores information including: • Raw material costs • Labor costs • Materials and labor requirements for products • Purchasing requirements Ken 7 Windows Limited has identified six basic roles for users in the new ERP software: • Administrators—maintain ERP data and system operation. • Planners—run planning software and generate requirements reports. • Shop Floor users —enter operational data (receiving, shipping, and product progress during manufacturing). • Managers—manage department personnel. • Purchasing users—generate purchasing documents based on planning requirements. • Accounting users—maintain cost and accounting data. Access controls limit what users or roles can do with different types of data. For example, consider the following types of data: • Cost information—raw materials and labor costs, including the cost of finished goods.
  • 4. • Manufacturing details—cost, amount of labor, and time required to produce finished goods. • Purchasing requirements—rules for determining when raw materials, components, or supplies should be purchased. Through access control: • Cost information can be viewed only by Accounting users. • Manufacturing details can be viewed only by Shop Floor users. • Purchasing requirement can be viewed only by Purchasing users. During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about users being able to access restricted data. • Accounting users are able to login to shop floor computers. • Purchasing users are able to access human resource (HR) applications and data. The ERP implementation team suggested the following access control measures to protect restricted data. • Create an organizational unit (OU) in Active Directory for shop floor computers. • Deploy Group Policy Objects (GPOs) to restrict shop floor
  • 5. users to the shop floor OU. • Define data access controls in the ERP software to deny access for all non-HR users to restricted data. Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in reducing costs and increasing profits. COM520 Written Assignment 6 Worksheet: Security Controls and Vulnerabilities You can select from a short list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Select from these security controls: a. Place a firewall between the Internet and your Web server. b. Place a firewall between your Web server and your internal network. c. Remove the mail server service. d. Require encrypted connections for all remote ERP clients.
  • 6. e. Apply the latest security patches. f. Use a packet sniffer to view the contents of network packets. g. Require all personnel attend a lunch and learn session on updated security policies. Identified ERP software vulnerabilities: 1. The ERP software vendor reports that some customers have experienced denial-of- service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web server computers. 2. Users that leave their workstations logged in during long durations of inactivity could allow attackers to hijack their session and impersonate them in the application. 3. Attackers with packet sniffers and proxy software could potentially intercept exchanges of private data. 4. Four software vulnerabilities in previous ERP software versions could allow attackers to escalate their permissions and assume administrator privileges. 5. Incorrect Web server configuration may allow unencrypted