SlideShare a Scribd company logo

COM520 Written Assignment 6 Assignment Policy for Securin.docx

Download as DOCX, PDF
M
mccormicknadine86

COM520 Written Assignment 6 Assignment: Policy for Securing the Windows Environment Assignment Requirements Securing Windows applications requires hardening each application to prevent vulnerabilities from being exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You have been given the task of reviewing security policies and recommending appropriate security controls to respond to vulnerabilities identified by the security team in the new ERP software. You will be provided a list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Submission Requirements  Format: Microsoft Word  Font: Arial, Size 12, Double-Space  Citation Style: APA Style  Length: 1–2 pages Self-Assessment Checklist  I have properly selected the best security control that best satisfies each ERP vulnerability.  I have provided a proper justification of choosing each security controls. Required Resources  Text Sheet: Case Scenario for Rationale: Importance of Windows Access Control and Authentication (see below)  Worksheet: Security Controls and Vulnerabilities (see below) COM520 Written Assignment 6 Case Scenario for Rationale: Importance of Windows Access Control and Authentication Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7 Windows Limited carries a variety of Windows and related products. It supplies builders with all of the tools and supplies to install finished Windows in any type of building. Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer responsiveness. The ERP software collects and stores information including: • Raw material costs • Labor costs • Materials and labor requirements for products • Purchasing requirements Ken 7 Windows Limited has identified six basic roles for users in the new ERP software: • Administrators—maintain ERP data and system operation. • Planners—run planning software and generate requirements reports. • Shop Floor users —enter operational data (receiving, shipping, and product progress during manufacturing). • Managers—manage department personnel. • Purchasing users—generate purchasing documents based on planning requirements. • Accounting users—maintain cost and accounting data. Access controls limit what users or roles can do with different types of data. For example, consider the following types of data: • Cost information—raw materials and labor costs, including the cost of finished goods. • Manufacturing details—cost, amount of labor, and time required to produce finished goods. • Purchasing requirements—rules for determining when raw materials, components, ...

Education
1 of 7
COM520 Written Assignment 6 Assignment: Policy for Securing the Windows Environment Assignment Requirements Securing Windows applications requires hardening each application to prevent vulnerabilities from being exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You have been given the task of reviewing security policies and recommending appropriate security controls to respond to vulnerabilities identified by the security team in the new ERP software. You will be provided a list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Submission Requirements -Space –2 pages Self-Assessment Checklist
control that best satisfies each ERP vulnerability. security controls. Required Resources Windows Access Control and Authentication (see below) COM520 Written Assignment 6 Case Scenario for Rationale: Importance of Windows Access Control and Authentication Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7 Windows Limited carries a variety of Windows and related products. It supplies builders with all of the tools and supplies to install finished Windows in any type of building. Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer
responsiveness. The ERP software collects and stores information including: • Raw material costs • Labor costs • Materials and labor requirements for products • Purchasing requirements Ken 7 Windows Limited has identified six basic roles for users in the new ERP software: • Administrators—maintain ERP data and system operation. • Planners—run planning software and generate requirements reports. • Shop Floor users —enter operational data (receiving, shipping, and product progress during manufacturing). • Managers—manage department personnel. • Purchasing users—generate purchasing documents based on planning requirements. • Accounting users—maintain cost and accounting data. Access controls limit what users or roles can do with different types of data. For example, consider the following types of data: • Cost information—raw materials and labor costs, including the cost of finished goods.
• Manufacturing details—cost, amount of labor, and time required to produce finished goods. • Purchasing requirements—rules for determining when raw materials, components, or supplies should be purchased. Through access control: • Cost information can be viewed only by Accounting users. • Manufacturing details can be viewed only by Shop Floor users. • Purchasing requirement can be viewed only by Purchasing users. During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about users being able to access restricted data. • Accounting users are able to login to shop floor computers. • Purchasing users are able to access human resource (HR) applications and data. The ERP implementation team suggested the following access control measures to protect restricted data. • Create an organizational unit (OU) in Active Directory for shop floor computers. • Deploy Group Policy Objects (GPOs) to restrict shop floor
users to the shop floor OU. • Define data access controls in the ERP software to deny access for all non-HR users to restricted data. Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in reducing costs and increasing profits. COM520 Written Assignment 6 Worksheet: Security Controls and Vulnerabilities You can select from a short list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Select from these security controls: a. Place a firewall between the Internet and your Web server. b. Place a firewall between your Web server and your internal network. c. Remove the mail server service. d. Require encrypted connections for all remote ERP clients.
e. Apply the latest security patches. f. Use a packet sniffer to view the contents of network packets. g. Require all personnel attend a lunch and learn session on updated security policies. Identified ERP software vulnerabilities: 1. The ERP software vendor reports that some customers have experienced denial-of- service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web server computers. 2. Users that leave their workstations logged in during long durations of inactivity could allow attackers to hijack their session and impersonate them in the application. 3. Attackers with packet sniffers and proxy software could potentially intercept exchanges of private data. 4. Four software vulnerabilities in previous ERP software versions could allow attackers to escalate their permissions and assume administrator privileges. 5. Incorrect Web server configuration may allow unencrypted
connections to exchange encrypted information.

Recommended

COM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docxCOM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docx
monicafrancis71118
 
Assignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docxAssignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docx
lascellesjaimie
 
COM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docxCOM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docx
mccormicknadine86
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
monicafrancis71118
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
mccormicknadine86
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
jack952975
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software review
Jermund Ottermo
 

Recommended

COM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docxCOM520 Written Assignment 5 Assignment Network Security.docx
COM520 Written Assignment 5 Assignment Network Security.docx
monicafrancis71118
 
Assignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docxAssignment Network Security ControlsAssignment Requirements.docx
Assignment Network Security ControlsAssignment Requirements.docx
lascellesjaimie
 
COM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docxCOM520 Written Assignment 4 Assignment Security Audit .docx
COM520 Written Assignment 4 Assignment Security Audit .docx
mccormicknadine86
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
monicafrancis71118
 
COM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docxCOM520 Written Assignment 7 Assignment Windows Incident.docx
COM520 Written Assignment 7 Assignment Windows Incident.docx
mccormicknadine86
 
3Audit Software & Tools.pptx
3Audit Software & Tools.pptx3Audit Software & Tools.pptx
3Audit Software & Tools.pptx
jack952975
 
computer system validation
computer system validationcomputer system validation
computer system validation
Gopal Patel
 
AV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software reviewAV-Comparatives’ 2017 business software review
AV-Comparatives’ 2017 business software review
Jermund Ottermo
 
Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
PINKU29
 
Software development
Software developmentSoftware development
Software development
Rudi Hartono
 
Computer system overview
Computer system overviewComputer system overview
Computer system overview
Vikrant Singh Parmar
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
Kimber Spradlin
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
Publicly traded global multi-billion services company
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
ssuser219889
 
Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]
Luigi Tommaseo
 
Sudheendra
SudheendraSudheendra
Sudheendra
Sudheendra P
 
SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MIS
bit allahabad
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
Abhishek Kumar Ravi
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
Birodh Rijal
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
Sweta Kumari Barnwal
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD
Ankita Agrawal
 
App store and SAM strategy
App store and SAM strategyApp store and SAM strategy
App store and SAM strategy
RMayo22
 
Cometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General OfferCometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General Offer
Jakub Hajek
 
SE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software EnginerringSE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software Enginerring
Amr E. Mohamed
 
IQ Inc Web Presentation
IQ Inc Web PresentationIQ Inc Web Presentation
IQ Inc Web Presentation
IQInc
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
ElanusTechnologies
 
Softweare Engieering
Softweare Engieering Softweare Engieering
Softweare Engieering
Huda Alameen
 
Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
mccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
mccormicknadine86
 

More Related Content

Similar to COM520 Written Assignment 6 Assignment Policy for Securin.docx

Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
PINKU29
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
saurabhshertukde
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
ssuser219889
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
Birodh Rijal
 

Similar to COM520 Written Assignment 6 Assignment Policy for Securin.docx (20)

Intro softwareeng
Intro softwareengIntro softwareeng
Intro softwareeng
 
Software development
Software developmentSoftware development
Software development
 
Computer system overview
Computer system overviewComputer system overview
Computer system overview
 
IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)IBM Endpoint Manager for Software Use Analysis (Overview)
IBM Endpoint Manager for Software Use Analysis (Overview)
 
Jon shende fbcs citp q&a
Jon shende fbcs citp q&aJon shende fbcs citp q&a
Jon shende fbcs citp q&a
 
Analysis concepts and principles
Analysis concepts and principlesAnalysis concepts and principles
Analysis concepts and principles
 
201810003 201750007project report
201810003 201750007project report201810003 201750007project report
201810003 201750007project report
 
Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]Rd&t aa ms data sheet [v1]
Rd&t aa ms data sheet [v1]
 
Sudheendra
SudheendraSudheendra
Sudheendra
 
SELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MISSELECTION OF HARDWARE AND SOFTWARE IN MIS
SELECTION OF HARDWARE AND SOFTWARE IN MIS
 
PHP_eVoting
PHP_eVotingPHP_eVoting
PHP_eVoting
 
Datasheet app vulnerability_assess
Datasheet app vulnerability_assessDatasheet app vulnerability_assess
Datasheet app vulnerability_assess
 
Introduction to Software Engineering
Introduction to Software EngineeringIntroduction to Software Engineering
Introduction to Software Engineering
 
selection of hardware & software in SAD
selection of hardware & software in SAD selection of hardware & software in SAD
selection of hardware & software in SAD
 
App store and SAM strategy
App store and SAM strategyApp store and SAM strategy
App store and SAM strategy
 
Cometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General OfferCometari Dedicated Solutions General Offer
Cometari Dedicated Solutions General Offer
 
SE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software EnginerringSE_Lec 01_ Introduction to Software Enginerring
SE_Lec 01_ Introduction to Software Enginerring
 
IQ Inc Web Presentation
IQ Inc Web PresentationIQ Inc Web Presentation
IQ Inc Web Presentation
 
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdfThick Client Penetration Testing Modern Approaches and Techniques.pdf
Thick Client Penetration Testing Modern Approaches and Techniques.pdf
 
Softweare Engieering
Softweare Engieering Softweare Engieering
Softweare Engieering
 

More from mccormicknadine86

Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
mccormicknadine86
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
mccormicknadine86
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
mccormicknadine86
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
mccormicknadine86
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
mccormicknadine86
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
mccormicknadine86
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
mccormicknadine86
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
mccormicknadine86
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
mccormicknadine86
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
mccormicknadine86
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
mccormicknadine86
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
mccormicknadine86
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
mccormicknadine86
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
mccormicknadine86
 

More from mccormicknadine86 (20)

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docx
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docx
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docx
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
 

Recently uploaded

Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
ssuserdda66b
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Recently uploaded (20)

Food safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdfFood safety_Challenges food safety laboratories_.pdf
Food safety_Challenges food safety laboratories_.pdf
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
Spatium Project Simulation student brief
Spatium Project Simulation student briefSpatium Project Simulation student brief
Spatium Project Simulation student brief
 
General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...General Principles of Intellectual Property: Concepts of Intellectual Proper...
General Principles of Intellectual Property: Concepts of Intellectual Proper...
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
TỔNG ÔN TẬP THI VÀO LỚP 10 MÔN TIẾNG ANH NĂM HỌC 2023 - 2024 CÓ ĐÁP ÁN (NGỮ Â...
 
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptxHMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
HMCS Max Bernays Pre-Deployment Brief (May 2024).pptx
 
Single or Multiple melodic lines structure
Single or Multiple melodic lines structureSingle or Multiple melodic lines structure
Single or Multiple melodic lines structure
 
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdfVishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
Vishram Singh - Textbook of Anatomy Upper Limb and Thorax.. Volume 1 (1).pdf
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
SOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning PresentationSOC 101 Demonstration of Learning Presentation
SOC 101 Demonstration of Learning Presentation
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 

COM520 Written Assignment 6 Assignment Policy for Securin.docx

  • 1. COM520 Written Assignment 6 Assignment: Policy for Securing the Windows Environment Assignment Requirements Securing Windows applications requires hardening each application to prevent vulnerabilities from being exploited. Your job is to select an appropriate control to address each anticipated vulnerability. You have been given the task of reviewing security policies and recommending appropriate security controls to respond to vulnerabilities identified by the security team in the new ERP software. You will be provided a list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Submission Requirements -Space –2 pages Self-Assessment Checklist
  • 2. control that best satisfies each ERP vulnerability. security controls. Required Resources Windows Access Control and Authentication (see below) COM520 Written Assignment 6 Case Scenario for Rationale: Importance of Windows Access Control and Authentication Ken 7 Windows Limited is a manufacturer of Windows for residential and commercial builders. Ken 7 Windows Limited carries a variety of Windows and related products. It supplies builders with all of the tools and supplies to install finished Windows in any type of building. Ken 7 Windows Limited has just purchased a new enterprise resource planning (ERP) software package to help control costs and increase both quality and customer
  • 3. responsiveness. The ERP software collects and stores information including: • Raw material costs • Labor costs • Materials and labor requirements for products • Purchasing requirements Ken 7 Windows Limited has identified six basic roles for users in the new ERP software: • Administrators—maintain ERP data and system operation. • Planners—run planning software and generate requirements reports. • Shop Floor users —enter operational data (receiving, shipping, and product progress during manufacturing). • Managers—manage department personnel. • Purchasing users—generate purchasing documents based on planning requirements. • Accounting users—maintain cost and accounting data. Access controls limit what users or roles can do with different types of data. For example, consider the following types of data: • Cost information—raw materials and labor costs, including the cost of finished goods.
  • 4. • Manufacturing details—cost, amount of labor, and time required to produce finished goods. • Purchasing requirements—rules for determining when raw materials, components, or supplies should be purchased. Through access control: • Cost information can be viewed only by Accounting users. • Manufacturing details can be viewed only by Shop Floor users. • Purchasing requirement can be viewed only by Purchasing users. During the analysis phase of the ERP implementation, Ken 7 Windows Limited raised concerns about users being able to access restricted data. • Accounting users are able to login to shop floor computers. • Purchasing users are able to access human resource (HR) applications and data. The ERP implementation team suggested the following access control measures to protect restricted data. • Create an organizational unit (OU) in Active Directory for shop floor computers. • Deploy Group Policy Objects (GPOs) to restrict shop floor
  • 5. users to the shop floor OU. • Define data access controls in the ERP software to deny access for all non-HR users to restricted data. Implementation of several access control measures helped Ken 7 Windows Limited to restrict the data access. Hence access control and authentication is important, as it helped Ken 7 Windows Limited in reducing costs and increasing profits. COM520 Written Assignment 6 Worksheet: Security Controls and Vulnerabilities You can select from a short list of security controls to detect or prevent each stated threat. For each vulnerability, select the best control to ensure Ken 7 Windows Limited fulfills the stated requirements to secure its application software. Select from these security controls: a. Place a firewall between the Internet and your Web server. b. Place a firewall between your Web server and your internal network. c. Remove the mail server service. d. Require encrypted connections for all remote ERP clients.
  • 6. e. Apply the latest security patches. f. Use a packet sniffer to view the contents of network packets. g. Require all personnel attend a lunch and learn session on updated security policies. Identified ERP software vulnerabilities: 1. The ERP software vendor reports that some customers have experienced denial-of- service (DoS) attacks from computers sending large volumes of packets to mail servers on the Web server computers. 2. Users that leave their workstations logged in during long durations of inactivity could allow attackers to hijack their session and impersonate them in the application. 3. Attackers with packet sniffers and proxy software could potentially intercept exchanges of private data. 4. Four software vulnerabilities in previous ERP software versions could allow attackers to escalate their permissions and assume administrator privileges. 5. Incorrect Web server configuration may allow unencrypted