SlideShare a Scribd company logo

1. Read the RiskReport to see what requirements are.2. Read the .docx

Download as DOCX, PDF
B
blondellchancy

1. Read the RiskReport to see what requirements are. 2. Read the Interim Risk Assessment to see the current state of paper that needs to be revised. 3. Use the RiskReport and the details below on what is missing to revise paper. Feedback on changes needed to the Risk Assessment Plan Risk Assessment Plan: Purpose does not make reference to BRI at all. Provide context. Scope, assumptions and constraints appear reasonable, but you can add an assumption or constraint regarding budget. Need to elaborate on how risk is determine using the qualitative approach. 1.    Title IT Security Risk Assessment 2.    Introduction You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees.  You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations.   A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats.   In a series of New York Times articles, BRI was exposed as being the victim of several security breaches.  As a follow up, the United States Government Accountability Office (GAO) conducted a comprehensive review of the agency’s information security controls and identified numerous issues. The head of the agency has contracted your company to conduct an IT security risk assessment on its operations.  This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps.  It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations.  You are to convince the agency to implement your recommendations. This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an organization’s activities.  You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action. Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess.  Information security is a significant concern among every organization and it may spell success or failure of its mission.  Effective IT professionals are expected to be up-to-date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures.    IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive .

Education
1 of 10
1. Read the RiskReport to see what requirements are. 2. Read the Interim Risk Assessment to see the current state of paper that needs to be revised. 3. Use the RiskReport and the details below on what is missing to revise paper. Feedback on changes needed to the Risk Assessment Plan Risk Assessment Plan: Purpose does not make reference to BRI at all. Provide context. Scope, assumptions and constraints appear reasonable, but you can add an assumption or constraint regarding budget. Need to elaborate on how risk is determine using the qualitative approach. 1. Title IT Security Risk Assessment 2. Introduction You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations. A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats. In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO)
conducted a comprehensive review of the agency’s information security controls and identified numerous issues. The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations. This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action. Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to- date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive level manner that convincingly justifies the need to invest in IT security improvements. This learning demonstration is designed to strengthen these essential knowledge, skills, and abilities needed by IT professionals. 1) Review the Setting and Situation
The primary mission of the Bureau of Research and Intelligence (BRI) is to provide multiple-source intelligence to American diplomats. It must ensure that intelligence activities are consistent with U.S. foreign policy and kept totally confidential. BRI has intelligence analysts who understand U.S. foreign policy concerns as well as the type of information needed by diplomats. The agency is in a dynamic environment in which events affecting foreign policy occur every day. Also, technology is rapidly changing and therefore new types of security opportunities and threats are emerging which may impact the agency. Due to Congressional budget restrictions, BRI is forced to be selective in the type of security measures that it will implement. Prioritization of proposed security programs and controls based on a sound risk assessment procedure is necessary for this environment. The following incidents involving BRI’s systems occurred and reported in the New York Times and other media outlets: · BRI’s network had been compromised by nation-state- sponsored attackers and that attacks are still continuing. It is believed that the attackers accessed the intelligence data used to support U.S. diplomats. · The chief of the bureau used his personal e-mail system for both official business purposes and for his own individual use. · A software defect in BRI’s human resource system – a web application – improperly allowed users to view the personal information of all BRI employees including social security numbers, birthdates, addresses, and bank account numbers (for direct deposit of their paychecks). After the breach, evidence was accidentally destroyed so there was no determination of the cause of the incident or of its attackers.
· A teleworker brought home a laptop containing classified intelligence information. It was stolen during a burglary and never recovered. · A disgruntled employee of a contractor for BRI disclosed classified documents through the media. He provided the media with, among other things, confidential correspondence between U.S. diplomats and the President that were very revealing. · Malware had infected all of the computers in several foreign embassies causing public embarrassment, security risks for personnel and financial losses to individuals, businesses and government agencies including foreign entities. These reports prompted the U.S. Government Accountability Office to conduct a comprehensive review of BRI’s information security posture. Using standards and guidance provided by the National Institute of Standards and Technology and other parties, they had the following findings: Identification and Authentication Controls · Controls over the length of passwords for certain network infrastructure devices were set to less than eight characters. • User account passwords had no expiration dates. • Passwords are the sole means for authentication. Authorization Controls · BRI allowed users to have excessive privileges to the intelligence databases. Specifically, BRI did not appropriately limit the ability of users to enter commands using the user interface. As a result, users could access or change the intelligence data. · BRI did not appropriately configure Oracle databases running on a server that supported multiple applications. The agency configured multiple databases operating on a server to run under one account. As a result, any administrator with access to the account would have access to all of these
databases; potentially exceeding his/her job duties. · At least twenty user accounts were active on an application’s database, although they had been requested for removal in BRI’s access request and approval system. Data Security · BRI does not use any type of data encryption for data-at- rest but protects data-in-transit using VPN. · A division data manager can independently control all key aspects of the processing of confidential data collected through intelligence activities. · One employee was able to derive classified information by “aggregating” unclassified databases. · Hackers infiltrated transactional data located in a single repository and went ahead and corrupted it. System Security · Wireless systems use the Wired Equivalent Privacy (WEP) standard for ensuring secure transmission of data. · The agency permitted the “Bring Your Own Device” (BYOD) concept and therefore users can utilize their personal mobile devices to connect to the agency network freely. · In the event of a network failure due to hacking, the data center manager has his recovery plan but has not shared it with anyone in or out of the center. He was not aware of any requirement to report incidents outside of the agency. · There has never been any testing of the security controls in the agency. · Processes for the servers have not been documented, but in the minds of the system managers.
· Patching of key databases and system components has not been a priority. Patching systems have either been late or not performed at all. Managers explained that it takes time and effort to test patches on its applications. · Scanning devices connected to the network for possible security vulnerabilities are done only when the devices are returned to inventory for future use. · System developers involved with financial systems are allowed to develop code and access production code. Physical Security · An unauthorized personnel was observed “tailgating” or closely following an official employee while entering a secure data center. · The monthly review process at a data center failed to identify a BI employee who had separated from BRI and did not result in the removal of her access privileges. She was still able to access restricted areas for at least three months after her separation. End User Security · Users even in restricted areas are allowed to use social media such as Facebook. The argument used is that is part of the public outreach efforts of the agency. · Users receive a 5-minute briefing on security as part of their orientation session that occurs typically on their first day of work. There is no other mention of security during the course of employment. · Users are allowed to use public clouds such as Dropbox, Box, and Google Drive to store their data. · BRI has not performed continual background
investigations on employees who operate its intelligence applications (one investigation is conducted upon initial employment). · There is no policy regarding the handling of classified information. An internal audit report indicated that the organization needed several security programs including a security awareness and training program, a privacy protection program and a business continuity/disaster recovery programs. These programs will need special attention. 2) Examine Background Resources This learning demonstration focuses on theNational Institute of Standards and Technology's (NIST) “Guide for Conducting Risk Assessments” (http://csrc.nist.gov/publications/nistpubs/800-30- rev1/sp800_30_r1.pdf). See Pg. 23 to view the description of the risk management process. Throughout this learning activity, feel free to use other references such as: Other NIST publications (http://csrc.nist.gov/publications/PubsSPs.html), SANS Reading Room (http://www.sans.org/reading-room/), US-CERT (https://www.us-cert.gov/security-publications), CSO Magazine (http://www.csoonline.com/), Information Security Magazine (http://www.infosecurity- magazine.com/white-papers/), Homeland Security News Wire (http://www.homelandsecuritynewswire.com/topics/cybersecurit y)
Other useful references on security risk management include: https://books.google.com/books?id=cW1ytnWjObYC&printsec= frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q& f=false https://books.google.com/books?id=FJFCrP8vVZcC&printsec=f rontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f =false 3) Prepare the Risk Assessment Plan Using the NIST report as your guide, address the following items: · Purpose of the assessment, · Scope of the assessment, · Assumptions and constraints, and · Selected risk model and analytical approach to be used. Document your above analysis in the “Interim Risk Assessment Planning Report.” This report should be 400-500 words Risk Assessment Plan Purpose of the Assessment IT systems are said to be vulnerable due to the variety of disruptions that they are exposed to in an organization. Some of the disruptions that they are exposed to include failure of disk drive, outage of power, equipment destruction or fire. It is possible to minimize or eliminate these vulnerabilities through technical, operational or management solutions as part of an effort by the organization to manage the risk (Nicolic, 2009). There are security gaps in the organization which affect the organizational performance. Thus there is need to find a way in which these security gaps can be closed. Furthermore, it is important to have the organization spend time and money in the right areas so that it does not waste resources. The role of the
security consultants is to come up with a better security assessment plan that will help the organization in many areas (Feng, Zhang & Zhang, 2004). The security assessment is meant to help the organization come up with decisions on how to protect critical information as well as be prepared for any security threats. The plan is designed so as to mitigate the risk of the system and unavailability of service by focusing on effective and efficient solutions for recovery. Scope of the Assessment The risk assessment will inform decisions regarding the security gaps that exists in the IT systems in the organization. The security gaps are making the entire organization vulnerable to external threats and the organization can lose a lot if these gaps are not closed. The risk assessment will be conducted over a period of six months so as to ensure that the system is closely monitored and that there are no gaps in the system. The considerations that will be made during this risk assessment include making sure that all the employees that use the system have the required security features in their computersall endpoints (e.g., workstations, laptops, servers, mobile devices and smart devices including “bring your own devices”). Risk management, in this case, will include quantitative risk, management, and control management. The procedure is essential as it will help the organization and the IT team to be updated on the latest events, which will help come up with better security to protect the organization. It will also play a significant role in determining the short-term goals and long- term goals. Once everyone is aware of these risks, it will be easier to act to contain the situation faced by any threat (Lo & Chen, 2012). Assumptions and Constraints It is without a doubt that assumptions and constraints are critical to the success of a risk assessment. Some assumptions at the outset of the assessment include that adequate resources will be dedicated to the assessment including the involvement of key personnel, and qualified assessors will be assigned to the
task. Other assumptions may include but are not limited to threat sources, threat events, vulnerabilities and predisposing conditions, potential impacts, assessment and analysis approaches, and which missions/business functions are primary. The organization believes that most threats are caused by security breaches. Thus, risk assessment should be done mainly on security breaches on IT systems of the organization. Some of the constraints that may be encountered during risk assessment include inadequate funds as it is not clear how bad the security gaps are and how much may be needed to solve the issuesConstraints include that operations will need to continue unimpeded during the assessment, the assessment will need to be completed within a reasonable time limit and recommendations from the assessment will need to be framed in the resources available to implement the recommendations, balanced against the potential risk. Selected Risk Model and Analytical Approach to be used. A qualitative risk assessment approach will be used to mitigate the risk. Furthermore, since the risk assessment is being done to close the security gaps, a threat-oriented approach will also be used to as to determine the threats that the security gaps cause to the system. The quality of the system must be determined during risk assessment.

Recommended

1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docxhyacinthshackley2629
 
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docxcroysierkathey
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docxstandfordabbot
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 

Recommended

1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx1.    TitleIT Security Risk Assessment2.    IntroductionYou .docx
1.    TitleIT Security Risk Assessment2.    IntroductionYou .docxhyacinthshackley2629
 
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx1.    TitleIT Security Risk Assessment2.    IntroductionYo.docx
1.    TitleIT Security Risk Assessment2.    IntroductionYo.docxcroysierkathey
 
2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docx2. IntroductionYou are employed with Government Security Consu.docx
2. IntroductionYou are employed with Government Security Consu.docxstandfordabbot
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...Safeguarding Your Business: Understanding, Preventing, and Responding to Data...
Safeguarding Your Business: Understanding, Preventing, and Responding to Data...cyberprosocial
 
Insider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdfInsider_Threats_in_Healthcare_1651617236.pdf
Insider_Threats_in_Healthcare_1651617236.pdframsetl
 
Information Technology Security Basics
Information Technology Security BasicsInformation Technology Security Basics
Information Technology Security BasicsMohan Jadhav
 
An Empirical Study on Information Security
An Empirical Study on Information SecurityAn Empirical Study on Information Security
An Empirical Study on Information Securityijtsrd
 
Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureThilak Pathirage -Senior IT Gov and Risk Consultant
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response ManagementDon Caeiro
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_TurnerBob Turner
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
DG for Fed
DG for FedDG for Fed
DG for FedGreg Cranley
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptxSonakshiMundra
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 
1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docxblondellchancy
 
1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docxblondellchancy
 

More Related Content

Similar to 1. Read the RiskReport to see what requirements are.2. Read the .docx

Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxtoltonkendal
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2Ron Miller
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response ManagementDon Caeiro
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldTEWMAGAZINE
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2TechSoup Canada
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationShritam Bhowmick
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptxcejobelle
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_TurnerBob Turner
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxchristiandean12115
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsSolarWinds
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowRoger Hagedorn
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6seadeloitte
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxjaggernaoma
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET Journal
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructureNeha Agarwal
 

Similar to 1. Read the RiskReport to see what requirements are.2. Read the .docx (20)

Running Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docxRunning Head SECURITY AWARENESSSecurity Awareness .docx
Running Head SECURITY AWARENESSSecurity Awareness .docx
 
ISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochureISACA Cybersecurity Audit course brochure
ISACA Cybersecurity Audit course brochure
 
RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2RonaldG.MillerCISSPv2
RonaldG.MillerCISSPv2
 
Introduction to Incident Response Management
Introduction to Incident Response ManagementIntroduction to Incident Response Management
Introduction to Incident Response Management
 
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise WorldKey Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
Key Cybersecurity Risks and Mitigation Strategies in 2023 | The Enterprise World
 
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
How Your Nonprofit Can Avoid Data Breaches and Ensure Privacy Part 2
 
New Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise InfilterationNew Age Red Teaming - Enterprise Infilteration
New Age Red Teaming - Enterprise Infilteration
 
Module 3_Lesson 7.pptx
Module 3_Lesson 7.pptxModule 3_Lesson 7.pptx
Module 3_Lesson 7.pptx
 
Insider Threat_BAH_Turner
Insider Threat_BAH_TurnerInsider Threat_BAH_Turner
Insider Threat_BAH_Turner
 
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docxISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
ISE 510 Final Project Scenario Background Limetree Inc. is a resea.docx
 
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider ThreatsFederal Webinar: Best Practices and Tools for Reducing Insider Threats
Federal Webinar: Best Practices and Tools for Reducing Insider Threats
 
DG for Fed
DG for FedDG for Fed
DG for Fed
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
Data Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to KnowData Security: What Every Leader Needs to Know
Data Security: What Every Leader Needs to Know
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
November 2017: Part 6
November 2017: Part 6November 2017: Part 6
November 2017: Part 6
 
Cyberattacks.pptx
Cyberattacks.pptxCyberattacks.pptx
Cyberattacks.pptx
 
Information AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docxInformation AssuranceChaston Carter041717 Target Corpora.docx
Information AssuranceChaston Carter041717 Target Corpora.docx
 
IRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A SurveyIRJET- Data Leak Prevention System: A Survey
IRJET- Data Leak Prevention System: A Survey
 
Protection of critical information infrastructure
Protection of critical information infrastructureProtection of critical information infrastructure
Protection of critical information infrastructure
 

More from blondellchancy

1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docxblondellchancy
 
1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docxblondellchancy
 
1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docx1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docxblondellchancy
 
1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docx1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docxblondellchancy
 
1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docx1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docxblondellchancy
 
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docxblondellchancy
 
1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docx1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docxblondellchancy
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docxblondellchancy
 
1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docx1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docxblondellchancy
 
1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docx1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docxblondellchancy
 
1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docx1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docxblondellchancy
 
1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docx1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docxblondellchancy
 
1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docx1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docxblondellchancy
 
1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docx1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docxblondellchancy
 
1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docx1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docxblondellchancy
 
1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docx1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docxblondellchancy
 
1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docx1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docxblondellchancy
 
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docxblondellchancy
 
1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docx1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docxblondellchancy
 
1. Name the two main parts of the MLA citation format. One part goes.docx
1. Name the two main parts of the MLA citation format. One part goes.docx1. Name the two main parts of the MLA citation format. One part goes.docx
1. Name the two main parts of the MLA citation format. One part goes.docxblondellchancy
 

More from blondellchancy (20)

1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx1. Report contentThe report should demonstrate your understa.docx
1. Report contentThe report should demonstrate your understa.docx
 
1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx1. Research the assessment process for ELL students in your state. W.docx
1. Research the assessment process for ELL students in your state. W.docx
 
1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docx1. Reply:2.Reply:.docx
1. Reply:2.Reply:.docx
 
1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docx1. Review the three articles about Inflation that are of any choice..docx
1. Review the three articles about Inflation that are of any choice..docx
 
1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docx1. Quantitative According to the scoring criteria for the BAI, .docx
1. Quantitative According to the scoring criteria for the BAI, .docx
 
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
1. Prof. Lennart Van der Zeil’s theorem says that any programmin.docx
 
1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docx1. Review the results of your assessment using the explanation.docx
1. Review the results of your assessment using the explanation.docx
 
1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx1. Search the internet and learn about the cases of nurses Julie.docx
1. Search the internet and learn about the cases of nurses Julie.docx
 
1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docx1. Qualitative or quantitative paperresearch required(Use stati.docx
1. Qualitative or quantitative paperresearch required(Use stati.docx
 
1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docx1. Prepare a one page paper on associative analysis. You may researc.docx
1. Prepare a one page paper on associative analysis. You may researc.docx
 
1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docx1. Prepare a comparative table in which you contrast the charact.docx
1. Prepare a comparative table in which you contrast the charact.docx
 
1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docx1. Portfolio part II a) APRN protocol also known as collab.docx
1. Portfolio part II a) APRN protocol also known as collab.docx
 
1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docx1. Post the link to one news article, preferably a piece of rece.docx
1. Post the link to one news article, preferably a piece of rece.docx
 
1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docx1. Please explain fixed and flexible budgeting. Provide an examp.docx
1. Please explain fixed and flexible budgeting. Provide an examp.docx
 
1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docx1. Open and print the Week 6 Assignment.2. The assignment .docx
1. Open and print the Week 6 Assignment.2. The assignment .docx
 
1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docx1. Plato’s Republic takes as its point of departure the question of .docx
1. Plato’s Republic takes as its point of departure the question of .docx
 
1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docx1. Objective Learn why and how to develop a plan that encompasses a.docx
1. Objective Learn why and how to develop a plan that encompasses a.docx
 
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
1. Open the attached Excel Assignment.xlsx” file and name it LastN.docx
 
1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docx1. must be a research article from either pubmed or google scholar..docx
1. must be a research article from either pubmed or google scholar..docx
 
1. Name the two main parts of the MLA citation format. One part goes.docx
1. Name the two main parts of the MLA citation format. One part goes.docx1. Name the two main parts of the MLA citation format. One part goes.docx
1. Name the two main parts of the MLA citation format. One part goes.docx
 

Recently uploaded

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docxPoojaSen20
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsKarinaGenton
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppCeline George
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
mini mental status format.docx
mini mental status format.docxmini mental status format.docx
mini mental status format.docx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Science 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its CharacteristicsScience 7 - LAND and SEA BREEZE and its Characteristics
Science 7 - LAND and SEA BREEZE and its Characteristics
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
URLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website AppURLs and Routing in the Odoo 17 Website App
URLs and Routing in the Odoo 17 Website App
 

1. Read the RiskReport to see what requirements are.2. Read the .docx

  • 1. 1. Read the RiskReport to see what requirements are. 2. Read the Interim Risk Assessment to see the current state of paper that needs to be revised. 3. Use the RiskReport and the details below on what is missing to revise paper. Feedback on changes needed to the Risk Assessment Plan Risk Assessment Plan: Purpose does not make reference to BRI at all. Provide context. Scope, assumptions and constraints appear reasonable, but you can add an assumption or constraint regarding budget. Need to elaborate on how risk is determine using the qualitative approach. 1. Title IT Security Risk Assessment 2. Introduction You are employed with Government Security Consultants, a subsidiary of Largo Corporation. As a member of IT security consultant team, one of your responsibilities is to ensure the security of assets as well as provide a secure environment for customers, partners and employees. You and the team play a key role in defining, implementing and maintaining the IT security strategy in organizations. A government agency called the Bureau of Research and Intelligence (BRI) is tasked with gathering and analyzing information to support U.S. diplomats. In a series of New York Times articles, BRI was exposed as being the victim of several security breaches. As a follow up, the United States Government Accountability Office (GAO)
  • 2. conducted a comprehensive review of the agency’s information security controls and identified numerous issues. The head of the agency has contracted your company to conduct an IT security risk assessment on its operations. This risk assessment was determined to be necessary to address security gaps in the agency’s critical operational areas and to determine actions to close those gaps. It is also meant to ensure that the agency invests time and money in the right areas and does not waste resources. After conducting the assessment, you are to develop a final report that summarizes the findings and provides a set of recommendations. You are to convince the agency to implement your recommendations. This learning activity focuses on IT security which is an overarching concern that involves practically all facets of an organization’s activities. You will learn about the key steps of preparing for and conducting a security risk assessment and how to present the findings to leaders and convince them into taking appropriate action. Understanding security capabilities is basic to the core knowledge, skills, and abilities that IT personnel are expected to possess. Information security is a significant concern among every organization and it may spell success or failure of its mission. Effective IT professionals are expected to be up-to- date on trends in IT security, current threats and vulnerabilities, state-of-the-art security safeguards, and security policies and procedures. IT professionals must be able to communicate effectively (oral and written) to executive level management in a non-jargon, executive level manner that convincingly justifies the need to invest in IT security improvements. This learning demonstration is designed to strengthen these essential knowledge, skills, and abilities needed by IT professionals. 1) Review the Setting and Situation
  • 3. The primary mission of the Bureau of Research and Intelligence (BRI) is to provide multiple-source intelligence to American diplomats. It must ensure that intelligence activities are consistent with U.S. foreign policy and kept totally confidential. BRI has intelligence analysts who understand U.S. foreign policy concerns as well as the type of information needed by diplomats. The agency is in a dynamic environment in which events affecting foreign policy occur every day. Also, technology is rapidly changing and therefore new types of security opportunities and threats are emerging which may impact the agency. Due to Congressional budget restrictions, BRI is forced to be selective in the type of security measures that it will implement. Prioritization of proposed security programs and controls based on a sound risk assessment procedure is necessary for this environment. The following incidents involving BRI’s systems occurred and reported in the New York Times and other media outlets: · BRI’s network had been compromised by nation-state- sponsored attackers and that attacks are still continuing. It is believed that the attackers accessed the intelligence data used to support U.S. diplomats. · The chief of the bureau used his personal e-mail system for both official business purposes and for his own individual use. · A software defect in BRI’s human resource system – a web application – improperly allowed users to view the personal information of all BRI employees including social security numbers, birthdates, addresses, and bank account numbers (for direct deposit of their paychecks). After the breach, evidence was accidentally destroyed so there was no determination of the cause of the incident or of its attackers.
  • 4. · A teleworker brought home a laptop containing classified intelligence information. It was stolen during a burglary and never recovered. · A disgruntled employee of a contractor for BRI disclosed classified documents through the media. He provided the media with, among other things, confidential correspondence between U.S. diplomats and the President that were very revealing. · Malware had infected all of the computers in several foreign embassies causing public embarrassment, security risks for personnel and financial losses to individuals, businesses and government agencies including foreign entities. These reports prompted the U.S. Government Accountability Office to conduct a comprehensive review of BRI’s information security posture. Using standards and guidance provided by the National Institute of Standards and Technology and other parties, they had the following findings: Identification and Authentication Controls · Controls over the length of passwords for certain network infrastructure devices were set to less than eight characters. • User account passwords had no expiration dates. • Passwords are the sole means for authentication. Authorization Controls · BRI allowed users to have excessive privileges to the intelligence databases. Specifically, BRI did not appropriately limit the ability of users to enter commands using the user interface. As a result, users could access or change the intelligence data. · BRI did not appropriately configure Oracle databases running on a server that supported multiple applications. The agency configured multiple databases operating on a server to run under one account. As a result, any administrator with access to the account would have access to all of these
  • 5. databases; potentially exceeding his/her job duties. · At least twenty user accounts were active on an application’s database, although they had been requested for removal in BRI’s access request and approval system. Data Security · BRI does not use any type of data encryption for data-at- rest but protects data-in-transit using VPN. · A division data manager can independently control all key aspects of the processing of confidential data collected through intelligence activities. · One employee was able to derive classified information by “aggregating” unclassified databases. · Hackers infiltrated transactional data located in a single repository and went ahead and corrupted it. System Security · Wireless systems use the Wired Equivalent Privacy (WEP) standard for ensuring secure transmission of data. · The agency permitted the “Bring Your Own Device” (BYOD) concept and therefore users can utilize their personal mobile devices to connect to the agency network freely. · In the event of a network failure due to hacking, the data center manager has his recovery plan but has not shared it with anyone in or out of the center. He was not aware of any requirement to report incidents outside of the agency. · There has never been any testing of the security controls in the agency. · Processes for the servers have not been documented, but in the minds of the system managers.
  • 6. · Patching of key databases and system components has not been a priority. Patching systems have either been late or not performed at all. Managers explained that it takes time and effort to test patches on its applications. · Scanning devices connected to the network for possible security vulnerabilities are done only when the devices are returned to inventory for future use. · System developers involved with financial systems are allowed to develop code and access production code. Physical Security · An unauthorized personnel was observed “tailgating” or closely following an official employee while entering a secure data center. · The monthly review process at a data center failed to identify a BI employee who had separated from BRI and did not result in the removal of her access privileges. She was still able to access restricted areas for at least three months after her separation. End User Security · Users even in restricted areas are allowed to use social media such as Facebook. The argument used is that is part of the public outreach efforts of the agency. · Users receive a 5-minute briefing on security as part of their orientation session that occurs typically on their first day of work. There is no other mention of security during the course of employment. · Users are allowed to use public clouds such as Dropbox, Box, and Google Drive to store their data. · BRI has not performed continual background
  • 7. investigations on employees who operate its intelligence applications (one investigation is conducted upon initial employment). · There is no policy regarding the handling of classified information. An internal audit report indicated that the organization needed several security programs including a security awareness and training program, a privacy protection program and a business continuity/disaster recovery programs. These programs will need special attention. 2) Examine Background Resources This learning demonstration focuses on theNational Institute of Standards and Technology's (NIST) “Guide for Conducting Risk Assessments” (http://csrc.nist.gov/publications/nistpubs/800-30- rev1/sp800_30_r1.pdf). See Pg. 23 to view the description of the risk management process. Throughout this learning activity, feel free to use other references such as: Other NIST publications (http://csrc.nist.gov/publications/PubsSPs.html), SANS Reading Room (http://www.sans.org/reading-room/), US-CERT (https://www.us-cert.gov/security-publications), CSO Magazine (http://www.csoonline.com/), Information Security Magazine (http://www.infosecurity- magazine.com/white-papers/), Homeland Security News Wire (http://www.homelandsecuritynewswire.com/topics/cybersecurit y)
  • 8. Other useful references on security risk management include: https://books.google.com/books?id=cW1ytnWjObYC&printsec= frontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q& f=false https://books.google.com/books?id=FJFCrP8vVZcC&printsec=f rontcover&source=gbs_ge_summary_r&cad=0#v=onepage&q&f =false 3) Prepare the Risk Assessment Plan Using the NIST report as your guide, address the following items: · Purpose of the assessment, · Scope of the assessment, · Assumptions and constraints, and · Selected risk model and analytical approach to be used. Document your above analysis in the “Interim Risk Assessment Planning Report.” This report should be 400-500 words Risk Assessment Plan Purpose of the Assessment IT systems are said to be vulnerable due to the variety of disruptions that they are exposed to in an organization. Some of the disruptions that they are exposed to include failure of disk drive, outage of power, equipment destruction or fire. It is possible to minimize or eliminate these vulnerabilities through technical, operational or management solutions as part of an effort by the organization to manage the risk (Nicolic, 2009). There are security gaps in the organization which affect the organizational performance. Thus there is need to find a way in which these security gaps can be closed. Furthermore, it is important to have the organization spend time and money in the right areas so that it does not waste resources. The role of the
  • 9. security consultants is to come up with a better security assessment plan that will help the organization in many areas (Feng, Zhang & Zhang, 2004). The security assessment is meant to help the organization come up with decisions on how to protect critical information as well as be prepared for any security threats. The plan is designed so as to mitigate the risk of the system and unavailability of service by focusing on effective and efficient solutions for recovery. Scope of the Assessment The risk assessment will inform decisions regarding the security gaps that exists in the IT systems in the organization. The security gaps are making the entire organization vulnerable to external threats and the organization can lose a lot if these gaps are not closed. The risk assessment will be conducted over a period of six months so as to ensure that the system is closely monitored and that there are no gaps in the system. The considerations that will be made during this risk assessment include making sure that all the employees that use the system have the required security features in their computersall endpoints (e.g., workstations, laptops, servers, mobile devices and smart devices including “bring your own devices”). Risk management, in this case, will include quantitative risk, management, and control management. The procedure is essential as it will help the organization and the IT team to be updated on the latest events, which will help come up with better security to protect the organization. It will also play a significant role in determining the short-term goals and long- term goals. Once everyone is aware of these risks, it will be easier to act to contain the situation faced by any threat (Lo & Chen, 2012). Assumptions and Constraints It is without a doubt that assumptions and constraints are critical to the success of a risk assessment. Some assumptions at the outset of the assessment include that adequate resources will be dedicated to the assessment including the involvement of key personnel, and qualified assessors will be assigned to the
  • 10. task. Other assumptions may include but are not limited to threat sources, threat events, vulnerabilities and predisposing conditions, potential impacts, assessment and analysis approaches, and which missions/business functions are primary. The organization believes that most threats are caused by security breaches. Thus, risk assessment should be done mainly on security breaches on IT systems of the organization. Some of the constraints that may be encountered during risk assessment include inadequate funds as it is not clear how bad the security gaps are and how much may be needed to solve the issuesConstraints include that operations will need to continue unimpeded during the assessment, the assessment will need to be completed within a reasonable time limit and recommendations from the assessment will need to be framed in the resources available to implement the recommendations, balanced against the potential risk. Selected Risk Model and Analytical Approach to be used. A qualitative risk assessment approach will be used to mitigate the risk. Furthermore, since the risk assessment is being done to close the security gaps, a threat-oriented approach will also be used to as to determine the threats that the security gaps cause to the system. The quality of the system must be determined during risk assessment.