SlideShare a Scribd company logo
Part 1: Major Events Documentation
Scenario: You visit a retail establishment, shop around, and
finally carry several products to one of the point of sale (POS)
terminals distributed openly around the store. You produce a
credit card, the salesclerk processes the transaction, bags your
goods, and hands you the receipt. On your way to the exit, a
store employee asks to see your receipt and checks the contents
of the store bag. Document each of the major events just
described and explain them in terms of the PCI compliance
standard. Include this report in your assignment.
Part 2: PCI Compliance
This part of the assignment will cover PCI. Please refer to the
attached file in your responses.
Respond to and address the following in essay style:
1. Suppose HGA’s mainframe, depicted in Figure B-1, stored
cardholder data in the private databases. What steps should be
taken to protect that data in order to be PCI compliant?
2. HGA’s mainframe has network connectivity. Assuming that
cardholder data is transmitted across these networks, describe
how data should be protected in transmission.
3. Users are located at various sites connected to the HGA
network. Suggest appropriate access controls to restrict
unauthorized users from looking at cardholder data.
4. The PCI specification notes that all systems and network
devices connected to a system that stores, transmits, or
processes cardholder data is in scope and must comply with PCI
specifications. To avoid having the whole network subject to
PCI specifications, how would you segment the network to
reduce the scope of compliance?
Assignment Requirements:
Submit your assignment in the usual double-spaced APA-styled
report. At least four pages of material are expected beyond the
title page, table of contents, abstract, and references page.
· Answers contain sufficient information to adequately answer
the questions
· No spelling errors
· No grammar errors
CRSS Network Diagram
Copyright Rasmussen, Inc. 2013. Proprietary and Confidential.
1
1
image3.png
image5.png
FedRAMP Security Assessment Plan (SAP)
Third Party Assessment
Prepared by
<Your Name>
for
Country Roads Space Systems
&
NASA
CRSS Information Systems. Administration and Classified
Networks
Version #.#
<DATE>
MOCK Plan
CRSS Information Systems. Administration and Classified
Networks | Version #.# Date
Controlled Unclassified Information Page | 10
System Assessment Plan
Prepared by
Identification of Organization that Prepared this Document
Student NameEnter Your Name
Rasmussen Email AddressEnter Rasmussen Email Address
ClassEnter Class Name
Course and SemesterEnter Section Number and Semester
Prepared for
Identification of Cloud Service Provider
Organization NameNASA
Street Address300 E St. SW
Suite/Room/BuildingIA Office Floor 2
City, State ZipWashington DC 20546
Revision History
Date
Description
Version of SSP
Author<Date><Revision
Description><Version><Author><Date><Revision
Description><Version><Author>
Table of Contents
1Introduction1
1.1Laws, Regulations, Standards, and Guidance1
1.2Purpose1
2Scope2
2.1Information System Name/Title2
2.2Internet Protocol (IP) Addresses, WeB APPLICATIONS, and
DATABASES Slated for Testing2
2.3Roles Slated for Testing2
3Assumptions2
4Methodology3
5Test Plan4
5.1Security Assessment Team4
5.2NASA /CRSS Provider Testing Points of Contact5
5.3Testing Performed Using Automated Tools5
5.4Testing Performed Through Manual Methods6
6Rules of Engagement7
6.1Security Testing7
6.2End of Testing8
6.3Communication of Test Results8
6.4 Limitation of
Liabilities……………………………………………………………
…………………………………….…………..8
6.5 Signatures 10
7Acronyms10
AAppendix A – Attachments11
List of Tables
Table 21 Information System Name and Title2
Table 26 Role Based Testing2
Table 51 Security Testing Team4
Table 52 NASA /CRSS Service Provider Points of Contact5
Table 53 Tools Used for Security Testing5
Table 54 Testing Performed through Manual Methods6
Table 61 Individuals at NASA /CRSS Receiving Test Results8
CRSS Information Systems. Administration and Classified
Networks FedRAMP SAP Template
Version #.# Date
MOCK Plan – Academic Purposes Only Page | ii Introduction
Federal Risk and Authorization Management Program
(FedRAMP) is a government-wide program that provides a
standardized approach to security assessment, authorization,
and continuous monitoring for Country Roads Space Systems.
Testing security controls is an integral part of the FedRAMP
security authorization requirements. Providing a plan for
security control ensures that the process runs smoothly.
The CRSS Information Systems. Administration and Classified
Networks (CRSS ITS) will be assessed by an Independent
Assessor (IA) <Your Name>. The use of an independent
assessment team reduces the potential for conflicts of interest
that could occur in verifying the implementation status and
effectiveness of the security controls. National Institute of
Standards and Technology (NIST) Special Publication (SP) 800-
39, Managing Information Security Risk states:
Assessor independence is an important factor in: (i) preserving
the impartial and unbiased nature of the assessment process; (ii)
determining the credibility of the security assessment results;
and (iii) ensuring that the authorizing official receives the most
objective information possible in order to make an informed,
risk-based, authorization decision.Laws, Regulations,
Standards, and Guidance
A summary of the FedRAMP Laws and Regulations and the
FedRAMP Standards and Guidance is included in the System
Security Plan (SSP) Attachment 12 – FedRAMP Laws and
Regulations.
SSP Section 12 Laws, Regulations, Standards, and Guidance
contains the following two tables that are system specific:
Table 12 1 CRSS Information Systems. Administration and
Classified Networks Laws and Regulations includes additional
laws and regulations specific to CRSS Information Systems.
Administration and Classified Networks.
Table 12 2 CRSS Information Systems. Administration and
Classified Networks Standards and Guidance includes any
additional standards and guidance specific to CRSS Information
Systems. Administration and Classified Networks.Purpose
This document consists of a test plan to test the security
controls for CRSS ITS. It has been completed by <Your Name>
for the benefit of Country Roads Space Systems. NIST SP 800-
39, Managing Information Security Risk states:
The information system owner and common control provider
rely on the security expertise and the technical judgment of the
assessor to: (i) assess the security controls employed within and
inherited by the information system using assessment
procedures specified in the security assessment plan; and (ii)
provide specific recommendations on how to correct weaknesses
or deficiencies in the controls and address identified
vulnerabilities.Scope
Information System Name/Title
The CRSS ITS is undergoing testing as described in this
Security Assessment Plan named in Table 2-1.
Table 21 Information System Name and Title
Unique Identifier
Information System Name
Information System Abbreviation487-4587654
CRSS Information Systems. Administration and Classified
Networks
CRSS ITS
Internet Protocol (IP) Addresses, WeB APPLICATIONS, and
DATABASES Slated for Testing
Instruction: If you plan to test any of the systems identified in
the CRSS_Network.vsd Diagram, you will need to list them
here, with a brief description of the system (extrapolate the
function from the name based on other systems of the same type
you find online) and list a priority for testing based on your
view of the risk and vulnerability.
Delete this instruction from your final version of this document.
Please list all systems slated for testing.
System Name
Description
Priority for Testing
Roles Slated for Testing
Role testing will be performed to test the authorizations
restrictions for each role. <Your Name> will access the system
while logged in as different user types and attempt to perform
restricted functions as unprivileged users. Functions and roles
that will be tested are noted in Table 26 Role Based Testing.
Roles slated for testing correspond to those roles listed in the
CRSS ITS SSP.
Table 26 Role Based Testing
Role Name
Test User ID
Associated FunctionsEnter Role NameEnter Test User IDEnter
Associated FunctionsEnter Role NameEnter Test User IDEnter
Associated FunctionsEnter Role NameEnter Test User IDEnter
Associated Functions
Assumptions
Instruction: The assumptions listed are default assumptions.
The Auditor must edit these assumptions as necessary for each
unique engagement.
Delete this instruction from your final version of this document.
The following assumptions were used when developing this
SAP:
Country Roads Space Systems resources, including
documentation and individuals with knowledge of the Country
Roads Space Systems and infrastructure and their contact
information, will be available to <Your Name> staff during the
time necessary to complete assessments.
The Country Roads Space Systems will provide login account
information/credentials necessary for <Your Name> to use its
testing devices to perform authenticated scans of devices and
applications.
The Country Roads Space Systems will permit <Your Name> to
connect its testing laptops to the Country Roads Space Systems
networks defined within the scope of this assessment.
The Country Roads Space Systems will permit communication
from Third Party Assessment Organization testing appliances to
an internet hosted vulnerability management service to permit
the analysis of vulnerability data.
Security controls that have been identified as “Not Applicable”
in the SSP will be verified as such and further testing will not
be performed on these security controls
Significant upgrades or changes to the infrastructure and
components of the system undergoing testing will not be
performed during the security assessment period.
For onsite control assessment, Country Roads Space Systems
personnel will be available should the <Your Name> staff
determine that either after hours work, or weekend work, is
necessary to support the security assessment.
<ADD MORE HERE>Methodology
Instruction: FedRAMP provides a documented methodology to
describe the process for testing the security controls. The IAs
may edit this section to add additional information.
Delete this instruction from your final version of this document.
<Your Name> will perform an assessment of the CRSS ITS
security controls using the methodology described in NIST SP
800-53A. <Your Name> will use FedRAMP test procedures to
evaluate the security control(s). Outline below, these test
procedures contain the test objectives and associated test cases
to determine if a control is effectively implemented and
operating as intended.
<Your Name> data gathering activities will consist of the
following:
Request Country Roads Space Systems provide FedRAMP
required documentation
Request any follow-up documentation, files, or information
needed that is not provided in FedRAMP required
documentation
Travel to the Country Roads Space Systems sites as necessary to
inspect systems and meet with Country Roads Space Systems
staff
Obtain information through the use of security testing tools
Security controls will be verified using one or more of the
following assessment methods:
Examine: the IA will review, analyze, inspect, or observe one or
more assessment artifacts as specified in the attached test cases
Interview: the IA will conduct discussions with individuals
within the organization to facilitate assessor understanding,
achieve clarification, or obtain evidence
Technical Tests: the IA will perform technical tests, including
penetration testing, on system components using automated and
manual methods
<Your Name> will use sampling when performing this
assessment.
Control Name
Data Gathering Methodology
Verification method
Details
Test Plan
Security Assessment Team
Instruction: List the members of the risk assessment team and
the role each member will play. Include team members contact
information. Enter up to 3 other members after you on the first
line. Fill in the role with skills you believe are needed to
perform this assessment and fake contact information.
Delete this instruction from your final version of this document.
The security assessment team consists of the below individuals.
Security control assessors play a unique role in testing system
security controls. NIST SP 800-39, Managing Information
Security Risk states:
The security control assessor is an individual, group, or
organization responsible for conducting a comprehensive
assessment of the management, operational, and technical
security controls employed within or inherited by an
information system to determine the overall effectiveness of the
controls (i.e., the extent to which the controls are implemented
correctly, operating as intended, and producing the desired
outcome with respect to meeting the security requirements for
the system).
The members of the IA security testing team are found in Table
51 Security Testing Team.
Table 51 Security Testing Team
Name
Role
Contact InformationEnter Test Team POC NameEnter Test
Team POC RoleEnter Test Team Contract InformationEnter Test
Team POC NameEnter Test Team POC RoleEnter Test Team
Contract InformationEnter Test Team POC NameEnter Test
Team POC RoleEnter Test Team Contract Information
Country Roads Space Systems Provider Testing Points of
Contact
Instruction: The IA must obtain at least three points of contact
from the CSP to use for testing communications. One of the
contacts must be available 24 x 7 and must include an
operations center (e.g., NOC, SOC).
Delete this instruction from your final version of this document.
The Country Roads Space Systems points of contact that the
testing team will use are found in Table 52 Country Roads
Space Systems Service Provider Points of Contact (POCs).
Table 52 Country Roads Space Systems Service Provider Points
of Contact
Name
Role
Contact InformationEnter CSP POC NameEnter CSP POC
RoleEnter CSP Contact InformationEnter CSP POC NameEnter
CSP POC RoleEnter CSP Contact InformationEnter CSP POC
NameEnter CSP POC RoleEnter CSP Contact Information
Testing Performed Using Automated Tools
Instruction: Describe what tools will be used for testing security
controls. Include all product names and names of open source
tools and include version numbers. If open source tools are
used, name the organization (or individuals) who developed the
tools. Additionally, describe the function and purpose of the
tool (e.g., file integrity checking, web application scanning).
For scanners, indicate what the scanner’s capability is, e.g.,
database scanning, web application scanning, infrastructure
scanning, code scanning/analysis). For more information see the
Guide to Understanding FedRAMP.
Delete this instruction from your final version of this document.
<Your Name> plans to use the following tools noted in Table 53
Tools Used for Security Testing to perform testing of the CRSS
ITS.
Table 53 Tools Used for Security Testing
Tool Name
Vendor/Organization Name & Version
Purpose of ToolEnter Tool NameEnter Vendor and VersionEnter
Tool PurposeEnter Tool NameEnter Vendor and VersionEnter
Tool PurposeEnter Tool NameEnter Vendor and VersionEnter
Tool PurposeEnter Tool NameEnter Vendor and VersionEnter
Tool Purpose
Testing Performed Through Manual Methods
Instruction: Describe what technical tests will be performed
through manual methods without the use of automated tools.
The results of all manual tests must be recorded in the Security
Assessment Report (SAR). Examples are listed in the first four
rows. Delete the examples, and put in the real tests. Add
additional rows as necessary. Identifiers must be in the format
MT-1, MT-2 which would indicate “Manual Test 1” and
“Manual Test 2” etc.
Example MT-1
Example Forceful Browsing
Example Description: We will login as a customer and try to see
if we can gain access to the Network Administrator and
Database Administrator privileges and authorizations by
navigating to different views and manually forcing the browser
to various URLs.
Example MT-2
Example Structured Query Language (SQL) Injection
Example Description: We will perform some manual SQL
injection attacks using fake names and 0 OR '1'='1' statements.
Example MT-3 C
Example Completely Automated Public Turing test to tell
Computers and Humans Apart (CAPTCHA)
Example Description: We will test the CAPTCHA function on
the web form manually.
Example MT-4
Example Online Certificate Status Protocol (OCSP)
Example Description: We will manually test to see if OCSP is
validating certificates.
Penetration tests must be included in this section.
Delete these instructions from your final version of this
document.
Table 54 Testing Performed through Manual Methods describes
the technical test that were performed through manual methods
without automated tools.
Table 54 Testing Performed through Manual Methods
Test ID
Test Name
DescriptionTest IDTest NameEnter Test DescriptionTest IDTest
NameEnter Test DescriptionTest IDTest NameEnter Test
Description
Rules of Engagement
Security testing
Instruction: FedRAMP provides a Rules of Engagement
template. The IAs must edit this RoE as necessary. The final
version of the RoE must be signed by both the IA and CSP.
Delete this instruction from your final version of this document.
A Rules of Engagement (RoE) document is designed to describe
proper notifications and disclosures between the owner of a
tested systems and an independent assessor. In particular, a
RoE includes information about targets of automated scans and
IP address origination information of automated scans (and
other testing tools). Together with the information provided in
preceding sections of this document, this document shall serve
as a RoE once signed.
Disclosures
Instruction: Edit and modify the disclosures as necessary. If
testing is to be conducted from an internal location, identify at
least one network port with access to all subnets/segments to be
tested. The purpose of identifying the IP addresses from where
the security testing will be performed is so that when the IAs
are performing scans, the CSP will understand that the rapid and
high volume network traffic is not an attack and is part of the
testing.
Edit the below lists as needed.
Delete this instruction from your final version of this document.
Any testing will be performed according to terms and conditions
designed to minimize risk exposure that could occur during
security testing. All scans will originate from the following IP
address(es): 192.168.1.250
Security Testing May Include
Instruction: The IA must edit the bullets in this default list to
make it consistent with each unique system tested.
Delete this instruction from your final version of this document.
Security testing may include the following activities:
Port scans and other network service interaction and queries
Network sniffing, traffic monitoring, traffic analysis, and host
discovery
Attempted logins or other use of systems, with any account
name/password
Attempted structured query language (SQL) injection and other
forms of input parameter testing
Use of exploit code for leveraging discovered vulnerabilities
Password cracking via capture and scanning of authentication
databases
Spoofing or deceiving servers regarding network traffic
Altering running system configuration except where denial of
service would result
Adding user accounts
Security Testing Will Not Include
Instruction: The 3PAO must edit the bullets in this default list
to make it consistent with each unique system tested.
Delete this instruction from your final version of this document.
Security testing will not include any of the following activities:
Changes to assigned user passwords
Modification of user files or system files
Telephone modem probes and scans (active and passive)
Intentional viewing of Country Roads Space Systems staff
email, Internet caches, and/or personnel cookie files
Denial of service attacks
Exploits that will introduce new weaknesses to the system
Intentional introduction of malicious code (viruses, Trojans,
worms, etc.)End of Testing
<Your Name> will notify CRSS Project Manager at Country
Roads Space Systems when security testing has been
completed.Communication of Test Results
Email and reports on all security testing will be encrypted
according to Country Roads Space Systems requirements.
Security testing results will be sent and disclosed to the
individuals at Country Roads Space Systems noted in Table 61
Individuals at Country Roads Space Systems Receiving Test
Results within 60 days after security testing has been
completed.
Table 61 Individuals at Country Roads Space Systems
Receiving Test Results
Name
Role
Contact InformationYour ProfessorGradingEnter CSP Contact
Information
Limitation of Liability
Instruction: Insert any Limitations of Liability associated with
the security testing below. Edit the provided default Limitation
of Liability as needed.
Delete this instruction from your final version of this document.
<Your Name>, and its stated partners, shall not be held liable to
Country Roads Space Systems for any and all liabilities, claims,
or damages arising out of or relating to the security
vulnerability testing portion of this agreement, howsoever
caused and regardless of the legal theory asserted, including
breach of contract or warranty, tort, strict liability, statutory
liability, or otherwise.
Country Roads Space Systems acknowledges that there are
limitations inherent in the methodologies implemented, and the
assessment of security and vulnerability relating to information
technology is an uncertain process based on past experiences,
currently available information, and the anticipation of
reasonable threats at the time of the analysis. There is no
assurance that an analysis of this nature will identify all
vulnerabilities or propose exhaustive and operationally viable
recommendations to mitigate all exposure.Signatures
The following individuals at the IA and Country Roads Space
Systems have been identified as having the authority to agree to
security testing of CRSS ITS.
ACCEPTANCE AND SIGNATURE
I have read the above Security Assessment Plan and Rules of
Engagement and I acknowledge and agree to the tests and terms
set forth in the plan.
<Your Name> Representative:Enter 3PAO Representative
Name.
(printed)
<Your Name> Representative:
(signature)Click here to enter a date.
(date)
Country Roads Space Systems Representative:CRSS Manager
(printed)
Country Roads Space Systems Representative:
NASA PM
(signature)Click here to enter a date.
(date)
Controlled Unclassified Information Page | 12
Acronyms
Please add any Acronyms you utilize in this area, in
alphabetical order.
Delete this instruction from your final version of this document.
The master list of FedRAMP acronym and glossary definitions
for all FedRAMP templates is available on the FedRAMP
website
Documents page under Program Overview Documents.
A&A – Assessment and Authorization
BCP – Business Continuity Plan
BIA – Business Impact Analysis
BPR - Business Process Reengineering Plan
CEO – Chief Executive Officer
COBIT - Control Objectives for Information and Related
Technologies
CRSS – Country Roads Space Systems
DR – Disaster Recovery Plan
HOT – Hot review in auditing
ISO – International Standards Organization
IT – Information Technology
LAN – Local Area Network
NASA – National Aeronautical Space Agency
NIST – National Institute of Standards and Technology
POAM – Plan of Action and Milestones
RA – Risk Analysis Report
SAP – Security Assessment Plan
SAR – Security Assessment Report
WAN – Wide Area Network
Unclassified Confidential Information Page 11A
Appendix A – Attachments
Instruction: If applicable, attachments must include penetration
testing rules of engagement, penetration testing methodology,
and the sampling methodology used in testing.
Delete this instruction from your final version of this document.
List of Attachments:
image1.png
image2.png
image3.png
LAN
Server
Interagency
Wide Area
Network (WAN)
Other Agency
Host or LAN
Modem
Pool Console
Router/
Screener
Other Agency
Host or LAN
Private
Databases
Modem
Pool
Internet
Local Area Network (LAN)
Mainframe
Direct Deposit,
IRS, State, etc.

More Related Content

Similar to Part 1 Major Events DocumentationScenario You visit a retail.docx

Database Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxDatabase Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docx
whittemorelucilla
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
duketjoy27252
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015
AFCEA International
 
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET Journal
 
IRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart Grid
IRJET Journal
 
Trackment
TrackmentTrackment
Trackment
meaannn
 
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxAssessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
festockton
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
IJERA Editor
 
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET Journal
 
IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET-  	  Insider Interruption Identification and Protection by using Forens...IRJET-  	  Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET Journal
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
Ignyte Assurance Platform
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
amaranthbeg93
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
amaranthbeg73
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to Know
Terra Verde
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
akquinet enterprise solutions GmbH
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
taitcandie
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
Enda Crossan
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
Priyanka Aash
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head    2Week #8 MidTerm Assignment               .docxRunning Head    2Week #8 MidTerm Assignment               .docx
Running Head 2Week #8 MidTerm Assignment .docx
healdkathaleen
 

Similar to Part 1 Major Events DocumentationScenario You visit a retail.docx (20)

Database Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxDatabase Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docx
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015
 
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
 
IRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart Grid
 
Trackment
TrackmentTrackment
Trackment
 
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxAssessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
 
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
 
IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET-  	  Insider Interruption Identification and Protection by using Forens...IRJET-  	  Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to Know
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head    2Week #8 MidTerm Assignment               .docxRunning Head    2Week #8 MidTerm Assignment               .docx
Running Head 2Week #8 MidTerm Assignment .docx
 

More from alisondakintxt

You will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxYou will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docx
alisondakintxt
 
Which of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxWhich of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docx
alisondakintxt
 
Throughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docxThroughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docx
alisondakintxt
 
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docxUnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
alisondakintxt
 
The Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docxThe Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docx
alisondakintxt
 
The leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docxThe leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docx
alisondakintxt
 
The Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docxThe Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docx
alisondakintxt
 
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docxSTUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
alisondakintxt
 
the elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docxthe elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docx
alisondakintxt
 
TECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docxTECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docx
alisondakintxt
 
Step 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docxStep 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docx
alisondakintxt
 
The Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docxThe Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docx
alisondakintxt
 
Review the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docxReview the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docx
alisondakintxt
 
Research Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docxResearch Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docx
alisondakintxt
 
Step 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docxStep 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docx
alisondakintxt
 
Objectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docxObjectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docx
alisondakintxt
 
Marketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docxMarketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docx
alisondakintxt
 
Learning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docxLearning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docx
alisondakintxt
 
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docxRACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
alisondakintxt
 
Part 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docxPart 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docx
alisondakintxt
 

More from alisondakintxt (20)

You will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxYou will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docx
 
Which of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxWhich of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docx
 
Throughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docxThroughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docx
 
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docxUnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
 
The Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docxThe Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docx
 
The leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docxThe leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docx
 
The Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docxThe Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docx
 
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docxSTUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
 
the elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docxthe elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docx
 
TECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docxTECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docx
 
Step 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docxStep 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docx
 
The Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docxThe Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docx
 
Review the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docxReview the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docx
 
Research Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docxResearch Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docx
 
Step 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docxStep 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docx
 
Objectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docxObjectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docx
 
Marketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docxMarketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docx
 
Learning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docxLearning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docx
 
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docxRACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
 
Part 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docxPart 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docx
 

Recently uploaded

BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
RidwanHassanYusuf
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
heathfieldcps1
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
Celine George
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
Steve Thomason
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants  When and How To Record ProperlyAccounting for Restricted Grants  When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
TechSoup
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
Celine George
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
Nguyen Thanh Tu Collection
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
Nguyen Thanh Tu Collection
 
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A  Nation In the Making 1872 - 1900 SML.pptLevel 3 NCEA - NZ: A  Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Henry Hollis
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
Mohammad Al-Dhahabi
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
danielkiash986
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
iammrhaywood
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
MJDuyan
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
Himanshu Rai
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
khuleseema60
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
Jyoti Chand
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
indexPub
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
nitinpv4ai
 

Recently uploaded (20)

BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptxBIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
BIOLOGY NATIONAL EXAMINATION COUNCIL (NECO) 2024 PRACTICAL MANUAL.pptx
 
The basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptxThe basics of sentences session 7pptx.pptx
The basics of sentences session 7pptx.pptx
 
How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17How to Download & Install Module From the Odoo App Store in Odoo 17
How to Download & Install Module From the Odoo App Store in Odoo 17
 
A Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two HeartsA Visual Guide to 1 Samuel | A Tale of Two Hearts
A Visual Guide to 1 Samuel | A Tale of Two Hearts
 
Accounting for Restricted Grants When and How To Record Properly
Accounting for Restricted Grants  When and How To Record ProperlyAccounting for Restricted Grants  When and How To Record Properly
Accounting for Restricted Grants When and How To Record Properly
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
How to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in useHow to Fix [Errno 98] address already in use
How to Fix [Errno 98] address already in use
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 8 - CẢ NĂM - FRIENDS PLUS - NĂM HỌC 2023-2024 (B...
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
CHUYÊN ĐỀ ÔN TẬP VÀ PHÁT TRIỂN CÂU HỎI TRONG ĐỀ MINH HỌA THI TỐT NGHIỆP THPT ...
 
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A  Nation In the Making 1872 - 1900 SML.pptLevel 3 NCEA - NZ: A  Nation In the Making 1872 - 1900 SML.ppt
Level 3 NCEA - NZ: A Nation In the Making 1872 - 1900 SML.ppt
 
skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)skeleton System.pdf (skeleton system wow)
skeleton System.pdf (skeleton system wow)
 
Pharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brubPharmaceutics Pharmaceuticals best of brub
Pharmaceutics Pharmaceuticals best of brub
 
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptxNEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
NEWSPAPERS - QUESTION 1 - REVISION POWERPOINT.pptx
 
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumPhilippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) Curriculum
 
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem studentsRHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
RHEOLOGY Physical pharmaceutics-II notes for B.pharm 4th sem students
 
MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025MDP on air pollution of class 8 year 2024-2025
MDP on air pollution of class 8 year 2024-2025
 
Wound healing PPT
Wound healing PPTWound healing PPT
Wound healing PPT
 
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
THE SACRIFICE HOW PRO-PALESTINE PROTESTS STUDENTS ARE SACRIFICING TO CHANGE T...
 
Skimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S EliotSkimbleshanks-The-Railway-Cat by T S Eliot
Skimbleshanks-The-Railway-Cat by T S Eliot
 

Part 1 Major Events DocumentationScenario You visit a retail.docx

  • 1. Part 1: Major Events Documentation Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals distributed openly around the store. You produce a credit card, the salesclerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and checks the contents of the store bag. Document each of the major events just described and explain them in terms of the PCI compliance standard. Include this report in your assignment. Part 2: PCI Compliance This part of the assignment will cover PCI. Please refer to the attached file in your responses. Respond to and address the following in essay style: 1. Suppose HGA’s mainframe, depicted in Figure B-1, stored cardholder data in the private databases. What steps should be taken to protect that data in order to be PCI compliant? 2. HGA’s mainframe has network connectivity. Assuming that cardholder data is transmitted across these networks, describe how data should be protected in transmission. 3. Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data. 4. The PCI specification notes that all systems and network devices connected to a system that stores, transmits, or processes cardholder data is in scope and must comply with PCI specifications. To avoid having the whole network subject to PCI specifications, how would you segment the network to reduce the scope of compliance? Assignment Requirements: Submit your assignment in the usual double-spaced APA-styled report. At least four pages of material are expected beyond the title page, table of contents, abstract, and references page.
  • 2. · Answers contain sufficient information to adequately answer the questions · No spelling errors · No grammar errors CRSS Network Diagram Copyright Rasmussen, Inc. 2013. Proprietary and Confidential. 1 1 image3.png image5.png FedRAMP Security Assessment Plan (SAP) Third Party Assessment Prepared by <Your Name> for Country Roads Space Systems & NASA CRSS Information Systems. Administration and Classified Networks Version #.# <DATE> MOCK Plan
  • 3. CRSS Information Systems. Administration and Classified Networks | Version #.# Date Controlled Unclassified Information Page | 10 System Assessment Plan Prepared by Identification of Organization that Prepared this Document Student NameEnter Your Name Rasmussen Email AddressEnter Rasmussen Email Address ClassEnter Class Name Course and SemesterEnter Section Number and Semester Prepared for Identification of Cloud Service Provider Organization NameNASA Street Address300 E St. SW Suite/Room/BuildingIA Office Floor 2 City, State ZipWashington DC 20546 Revision History Date Description Version of SSP Author<Date><Revision Description><Version><Author><Date><Revision Description><Version><Author>
  • 4. Table of Contents 1Introduction1 1.1Laws, Regulations, Standards, and Guidance1 1.2Purpose1 2Scope2 2.1Information System Name/Title2 2.2Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing2 2.3Roles Slated for Testing2 3Assumptions2 4Methodology3 5Test Plan4 5.1Security Assessment Team4 5.2NASA /CRSS Provider Testing Points of Contact5 5.3Testing Performed Using Automated Tools5 5.4Testing Performed Through Manual Methods6 6Rules of Engagement7 6.1Security Testing7 6.2End of Testing8 6.3Communication of Test Results8 6.4 Limitation of Liabilities…………………………………………………………… …………………………………….…………..8 6.5 Signatures 10 7Acronyms10 AAppendix A – Attachments11 List of Tables Table 21 Information System Name and Title2 Table 26 Role Based Testing2 Table 51 Security Testing Team4 Table 52 NASA /CRSS Service Provider Points of Contact5 Table 53 Tools Used for Security Testing5 Table 54 Testing Performed through Manual Methods6 Table 61 Individuals at NASA /CRSS Receiving Test Results8
  • 5. CRSS Information Systems. Administration and Classified Networks FedRAMP SAP Template Version #.# Date MOCK Plan – Academic Purposes Only Page | ii Introduction Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Country Roads Space Systems. Testing security controls is an integral part of the FedRAMP security authorization requirements. Providing a plan for security control ensures that the process runs smoothly. The CRSS Information Systems. Administration and Classified Networks (CRSS ITS) will be assessed by an Independent Assessor (IA) <Your Name>. The use of an independent assessment team reduces the potential for conflicts of interest that could occur in verifying the implementation status and effectiveness of the security controls. National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 39, Managing Information Security Risk states: Assessor independence is an important factor in: (i) preserving the impartial and unbiased nature of the assessment process; (ii) determining the credibility of the security assessment results; and (iii) ensuring that the authorizing official receives the most objective information possible in order to make an informed, risk-based, authorization decision.Laws, Regulations, Standards, and Guidance A summary of the FedRAMP Laws and Regulations and the FedRAMP Standards and Guidance is included in the System Security Plan (SSP) Attachment 12 – FedRAMP Laws and Regulations. SSP Section 12 Laws, Regulations, Standards, and Guidance contains the following two tables that are system specific:
  • 6. Table 12 1 CRSS Information Systems. Administration and Classified Networks Laws and Regulations includes additional laws and regulations specific to CRSS Information Systems. Administration and Classified Networks. Table 12 2 CRSS Information Systems. Administration and Classified Networks Standards and Guidance includes any additional standards and guidance specific to CRSS Information Systems. Administration and Classified Networks.Purpose This document consists of a test plan to test the security controls for CRSS ITS. It has been completed by <Your Name> for the benefit of Country Roads Space Systems. NIST SP 800- 39, Managing Information Security Risk states: The information system owner and common control provider rely on the security expertise and the technical judgment of the assessor to: (i) assess the security controls employed within and inherited by the information system using assessment procedures specified in the security assessment plan; and (ii) provide specific recommendations on how to correct weaknesses or deficiencies in the controls and address identified vulnerabilities.Scope Information System Name/Title The CRSS ITS is undergoing testing as described in this Security Assessment Plan named in Table 2-1. Table 21 Information System Name and Title Unique Identifier Information System Name Information System Abbreviation487-4587654 CRSS Information Systems. Administration and Classified Networks CRSS ITS Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing
  • 7. Instruction: If you plan to test any of the systems identified in the CRSS_Network.vsd Diagram, you will need to list them here, with a brief description of the system (extrapolate the function from the name based on other systems of the same type you find online) and list a priority for testing based on your view of the risk and vulnerability. Delete this instruction from your final version of this document. Please list all systems slated for testing. System Name Description Priority for Testing Roles Slated for Testing Role testing will be performed to test the authorizations restrictions for each role. <Your Name> will access the system while logged in as different user types and attempt to perform restricted functions as unprivileged users. Functions and roles that will be tested are noted in Table 26 Role Based Testing. Roles slated for testing correspond to those roles listed in the CRSS ITS SSP. Table 26 Role Based Testing Role Name Test User ID Associated FunctionsEnter Role NameEnter Test User IDEnter Associated FunctionsEnter Role NameEnter Test User IDEnter Associated FunctionsEnter Role NameEnter Test User IDEnter Associated Functions Assumptions
  • 8. Instruction: The assumptions listed are default assumptions. The Auditor must edit these assumptions as necessary for each unique engagement. Delete this instruction from your final version of this document. The following assumptions were used when developing this SAP: Country Roads Space Systems resources, including documentation and individuals with knowledge of the Country Roads Space Systems and infrastructure and their contact information, will be available to <Your Name> staff during the time necessary to complete assessments. The Country Roads Space Systems will provide login account information/credentials necessary for <Your Name> to use its testing devices to perform authenticated scans of devices and applications. The Country Roads Space Systems will permit <Your Name> to connect its testing laptops to the Country Roads Space Systems networks defined within the scope of this assessment. The Country Roads Space Systems will permit communication from Third Party Assessment Organization testing appliances to an internet hosted vulnerability management service to permit the analysis of vulnerability data. Security controls that have been identified as “Not Applicable” in the SSP will be verified as such and further testing will not be performed on these security controls Significant upgrades or changes to the infrastructure and components of the system undergoing testing will not be performed during the security assessment period. For onsite control assessment, Country Roads Space Systems personnel will be available should the <Your Name> staff determine that either after hours work, or weekend work, is necessary to support the security assessment. <ADD MORE HERE>Methodology Instruction: FedRAMP provides a documented methodology to describe the process for testing the security controls. The IAs
  • 9. may edit this section to add additional information. Delete this instruction from your final version of this document. <Your Name> will perform an assessment of the CRSS ITS security controls using the methodology described in NIST SP 800-53A. <Your Name> will use FedRAMP test procedures to evaluate the security control(s). Outline below, these test procedures contain the test objectives and associated test cases to determine if a control is effectively implemented and operating as intended. <Your Name> data gathering activities will consist of the following: Request Country Roads Space Systems provide FedRAMP required documentation Request any follow-up documentation, files, or information needed that is not provided in FedRAMP required documentation Travel to the Country Roads Space Systems sites as necessary to inspect systems and meet with Country Roads Space Systems staff Obtain information through the use of security testing tools Security controls will be verified using one or more of the following assessment methods: Examine: the IA will review, analyze, inspect, or observe one or more assessment artifacts as specified in the attached test cases Interview: the IA will conduct discussions with individuals within the organization to facilitate assessor understanding, achieve clarification, or obtain evidence Technical Tests: the IA will perform technical tests, including penetration testing, on system components using automated and manual methods <Your Name> will use sampling when performing this assessment. Control Name Data Gathering Methodology Verification method Details
  • 10. Test Plan Security Assessment Team Instruction: List the members of the risk assessment team and the role each member will play. Include team members contact information. Enter up to 3 other members after you on the first line. Fill in the role with skills you believe are needed to perform this assessment and fake contact information. Delete this instruction from your final version of this document. The security assessment team consists of the below individuals. Security control assessors play a unique role in testing system security controls. NIST SP 800-39, Managing Information Security Risk states: The security control assessor is an individual, group, or organization responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The members of the IA security testing team are found in Table 51 Security Testing Team. Table 51 Security Testing Team Name Role
  • 11. Contact InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract Information Country Roads Space Systems Provider Testing Points of Contact Instruction: The IA must obtain at least three points of contact from the CSP to use for testing communications. One of the contacts must be available 24 x 7 and must include an operations center (e.g., NOC, SOC). Delete this instruction from your final version of this document. The Country Roads Space Systems points of contact that the testing team will use are found in Table 52 Country Roads Space Systems Service Provider Points of Contact (POCs). Table 52 Country Roads Space Systems Service Provider Points of Contact Name Role Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact Information Testing Performed Using Automated Tools Instruction: Describe what tools will be used for testing security controls. Include all product names and names of open source tools and include version numbers. If open source tools are used, name the organization (or individuals) who developed the tools. Additionally, describe the function and purpose of the tool (e.g., file integrity checking, web application scanning). For scanners, indicate what the scanner’s capability is, e.g., database scanning, web application scanning, infrastructure
  • 12. scanning, code scanning/analysis). For more information see the Guide to Understanding FedRAMP. Delete this instruction from your final version of this document. <Your Name> plans to use the following tools noted in Table 53 Tools Used for Security Testing to perform testing of the CRSS ITS. Table 53 Tools Used for Security Testing Tool Name Vendor/Organization Name & Version Purpose of ToolEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool Purpose Testing Performed Through Manual Methods Instruction: Describe what technical tests will be performed through manual methods without the use of automated tools. The results of all manual tests must be recorded in the Security Assessment Report (SAR). Examples are listed in the first four rows. Delete the examples, and put in the real tests. Add additional rows as necessary. Identifiers must be in the format MT-1, MT-2 which would indicate “Manual Test 1” and “Manual Test 2” etc. Example MT-1 Example Forceful Browsing Example Description: We will login as a customer and try to see if we can gain access to the Network Administrator and Database Administrator privileges and authorizations by navigating to different views and manually forcing the browser to various URLs. Example MT-2 Example Structured Query Language (SQL) Injection Example Description: We will perform some manual SQL
  • 13. injection attacks using fake names and 0 OR '1'='1' statements. Example MT-3 C Example Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) Example Description: We will test the CAPTCHA function on the web form manually. Example MT-4 Example Online Certificate Status Protocol (OCSP) Example Description: We will manually test to see if OCSP is validating certificates. Penetration tests must be included in this section. Delete these instructions from your final version of this document. Table 54 Testing Performed through Manual Methods describes the technical test that were performed through manual methods without automated tools. Table 54 Testing Performed through Manual Methods Test ID Test Name DescriptionTest IDTest NameEnter Test DescriptionTest IDTest NameEnter Test DescriptionTest IDTest NameEnter Test Description Rules of Engagement Security testing Instruction: FedRAMP provides a Rules of Engagement template. The IAs must edit this RoE as necessary. The final version of the RoE must be signed by both the IA and CSP. Delete this instruction from your final version of this document. A Rules of Engagement (RoE) document is designed to describe proper notifications and disclosures between the owner of a tested systems and an independent assessor. In particular, a
  • 14. RoE includes information about targets of automated scans and IP address origination information of automated scans (and other testing tools). Together with the information provided in preceding sections of this document, this document shall serve as a RoE once signed. Disclosures Instruction: Edit and modify the disclosures as necessary. If testing is to be conducted from an internal location, identify at least one network port with access to all subnets/segments to be tested. The purpose of identifying the IP addresses from where the security testing will be performed is so that when the IAs are performing scans, the CSP will understand that the rapid and high volume network traffic is not an attack and is part of the testing. Edit the below lists as needed. Delete this instruction from your final version of this document. Any testing will be performed according to terms and conditions designed to minimize risk exposure that could occur during security testing. All scans will originate from the following IP address(es): 192.168.1.250 Security Testing May Include Instruction: The IA must edit the bullets in this default list to make it consistent with each unique system tested. Delete this instruction from your final version of this document. Security testing may include the following activities: Port scans and other network service interaction and queries Network sniffing, traffic monitoring, traffic analysis, and host discovery Attempted logins or other use of systems, with any account name/password Attempted structured query language (SQL) injection and other forms of input parameter testing Use of exploit code for leveraging discovered vulnerabilities Password cracking via capture and scanning of authentication databases
  • 15. Spoofing or deceiving servers regarding network traffic Altering running system configuration except where denial of service would result Adding user accounts Security Testing Will Not Include Instruction: The 3PAO must edit the bullets in this default list to make it consistent with each unique system tested. Delete this instruction from your final version of this document. Security testing will not include any of the following activities: Changes to assigned user passwords Modification of user files or system files Telephone modem probes and scans (active and passive) Intentional viewing of Country Roads Space Systems staff email, Internet caches, and/or personnel cookie files Denial of service attacks Exploits that will introduce new weaknesses to the system Intentional introduction of malicious code (viruses, Trojans, worms, etc.)End of Testing <Your Name> will notify CRSS Project Manager at Country Roads Space Systems when security testing has been completed.Communication of Test Results Email and reports on all security testing will be encrypted according to Country Roads Space Systems requirements. Security testing results will be sent and disclosed to the individuals at Country Roads Space Systems noted in Table 61 Individuals at Country Roads Space Systems Receiving Test Results within 60 days after security testing has been completed. Table 61 Individuals at Country Roads Space Systems Receiving Test Results Name Role
  • 16. Contact InformationYour ProfessorGradingEnter CSP Contact Information Limitation of Liability Instruction: Insert any Limitations of Liability associated with the security testing below. Edit the provided default Limitation of Liability as needed. Delete this instruction from your final version of this document. <Your Name>, and its stated partners, shall not be held liable to Country Roads Space Systems for any and all liabilities, claims, or damages arising out of or relating to the security vulnerability testing portion of this agreement, howsoever caused and regardless of the legal theory asserted, including breach of contract or warranty, tort, strict liability, statutory liability, or otherwise. Country Roads Space Systems acknowledges that there are limitations inherent in the methodologies implemented, and the assessment of security and vulnerability relating to information technology is an uncertain process based on past experiences, currently available information, and the anticipation of reasonable threats at the time of the analysis. There is no assurance that an analysis of this nature will identify all vulnerabilities or propose exhaustive and operationally viable recommendations to mitigate all exposure.Signatures The following individuals at the IA and Country Roads Space Systems have been identified as having the authority to agree to security testing of CRSS ITS. ACCEPTANCE AND SIGNATURE
  • 17. I have read the above Security Assessment Plan and Rules of Engagement and I acknowledge and agree to the tests and terms set forth in the plan. <Your Name> Representative:Enter 3PAO Representative Name. (printed) <Your Name> Representative: (signature)Click here to enter a date. (date) Country Roads Space Systems Representative:CRSS Manager (printed) Country Roads Space Systems Representative: NASA PM (signature)Click here to enter a date. (date) Controlled Unclassified Information Page | 12 Acronyms Please add any Acronyms you utilize in this area, in alphabetical order. Delete this instruction from your final version of this document. The master list of FedRAMP acronym and glossary definitions for all FedRAMP templates is available on the FedRAMP
  • 18. website Documents page under Program Overview Documents. A&A – Assessment and Authorization BCP – Business Continuity Plan BIA – Business Impact Analysis BPR - Business Process Reengineering Plan CEO – Chief Executive Officer COBIT - Control Objectives for Information and Related Technologies CRSS – Country Roads Space Systems DR – Disaster Recovery Plan HOT – Hot review in auditing ISO – International Standards Organization IT – Information Technology LAN – Local Area Network NASA – National Aeronautical Space Agency NIST – National Institute of Standards and Technology POAM – Plan of Action and Milestones RA – Risk Analysis Report SAP – Security Assessment Plan SAR – Security Assessment Report WAN – Wide Area Network Unclassified Confidential Information Page 11A Appendix A – Attachments Instruction: If applicable, attachments must include penetration testing rules of engagement, penetration testing methodology, and the sampling methodology used in testing. Delete this instruction from your final version of this document. List of Attachments: image1.png image2.png
  • 19. image3.png LAN Server Interagency Wide Area Network (WAN) Other Agency Host or LAN Modem Pool Console Router/ Screener Other Agency Host or LAN Private Databases Modem Pool Internet Local Area Network (LAN) Mainframe