SlideShare a Scribd company logo

To meet the requirements for lab 10 you were to perform Part 1, S

Download as DOCX, PDF
T
TakishaPeck109

To meet the requirements for lab 10 you were to perform: Part 1, Step 2: evaluate the policy document against the summarized NIST best practices, identify by number which, if any, of the eight best practices the policy satisfies, and for each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice; Part 1 Step 3: suggest how you would revise the policy to directly align with the standards and provide specific statements that you would add/modify in the policy; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2, Step 3: describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community; Part 2, Step 5: identify the section of the recommendations that achieves this goal; Part 2, Step 7: for each of the five best practices in the previous step, classify the practice as: satisfied (indicate recommendation number that achieves the best practice), violated (indicate recommendation number that violates the best practice) or not addressed. Unfortunately it looks like you were off target for this assignment; you needed to: Part 1, Step 2: identify by number the best practices (given in the lab) that are satisfied by the policy - partial credit given;  Part 1 Step 3: provide specific statements on how you would revise the policy; you needed to align your statements with the best practices (e.g. Best Practice 2: add to Section 4.2) - partial credit given; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework; this "policy" is better described as a standard (see technical implementation details); Part 2, Step 3: describe the process that the Center uses to ensure its standards represent the consensus of the cybersecurity community; see the Consensus Guidance portion of the document - partial credit given; Part 2, Step 5: identify the section of the recommendations that achieves the goal of Step 3 - partial credit given; Part 2, Step 7: classify the five best practices; indicate the recommendation number for each - partial credit given. Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Student: Email: HARSHAVARDHAN POCHARAM [email protected] Time on Task: Progress: 100% Report Generated: Sunday, June 20, 2021 at 9:45 AM Guided Exercises Part 1: Evaluate a Security Policy 2. Evaluate the policy document against the NIST best practices summarized above. Identify by number which, if any, of the eight best practices the policy satisfies. For each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice. In line with relevant policy, the information s ...

Education
1 of 19
To meet the requirements for lab 10 you were to perform: Part 1, Step 2: evaluate the policy document against the summarized NIST best practices, identify by number which, if any, of the eight best practices the policy satisfies, and for each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice; Part 1 Step 3: suggest how you would revise the policy to directly align with the standards and provide specific statements that you would add/modify in the policy; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2, Step 3: describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community; Part 2, Step 5: identify the section of the recommendations that achieves this goal; Part 2, Step 7: for each of the five best practices in the previous step, classify the practice as: satisfied (indicate recommendation number that achieves the best practice), violated (indicate recommendation number that violates the best practice) or not addressed. Unfortunately it looks like you were off target for this assignment; you needed to: Part 1, Step 2: identify by number the best practices (given in the lab) that are satisfied by the policy - partial credit given; Part 1 Step 3: provide specific statements on how you would revise the policy; you needed to align your statements with the best practices (e.g. Best Practice 2: add to Section 4.2) - partial credit given; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework; this "policy" is better
described as a standard (see technical implementation details); Part 2, Step 3: describe the process that the Center uses to ensure its standards represent the consensus of the cybersecurity community; see the Consensus Guidance portion of the document - partial credit given; Part 2, Step 5: identify the section of the recommendations that achieves the goal of Step 3 - partial credit given; Part 2, Step 7: classify the five best practices; indicate the recommendation number for each - partial credit given. Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Student: Email: HARSHAVARDHAN POCHARAM [email protected] Time on Task: Progress: 100% Report Generated: Sunday, June 20, 2021 at 9:45 AM Guided Exercises Part 1: Evaluate a Security Policy 2. Evaluate the policy document against the NIST best practices summarized above. Identify by number which, if any, of the eight best practices the policy
satisfies. For each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice. In line with relevant policy, the information system enforces permitted authorizations for regulating the flow of information inside the system and between interconnected systems. Information flow control governs where information is permitted to move inside and across information systems (rather than who is authorised to access the information), with no consideration for later accesses to that information. The following are a few instances of flow control restrictions: preventing export-controlled data from being sent over the Internet in clear text, blocking outside traffic posing as internal traffic, and not forwarding any web requests to the Internet that are not from the internal web proxy. 3. Suggest how you would revise the policy to directly align with the standards. Provide specific statements that you would add/modify in the policy. An access control policy for the assets in scope must be created, recorded, and evaluated on a regular basis, taking into consideration the business's needs. The information security risks around the information, as well as the organization's appetite for managing them, should be reflected in the access control rules, rights, and limitations, as well as the level of the controls utilised. Simply said, access control refers to who needs to know, who needs to utilise, and how much access they have. Permission limits on user accounts, as well as restrictions on who may access particular physical areas, are examples of access controls that can be both digital
and physical in origin. • Clarify who needs to access, know, and use the information – backed by written processes and responsibilities; • Take into consideration the security requirements of business applications and link them with the information categorization system in use according to Asset Management; • Access control rules should be backed by formal processes and specified duties, as well as adding, in-life modifications. Changes in roles, in particular during exits, need a review of access control Page 1 of 4 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 4. Describe whether this document is best titled as a policy or whether it would be better described using another element of the policy framework. This document is best titled as a policy since policy aids in the achievement of the enterprise's objectives and provides just a general framework, leaving interpretation to subordinates so that their initiative is not impeded. Part 2: Review a Security Configuration Standard 3. Describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community.
The purpose of access control is to reduce the danger of unauthorised access to physical and logical systems posing a security risk. Access control is a critical component of security compliance programmes because it guarantees that security technology and access control rules are in place to safeguard sensitive data, such as customer information. Entry to networks, computer systems, apps, files, and important information, such as personally identifiable information (PII) and intellectual property, is usually limited by infrastructure and processes in most companies. Access control rules ensure that users are who they say they are and have proper access to corporate data through authentication and authorisation. 5. Identify the section of the recommendations that achieves this goal. One of the most basic IT controls for ensuring system security and data integrity is system access restrictions. When it comes to implementing effective system access restrictions, there are several factors to consider. Access control verifies multiple login credentials, such as user names and passwords, PINs, biometric scans, and cryptographic keys, to identify users. Multifactor authentication, a mechanism that needs several authentication methods to authenticate a user's identity, is included in many access control systems. The restriction of access is a crucial component of IT security. It's also worth remembering that protection isn't just dependent on technology, but also on human conduct. Policies, education, and communication are critical, and successful
implementation of effective access controls requires strong management support Page 2 of 4 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 7. For each of the five best practices in the previous step, classify the practice as: Satisfied (indicate recommendation number that achieves the best practice) Violated (indicate recommendation number that violates the best practice) Not addressed satisfied: recommendation number 1,2 Violated: recommendation number 3,4 Not addressed: recommendation number 5 Page 3 of 4 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Challenge Exercise
Select three specific statements included in the standard that you drew from your own experience that are covered by the industry best practice document that you selected. For each of these three statements: Identify the section of your standard. Identify the section of the industry best practices that covers the same topic. Identify whether the standard you selected satisfies or violates the industry best practice. Provide a rationale for your conclusion. * Logging onto university information technology resources, such as servers, printers, routers, or computers, from a distant location is only possible via secure, authorised, and centrally controlled access methods. Furthermore, only secure, authenticated, and centrally controlled access methods are authorised to access university information that may be extremely sensitive or restricted. * An identity and access management system helps automate the onboarding process, ensuring that employees begin with the appropriate rights. This relieves your IT team of the effort of onboarding each new employee. Furthermore, it reduces the time it takes to onboard a new employee from months to hours. Furthermore, automated onboarding pushes your IT staff to identify which rights are required for each job, enhancing your identity governance capabilities. * The standard I chose
complies with industry best practises. * Enforcing best practises for identity and access management helps you to know who has access to sensitive information and under what situations. Identity and Access Management is a crucial and beneficial technique for safeguarding company data and systems. It may ensure that only authenticated and authorised people have access to the systems and data they need to do their jobs if it is correctly built and used. Powered by TCPDF (www.tcpdf.org) Page 4 of 4 http://www.tcpdf.org Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Introduction An organization’s security policy framework creates the foundation for its cybersecurity efforts. Technology and business leaders use policies, standards, guidelines, and procedures to communicate security objectives, prescribe required actions, and set forth best practices for use throughout the organization. This guidance is crucial to many different groups of stakeholders, ranging from the technology professionals who design and implement systems to the end users who make routine security decisions on a daily basis.
The security policy framework consists of four different types of documents, each of which serves a different purpose in an organization’s cybersecurity program: Policies are high-level statements of an organization’s security objectives and the principles that the organization will follow. Policy documents should be written using high-level language that avoids mentioning specific implementation details. As a result, they should be lasting documents that require only infrequent revision. For example, an organization might include a statement in its security policy that the Chief Information Security Officer bears overall authority and responsibility for meeting the organization’s cybersecurity objectives. Compliance with policies is mandatory. Standards provide more detailed security requirements for specific situations. Standards may cover elements of software and system design, configuration, or operations and will often contain technical detail. For example, an organization might create a standard for the configuration of Windows Server systems that includes the detailed security settings that they will use to achieve compliance with the standard. Compliance with standards is mandatory. Guidelines offer suggested best practices for achieving security objectives. They include recommendations from subject matter experts on ways that employees may achieve security objectives, but those recommendations are not mandatory. They
merely offer a suggested approach. Procedures set forth a step-by-step process for carrying out an activity, offering guidance to employees on how to achieve a specific goal. For example, the organization might have a new hire account generation procedure that specifies the steps involved in onboarding a new employee. Compliance with procedures may be either mandatory or optional, depending upon the nature of the procedure and the policy of the organization. In this lab, you will learn to apply the security policy framework to an access control environment. In the first part of the lab, you will review a set of best practices for password policies and then review a real-world password policy. You will then have the opportunity to offer suggestions for revising the policy to better align with those best practices. In the second part of the lab, you will review a security Page 1 of 7 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 configuration standard and learn how to apply it to production systems. Finally, if assigned by your instructor, you will write a procedure for achieving an access control objective.
Lab Overview This lab has two parts, which should be completed in the order specified. 1. In the first part of the lab, you will review a set of best practices for password policies and then review a real-world password policy. You will have the opportunity to offer suggestions for revising the policy to better align with those best practices. 2. In the second part of the lab, you will review a security configuration standard and learn how to apply it to production systems. Finally, if assigned by your instructor, you will complete a series of challenge exercises that allow you to use the skills you learned in the lab to conduct independent, unguided work - similar to what you will encounter in a real-world situation. Learning Objectives Upon completing this lab, you will be able to: 1. Evaluate a security policy against best practices. 2. Understand the role of policies, standards, procedures, and guidelines in the security policy framework. 3. Identify the element of the security policy framework that best meets an objective.
4. Understand the process of applying a security configuration standard to a system. Page 2 of 7 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: Identify the best practices met by the Michigan password policy Suggest revisions for the Michigan password policy Describe whether the Michigan password policy is best titled as a policy or as another element of the security policy framework Describe the Center for Internet Security consensus process Identify the section of the CIS standard that implements password composition requirements Identify whether the CIS standard satisfies, violates, or does not address each of the NIST best practices and the relevant recommendation number Challenge Exercise (if assigned) Page 3 of 7
Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Guided Exercises Note: In this section of the lab, you will follow a step-by-step walk-through of the objectives for this lab to produce the expected deliverable(s). 1. Review the Common Lab Tasks for Theory Labs document. Frequently performed tasks, such as recording your answers and downloading your Lab Report, are explained in the Common Lab Tasks for Theory Labs document. You should review these tasks before starting the lab. 2. Proceed with Part 1. Part 1: Evaluate a Security Policy Note: The current National Institute for Standards and Technology (NIST) guidance for the use of passwords introduced some major changes to the best practices that cybersecurity professionals have historically followed. If you completed these labs in order, you may recall from Lab 1 that you reviewed NIST SP 800-63b, Authenticator and Verifier Requirements, which includes these standards. The current NIST best practices include: Passwords should be at least 8 characters in length.
Passwords should be permitted to be up to 64 characters in length. Users should not be prompted to provide a password hint. Passwords should not be composed of dictionary words. Passwords should not include repetitive or sequential characters or context-specific words. Passwords may not be passwords included in previous breaches. Passwords should not be subject to other complexity rules. Passwords should not be set to expire arbitrarily. Authentication systems should provide guidance on the strength of selected passwords. Authentication systems should limit the number of failed consecutive logins for an account. In this part of the lab, you will review a real-world access control policy and determine whether it complies with these best practices. You will also suggest changes to the policy that bring it into compliance with the new best practices. 1. Download and review the policy document. Page 4 of 7 https://jbl-lti.hatsize.com/uploads/Common-Lab-Tasks-for- Theory-Labs.pdf https://jbl- lti.hatsize.com/uploads/Password_policy_325048_7.pdf Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10
This is a sample password policy provided by the State of Michigan for use as a template in designing password policies for state government agencies. 2. Evaluate the policy document against the NIST best practices summarized above. Identify by number which, if any, of the eight best practices the policy satisfies. For each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice. 3. Suggest how you would revise the policy to directly align with the standards. Provide specific statements that you would add/modify in the policy. 4. Describe whether this document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2: Review a Security Configuration Standard Note: Security configuration standards are often very detailed documents containing granular implementation details for configuring systems and devices. Creating these standards is time- consuming work and organizations should consider leveraging the work already performed by industry groups. The Center for Internet Security (cisecurity.org) is a cybersecurity organization that uses a collaborative process to create consensus standards for many different operating systems and applications. Organizations may choose to use the Center for Internet Security standards as the baseline for their own configuration standards. They may either
simply adopt the Center’s standards as is, or write their own document that notes changes from the Center’s standard. In this lab, you will review one of these consensus security standards and describe how you would implement it in your environment. 1. Navigate to https://www.cisecurity.org/ and locate the Center’s benchmarks for configuring Windows Server systems. You will need to register to create an account on the Center’s website to download their standards. There is no fee required to complete this process. 2. Review the “Consensus Guidance” section of the document. Page 5 of 7 https://www.cisecurity.org/ Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 3. Describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community. 4. Locate and review the section of the standard that implements password composition requirements.
5. Identify the section of the recommendations that achieves this goal. 6. Compare the configuration suggested in the policy to this subset of the NIST best practices that you reviewed in Part 1 of this lab: Passwords should be at least 8 characters in length. Passwords should not include repetitive or sequential characters or context-specific words. Passwords should not be subject to other complexity rules. Passwords should not be set to expire arbitrarily. Authentication systems should limit the number of failed consecutive logins for an account. 7. For each of the five best practices in the previous step, classify the practice as: Satisfied (indicate recommendation number that achieves the best practice) Violated (indicate recommendation number that violates the best practice) Not addressed Page 6 of 7 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab
10 Challenge Exercise Note: The following scenario provided to allow independent, unguided work, similar to what you will encounter in a real situation. For this section of the lab, you should consider a security standard that you are familiar with from your employment, academic institution, and/or personal life. If you do not have a security standard that you are familiar with, use a search engine to locate a standard used by a government agency or educational institution. Identify a set of industry best practices covering the same area as the standard you selected. You may choose to use standards published by the Center for Internet Security, the National Institute for Standards and Technology, a vendor, or other sources. Select three specific statements included in the standard that you drew from your own experience that are covered by the industry best practice document that you selected. For each of these three statements: Identify the section of your standard. Identify the section of the industry best practices that covers the same topic. Identify whether the standard you selected satisfies or violates the industry best practice.
Provide a rationale for your conclusion. Powered by TCPDF (www.tcpdf.org) Page 7 of 7 http://www.tcpdf.org

Recommended

· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
joellemurphey
 
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENTAUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
Editor IJCATR
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
durantheseldine
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38Rick Lemieux
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policyphanleson
 
Security Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docxSecurity Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docx
kenjordan97598
 
Security Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docxSecurity Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docx
bagotjesusa
 

Recommended

· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
· Processed on 09-Dec-2014 901 PM CST · ID 488406360 · Word .docx
LynellBull52
 
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docxRunning head AUDITING INFORMATION SYSTEMS PROCESS .docx
Running head AUDITING INFORMATION SYSTEMS PROCESS .docx
joellemurphey
 
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENTAUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
AUTHENTICATE SYSTEM OBJECTS USING ACCESS CONTROL POLICY BASED MANAGEMENT
Editor IJCATR
 
1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx1chapter42BaseTech Principles of Computer Securit.docx
1chapter42BaseTech Principles of Computer Securit.docx
durantheseldine
 
Dit yvol5iss38
Dit yvol5iss38Dit yvol5iss38
Dit yvol5iss38Rick Lemieux
 
Ch06 Policy
Ch06 PolicyCh06 Policy
Ch06 Policyphanleson
 
Security Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docxSecurity Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docx
kenjordan97598
 
Security Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docxSecurity Audits of Electronic Health I.docx
Security Audits of Electronic Health I.docx
bagotjesusa
 
Unit Iii
Unit IiiUnit Iii
Unit IiiRam Dutt Shukla
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
rkhasua004
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
Priyanka Aash
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
kndnewguade
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33Rick Lemieux
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Yoyo Sudaryo
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com
donaldzs55
 
2 System development life cycle has six stages of creating a sys.docx
2 System development life cycle has six stages of creating a sys.docx2 System development life cycle has six stages of creating a sys.docx
2 System development life cycle has six stages of creating a sys.docx
tamicawaysmith
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Cis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comCis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.com
jhonklinz9
 
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docxUnit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
TakishaPeck109
 
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docxUnit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
TakishaPeck109
 

More Related Content

Similar to To meet the requirements for lab 10 you were to perform Part 1, S

CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
rkhasua004
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
GrazynaBroyles24
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
Muhammad Azmy
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
Priyanka Aash
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
alokkesh
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
dewhirstichabod
 
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
kndnewguade
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
amiable_indian
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Yoyo Sudaryo
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
abhichowdary16
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
Infosectrain3
 
Security audit
Security auditSecurity audit
Security audit
Rosaria Dee
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
Ros Dina
 
CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com
donaldzs55
 
2 System development life cycle has six stages of creating a sys.docx
2 System development life cycle has six stages of creating a sys.docx2 System development life cycle has six stages of creating a sys.docx
2 System development life cycle has six stages of creating a sys.docx
tamicawaysmith
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
ImXaib
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?mbmobile
 
Cis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comCis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.com
jhonklinz9
 

Similar to To meet the requirements for lab 10 you were to perform Part 1, S (20)

Unit Iii
Unit IiiUnit Iii
Unit Iii
 
CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)CAAT ppt.pptx (Computer Asstt. Technique)
CAAT ppt.pptx (Computer Asstt. Technique)
 
There are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database managThere are two general types of data dictionaries a database manag
There are two general types of data dictionaries a database manag
 
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
CONTROL & AUDIT INFORMATION SYSTEM (HALL, 2015)
 
Supplier security assessment questionnaire
Supplier security assessment questionnaireSupplier security assessment questionnaire
Supplier security assessment questionnaire
 
For our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdfFor our discussion question, we focus on recent trends in security t.pdf
For our discussion question, we focus on recent trends in security t.pdf
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
293504541-ict-its4-03-0811-assist-with-policy-development-for-client-support-...
 
Security Management Practices
Security Management PracticesSecurity Management Practices
Security Management Practices
 
Dit yvol3iss33
Dit yvol3iss33Dit yvol3iss33
Dit yvol3iss33
 
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdfSyllabus CIISA ( Certified Internasional Information System Auditor ).pdf
Syllabus CIISA ( Certified Internasional Information System Auditor ).pdf
 
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
17-MOD 6 Conducting Security Audits & MOD 7 Information Security Audit Prepar...
 
CompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptxCompTIA CySA Domain 5 Compliance and Assessment.pptx
CompTIA CySA Domain 5 Compliance and Assessment.pptx
 
Security audit
Security auditSecurity audit
Security audit
 
CONTROL AND AUDIT
CONTROL AND AUDITCONTROL AND AUDIT
CONTROL AND AUDIT
 
CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com CIS 349 Enhance teaching / snaptutorial.com
CIS 349 Enhance teaching / snaptutorial.com
 
2 System development life cycle has six stages of creating a sys.docx
2 System development life cycle has six stages of creating a sys.docx2 System development life cycle has six stages of creating a sys.docx
2 System development life cycle has six stages of creating a sys.docx
 
Policy formation and enforcement.ppt
Policy formation and enforcement.pptPolicy formation and enforcement.ppt
Policy formation and enforcement.ppt
 
How much does it cost to be Secure?
How much does it cost to be Secure?How much does it cost to be Secure?
How much does it cost to be Secure?
 
Cis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.comCis 349 Effective Communication-snaptutorial.com
Cis 349 Effective Communication-snaptutorial.com
 

More from TakishaPeck109

Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docxUnit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
TakishaPeck109
 
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docxUnit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
TakishaPeck109
 
Unit 1 Learning ActivityTo complete this Learning Activity, firs.docx
Unit 1 Learning ActivityTo complete this Learning Activity, firs.docxUnit 1 Learning ActivityTo complete this Learning Activity, firs.docx
Unit 1 Learning ActivityTo complete this Learning Activity, firs.docx
TakishaPeck109
 
Unit 1 - Individual ProjectType Individual ProjectDue Date Mon.docx
Unit 1 - Individual ProjectType Individual ProjectDue Date Mon.docxUnit 1 - Individual ProjectType Individual ProjectDue Date Mon.docx
Unit 1 - Individual ProjectType Individual ProjectDue Date Mon.docx
TakishaPeck109
 
Unit 1 Understanding the Tourism and Hospitality Industry with Work.docx
Unit 1 Understanding the Tourism and Hospitality Industry with Work.docxUnit 1 Understanding the Tourism and Hospitality Industry with Work.docx
Unit 1 Understanding the Tourism and Hospitality Industry with Work.docx
TakishaPeck109
 
Unit 2 Assignment Creating an Effective PresentationPresentatio.docx
Unit 2 Assignment Creating an Effective PresentationPresentatio.docxUnit 2 Assignment Creating an Effective PresentationPresentatio.docx
Unit 2 Assignment Creating an Effective PresentationPresentatio.docx
TakishaPeck109
 
Unit 1 Assignment Computer ComponentsHere is a video introducti.docx
Unit 1 Assignment Computer ComponentsHere is a video introducti.docxUnit 1 Assignment Computer ComponentsHere is a video introducti.docx
Unit 1 Assignment Computer ComponentsHere is a video introducti.docx
TakishaPeck109
 
Unethical Situations in the Workplace  Recall a time when .docx
Unethical Situations in the Workplace  Recall a time when .docxUnethical Situations in the Workplace  Recall a time when .docx
Unethical Situations in the Workplace  Recall a time when .docx
TakishaPeck109
 
Unifying separate countries offers varied unique opportunities for g.docx
Unifying separate countries offers varied unique opportunities for g.docxUnifying separate countries offers varied unique opportunities for g.docx
Unifying separate countries offers varied unique opportunities for g.docx
TakishaPeck109
 
Understanding the Value of Qualitative ResearchAn important part.docx
Understanding the Value of Qualitative ResearchAn important part.docxUnderstanding the Value of Qualitative ResearchAn important part.docx
Understanding the Value of Qualitative ResearchAn important part.docx
TakishaPeck109
 
Understanding cultural phenomena is essential to the completion of a.docx
Understanding cultural phenomena is essential to the completion of a.docxUnderstanding cultural phenomena is essential to the completion of a.docx
Understanding cultural phenomena is essential to the completion of a.docx
TakishaPeck109
 
Understanding the role that coding information plays in health care .docx
Understanding the role that coding information plays in health care .docxUnderstanding the role that coding information plays in health care .docx
Understanding the role that coding information plays in health care .docx
TakishaPeck109
 
Understanding Property RightsExplain a landlord’s legal authorit.docx
Understanding Property RightsExplain a landlord’s legal authorit.docxUnderstanding Property RightsExplain a landlord’s legal authorit.docx
Understanding Property RightsExplain a landlord’s legal authorit.docx
TakishaPeck109
 
Understanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docx
Understanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docxUnderstanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docx
Understanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docx
TakishaPeck109
 
UNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docx
UNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docxUNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docx
UNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docx
TakishaPeck109
 
Understanding international compensation begins with the recognition.docx
Understanding international compensation begins with the recognition.docxUnderstanding international compensation begins with the recognition.docx
Understanding international compensation begins with the recognition.docx
TakishaPeck109
 
Understanding and Analyzing Arguments  Please respond to the follow.docx
Understanding and Analyzing Arguments  Please respond to the follow.docxUnderstanding and Analyzing Arguments  Please respond to the follow.docx
Understanding and Analyzing Arguments  Please respond to the follow.docx
TakishaPeck109
 
Understand the role of the counselor and community.Understand cris.docx
Understand the role of the counselor and community.Understand cris.docxUnderstand the role of the counselor and community.Understand cris.docx
Understand the role of the counselor and community.Understand cris.docx
TakishaPeck109
 
Under the common law, from the 1500s until today, the law has allow.docx
Under the common law, from the 1500s until today, the law has allow.docxUnder the common law, from the 1500s until today, the law has allow.docx
Under the common law, from the 1500s until today, the law has allow.docx
TakishaPeck109
 
UMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docx
UMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docxUMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docx
UMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docx
TakishaPeck109
 

More from TakishaPeck109 (20)

Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docxUnit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
Unit 3 Assignment Instructions Your research paper should be 4–6 pag.docx
 
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docxUnit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
Unit 1 Module 1 - M1 Assignment 3Assignment 3 Views on Diver.docx
 
Unit 1 Learning ActivityTo complete this Learning Activity, firs.docx
Unit 1 Learning ActivityTo complete this Learning Activity, firs.docxUnit 1 Learning ActivityTo complete this Learning Activity, firs.docx
Unit 1 Learning ActivityTo complete this Learning Activity, firs.docx
 
Unit 1 - Individual ProjectType Individual ProjectDue Date Mon.docx
Unit 1 - Individual ProjectType Individual ProjectDue Date Mon.docxUnit 1 - Individual ProjectType Individual ProjectDue Date Mon.docx
Unit 1 - Individual ProjectType Individual ProjectDue Date Mon.docx
 
Unit 1 Understanding the Tourism and Hospitality Industry with Work.docx
Unit 1 Understanding the Tourism and Hospitality Industry with Work.docxUnit 1 Understanding the Tourism and Hospitality Industry with Work.docx
Unit 1 Understanding the Tourism and Hospitality Industry with Work.docx
 
Unit 2 Assignment Creating an Effective PresentationPresentatio.docx
Unit 2 Assignment Creating an Effective PresentationPresentatio.docxUnit 2 Assignment Creating an Effective PresentationPresentatio.docx
Unit 2 Assignment Creating an Effective PresentationPresentatio.docx
 
Unit 1 Assignment Computer ComponentsHere is a video introducti.docx
Unit 1 Assignment Computer ComponentsHere is a video introducti.docxUnit 1 Assignment Computer ComponentsHere is a video introducti.docx
Unit 1 Assignment Computer ComponentsHere is a video introducti.docx
 
Unethical Situations in the Workplace  Recall a time when .docx
Unethical Situations in the Workplace  Recall a time when .docxUnethical Situations in the Workplace  Recall a time when .docx
Unethical Situations in the Workplace  Recall a time when .docx
 
Unifying separate countries offers varied unique opportunities for g.docx
Unifying separate countries offers varied unique opportunities for g.docxUnifying separate countries offers varied unique opportunities for g.docx
Unifying separate countries offers varied unique opportunities for g.docx
 
Understanding the Value of Qualitative ResearchAn important part.docx
Understanding the Value of Qualitative ResearchAn important part.docxUnderstanding the Value of Qualitative ResearchAn important part.docx
Understanding the Value of Qualitative ResearchAn important part.docx
 
Understanding cultural phenomena is essential to the completion of a.docx
Understanding cultural phenomena is essential to the completion of a.docxUnderstanding cultural phenomena is essential to the completion of a.docx
Understanding cultural phenomena is essential to the completion of a.docx
 
Understanding the role that coding information plays in health care .docx
Understanding the role that coding information plays in health care .docxUnderstanding the role that coding information plays in health care .docx
Understanding the role that coding information plays in health care .docx
 
Understanding Property RightsExplain a landlord’s legal authorit.docx
Understanding Property RightsExplain a landlord’s legal authorit.docxUnderstanding Property RightsExplain a landlord’s legal authorit.docx
Understanding Property RightsExplain a landlord’s legal authorit.docx
 
Understanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docx
Understanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docxUnderstanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docx
Understanding Others’ Cultural PracticesALL WORK MUST BE ORIGI.docx
 
UNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docx
UNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docxUNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docx
UNDERSTANDING HEALTHCARE FINANCIAL MANAGEMENT.docx
 
Understanding international compensation begins with the recognition.docx
Understanding international compensation begins with the recognition.docxUnderstanding international compensation begins with the recognition.docx
Understanding international compensation begins with the recognition.docx
 
Understanding and Analyzing Arguments  Please respond to the follow.docx
Understanding and Analyzing Arguments  Please respond to the follow.docxUnderstanding and Analyzing Arguments  Please respond to the follow.docx
Understanding and Analyzing Arguments  Please respond to the follow.docx
 
Understand the role of the counselor and community.Understand cris.docx
Understand the role of the counselor and community.Understand cris.docxUnderstand the role of the counselor and community.Understand cris.docx
Understand the role of the counselor and community.Understand cris.docx
 
Under the common law, from the 1500s until today, the law has allow.docx
Under the common law, from the 1500s until today, the law has allow.docxUnder the common law, from the 1500s until today, the law has allow.docx
Under the common law, from the 1500s until today, the law has allow.docx
 
UMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docx
UMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docxUMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docx
UMUC CMIT 265 Fundamentals of NetworkingHello there!  I have am lo.docx
 

Recently uploaded

Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
Vikramjit Singh
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
Peter Windle
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
ArianaBusciglio
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
Sandy Millin
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
chanes7
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
JosvitaDsouza2
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
Nguyen Thanh Tu Collection
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
deeptiverma2406
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
siemaillard
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
Ashokrao Mane college of Pharmacy Peth-Vadgaon
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
EverAndrsGuerraGuerr
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
EugeneSaldivar
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
Delapenabediema
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
Pavel ( NSTU)
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
Tamralipta Mahavidyalaya
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
Jean Carlos Nunes Paixão
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
DhatriParmar
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
Mohammed Sikander
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
Special education needs
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
camakaiclarkmusic
 

Recently uploaded (20)

Digital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and ResearchDigital Tools and AI for Teaching Learning and Research
Digital Tools and AI for Teaching Learning and Research
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Group Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana BuscigliopptxGroup Presentation 2 Economics.Ariana Buscigliopptx
Group Presentation 2 Economics.Ariana Buscigliopptx
 
2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...2024.06.01 Introducing a competency framework for languag learning materials ...
2024.06.01 Introducing a competency framework for languag learning materials ...
 
Digital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion DesignsDigital Artifact 2 - Investigating Pavilion Designs
Digital Artifact 2 - Investigating Pavilion Designs
 
1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
BÀI TẬP BỔ TRỢ TIẾNG ANH GLOBAL SUCCESS LỚP 3 - CẢ NĂM (CÓ FILE NGHE VÀ ĐÁP Á...
 
Best Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDABest Digital Marketing Institute In NOIDA
Best Digital Marketing Institute In NOIDA
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.Biological Screening of Herbal Drugs in detailed.
Biological Screening of Herbal Drugs in detailed.
 
Thesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.pptThesis Statement for students diagnonsed withADHD.ppt
Thesis Statement for students diagnonsed withADHD.ppt
 
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
TESDA TM1 REVIEWER FOR NATIONAL ASSESSMENT WRITTEN AND ORAL QUESTIONS WITH A...
 
The Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official PublicationThe Challenger.pdf DNHS Official Publication
The Challenger.pdf DNHS Official Publication
 
Synthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptxSynthetic Fiber Construction in lab .pptx
Synthetic Fiber Construction in lab .pptx
 
Home assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdfHome assignment II on Spectroscopy 2024 Answers.pdf
Home assignment II on Spectroscopy 2024 Answers.pdf
 
Lapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdfLapbook sobre os Regimes Totalitários.pdf
Lapbook sobre os Regimes Totalitários.pdf
 
The Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptxThe Accursed House by Émile Gaboriau.pptx
The Accursed House by Émile Gaboriau.pptx
 
Multithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race conditionMultithreading_in_C++ - std::thread, race condition
Multithreading_in_C++ - std::thread, race condition
 
special B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdfspecial B.ed 2nd year old paper_20240531.pdf
special B.ed 2nd year old paper_20240531.pdf
 
CACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdfCACJapan - GROUP Presentation 1- Wk 4.pdf
CACJapan - GROUP Presentation 1- Wk 4.pdf
 

To meet the requirements for lab 10 you were to perform Part 1, S

  • 1. To meet the requirements for lab 10 you were to perform: Part 1, Step 2: evaluate the policy document against the summarized NIST best practices, identify by number which, if any, of the eight best practices the policy satisfies, and for each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice; Part 1 Step 3: suggest how you would revise the policy to directly align with the standards and provide specific statements that you would add/modify in the policy; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2, Step 3: describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community; Part 2, Step 5: identify the section of the recommendations that achieves this goal; Part 2, Step 7: for each of the five best practices in the previous step, classify the practice as: satisfied (indicate recommendation number that achieves the best practice), violated (indicate recommendation number that violates the best practice) or not addressed. Unfortunately it looks like you were off target for this assignment; you needed to: Part 1, Step 2: identify by number the best practices (given in the lab) that are satisfied by the policy - partial credit given; Part 1 Step 3: provide specific statements on how you would revise the policy; you needed to align your statements with the best practices (e.g. Best Practice 2: add to Section 4.2) - partial credit given; Part 1, Step 4: describe whether the policy document is best titled as a policy or whether it would be better described using another element of the policy framework; this "policy" is better
  • 2. described as a standard (see technical implementation details); Part 2, Step 3: describe the process that the Center uses to ensure its standards represent the consensus of the cybersecurity community; see the Consensus Guidance portion of the document - partial credit given; Part 2, Step 5: identify the section of the recommendations that achieves the goal of Step 3 - partial credit given; Part 2, Step 7: classify the five best practices; indicate the recommendation number for each - partial credit given. Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Student: Email: HARSHAVARDHAN POCHARAM [email protected] Time on Task: Progress: 100% Report Generated: Sunday, June 20, 2021 at 9:45 AM Guided Exercises Part 1: Evaluate a Security Policy 2. Evaluate the policy document against the NIST best practices summarized above. Identify by number which, if any, of the eight best practices the policy
  • 3. satisfies. For each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice. In line with relevant policy, the information system enforces permitted authorizations for regulating the flow of information inside the system and between interconnected systems. Information flow control governs where information is permitted to move inside and across information systems (rather than who is authorised to access the information), with no consideration for later accesses to that information. The following are a few instances of flow control restrictions: preventing export-controlled data from being sent over the Internet in clear text, blocking outside traffic posing as internal traffic, and not forwarding any web requests to the Internet that are not from the internal web proxy. 3. Suggest how you would revise the policy to directly align with the standards. Provide specific statements that you would add/modify in the policy. An access control policy for the assets in scope must be created, recorded, and evaluated on a regular basis, taking into consideration the business's needs. The information security risks around the information, as well as the organization's appetite for managing them, should be reflected in the access control rules, rights, and limitations, as well as the level of the controls utilised. Simply said, access control refers to who needs to know, who needs to utilise, and how much access they have. Permission limits on user accounts, as well as restrictions on who may access particular physical areas, are examples of access controls that can be both digital
  • 4. and physical in origin. • Clarify who needs to access, know, and use the information – backed by written processes and responsibilities; • Take into consideration the security requirements of business applications and link them with the information categorization system in use according to Asset Management; • Access control rules should be backed by formal processes and specified duties, as well as adding, in-life modifications. Changes in roles, in particular during exits, need a review of access control Page 1 of 4 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 4. Describe whether this document is best titled as a policy or whether it would be better described using another element of the policy framework. This document is best titled as a policy since policy aids in the achievement of the enterprise's objectives and provides just a general framework, leaving interpretation to subordinates so that their initiative is not impeded. Part 2: Review a Security Configuration Standard 3. Describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community.
  • 5. The purpose of access control is to reduce the danger of unauthorised access to physical and logical systems posing a security risk. Access control is a critical component of security compliance programmes because it guarantees that security technology and access control rules are in place to safeguard sensitive data, such as customer information. Entry to networks, computer systems, apps, files, and important information, such as personally identifiable information (PII) and intellectual property, is usually limited by infrastructure and processes in most companies. Access control rules ensure that users are who they say they are and have proper access to corporate data through authentication and authorisation. 5. Identify the section of the recommendations that achieves this goal. One of the most basic IT controls for ensuring system security and data integrity is system access restrictions. When it comes to implementing effective system access restrictions, there are several factors to consider. Access control verifies multiple login credentials, such as user names and passwords, PINs, biometric scans, and cryptographic keys, to identify users. Multifactor authentication, a mechanism that needs several authentication methods to authenticate a user's identity, is included in many access control systems. The restriction of access is a crucial component of IT security. It's also worth remembering that protection isn't just dependent on technology, but also on human conduct. Policies, education, and communication are critical, and successful
  • 6. implementation of effective access controls requires strong management support Page 2 of 4 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 7. For each of the five best practices in the previous step, classify the practice as: Satisfied (indicate recommendation number that achieves the best practice) Violated (indicate recommendation number that violates the best practice) Not addressed satisfied: recommendation number 1,2 Violated: recommendation number 3,4 Not addressed: recommendation number 5 Page 3 of 4 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Challenge Exercise
  • 7. Select three specific statements included in the standard that you drew from your own experience that are covered by the industry best practice document that you selected. For each of these three statements: Identify the section of your standard. Identify the section of the industry best practices that covers the same topic. Identify whether the standard you selected satisfies or violates the industry best practice. Provide a rationale for your conclusion. * Logging onto university information technology resources, such as servers, printers, routers, or computers, from a distant location is only possible via secure, authorised, and centrally controlled access methods. Furthermore, only secure, authenticated, and centrally controlled access methods are authorised to access university information that may be extremely sensitive or restricted. * An identity and access management system helps automate the onboarding process, ensuring that employees begin with the appropriate rights. This relieves your IT team of the effort of onboarding each new employee. Furthermore, it reduces the time it takes to onboard a new employee from months to hours. Furthermore, automated onboarding pushes your IT staff to identify which rights are required for each job, enhancing your identity governance capabilities. * The standard I chose
  • 8. complies with industry best practises. * Enforcing best practises for identity and access management helps you to know who has access to sensitive information and under what situations. Identity and Access Management is a crucial and beneficial technique for safeguarding company data and systems. It may ensure that only authenticated and authorised people have access to the systems and data they need to do their jobs if it is correctly built and used. Powered by TCPDF (www.tcpdf.org) Page 4 of 4 http://www.tcpdf.org Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Introduction An organization’s security policy framework creates the foundation for its cybersecurity efforts. Technology and business leaders use policies, standards, guidelines, and procedures to communicate security objectives, prescribe required actions, and set forth best practices for use throughout the organization. This guidance is crucial to many different groups of stakeholders, ranging from the technology professionals who design and implement systems to the end users who make routine security decisions on a daily basis.
  • 9. The security policy framework consists of four different types of documents, each of which serves a different purpose in an organization’s cybersecurity program: Policies are high-level statements of an organization’s security objectives and the principles that the organization will follow. Policy documents should be written using high-level language that avoids mentioning specific implementation details. As a result, they should be lasting documents that require only infrequent revision. For example, an organization might include a statement in its security policy that the Chief Information Security Officer bears overall authority and responsibility for meeting the organization’s cybersecurity objectives. Compliance with policies is mandatory. Standards provide more detailed security requirements for specific situations. Standards may cover elements of software and system design, configuration, or operations and will often contain technical detail. For example, an organization might create a standard for the configuration of Windows Server systems that includes the detailed security settings that they will use to achieve compliance with the standard. Compliance with standards is mandatory. Guidelines offer suggested best practices for achieving security objectives. They include recommendations from subject matter experts on ways that employees may achieve security objectives, but those recommendations are not mandatory. They
  • 10. merely offer a suggested approach. Procedures set forth a step-by-step process for carrying out an activity, offering guidance to employees on how to achieve a specific goal. For example, the organization might have a new hire account generation procedure that specifies the steps involved in onboarding a new employee. Compliance with procedures may be either mandatory or optional, depending upon the nature of the procedure and the policy of the organization. In this lab, you will learn to apply the security policy framework to an access control environment. In the first part of the lab, you will review a set of best practices for password policies and then review a real-world password policy. You will then have the opportunity to offer suggestions for revising the policy to better align with those best practices. In the second part of the lab, you will review a security Page 1 of 7 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 configuration standard and learn how to apply it to production systems. Finally, if assigned by your instructor, you will write a procedure for achieving an access control objective.
  • 11. Lab Overview This lab has two parts, which should be completed in the order specified. 1. In the first part of the lab, you will review a set of best practices for password policies and then review a real-world password policy. You will have the opportunity to offer suggestions for revising the policy to better align with those best practices. 2. In the second part of the lab, you will review a security configuration standard and learn how to apply it to production systems. Finally, if assigned by your instructor, you will complete a series of challenge exercises that allow you to use the skills you learned in the lab to conduct independent, unguided work - similar to what you will encounter in a real-world situation. Learning Objectives Upon completing this lab, you will be able to: 1. Evaluate a security policy against best practices. 2. Understand the role of policies, standards, procedures, and guidelines in the security policy framework. 3. Identify the element of the security policy framework that best meets an objective.
  • 12. 4. Understand the process of applying a security configuration standard to a system. Page 2 of 7 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Deliverables Upon completion of this lab, you are required to provide the following deliverables to your instructor: Identify the best practices met by the Michigan password policy Suggest revisions for the Michigan password policy Describe whether the Michigan password policy is best titled as a policy or as another element of the security policy framework Describe the Center for Internet Security consensus process Identify the section of the CIS standard that implements password composition requirements Identify whether the CIS standard satisfies, violates, or does not address each of the NIST best practices and the relevant recommendation number Challenge Exercise (if assigned) Page 3 of 7
  • 13. Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 Guided Exercises Note: In this section of the lab, you will follow a step-by-step walk-through of the objectives for this lab to produce the expected deliverable(s). 1. Review the Common Lab Tasks for Theory Labs document. Frequently performed tasks, such as recording your answers and downloading your Lab Report, are explained in the Common Lab Tasks for Theory Labs document. You should review these tasks before starting the lab. 2. Proceed with Part 1. Part 1: Evaluate a Security Policy Note: The current National Institute for Standards and Technology (NIST) guidance for the use of passwords introduced some major changes to the best practices that cybersecurity professionals have historically followed. If you completed these labs in order, you may recall from Lab 1 that you reviewed NIST SP 800-63b, Authenticator and Verifier Requirements, which includes these standards. The current NIST best practices include: Passwords should be at least 8 characters in length.
  • 14. Passwords should be permitted to be up to 64 characters in length. Users should not be prompted to provide a password hint. Passwords should not be composed of dictionary words. Passwords should not include repetitive or sequential characters or context-specific words. Passwords may not be passwords included in previous breaches. Passwords should not be subject to other complexity rules. Passwords should not be set to expire arbitrarily. Authentication systems should provide guidance on the strength of selected passwords. Authentication systems should limit the number of failed consecutive logins for an account. In this part of the lab, you will review a real-world access control policy and determine whether it complies with these best practices. You will also suggest changes to the policy that bring it into compliance with the new best practices. 1. Download and review the policy document. Page 4 of 7 https://jbl-lti.hatsize.com/uploads/Common-Lab-Tasks-for- Theory-Labs.pdf https://jbl- lti.hatsize.com/uploads/Password_policy_325048_7.pdf Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10
  • 15. This is a sample password policy provided by the State of Michigan for use as a template in designing password policies for state government agencies. 2. Evaluate the policy document against the NIST best practices summarized above. Identify by number which, if any, of the eight best practices the policy satisfies. For each practice that you identify, provide a reference to the statement in the policy that aligns with that best practice. 3. Suggest how you would revise the policy to directly align with the standards. Provide specific statements that you would add/modify in the policy. 4. Describe whether this document is best titled as a policy or whether it would be better described using another element of the policy framework. Part 2: Review a Security Configuration Standard Note: Security configuration standards are often very detailed documents containing granular implementation details for configuring systems and devices. Creating these standards is time- consuming work and organizations should consider leveraging the work already performed by industry groups. The Center for Internet Security (cisecurity.org) is a cybersecurity organization that uses a collaborative process to create consensus standards for many different operating systems and applications. Organizations may choose to use the Center for Internet Security standards as the baseline for their own configuration standards. They may either
  • 16. simply adopt the Center’s standards as is, or write their own document that notes changes from the Center’s standard. In this lab, you will review one of these consensus security standards and describe how you would implement it in your environment. 1. Navigate to https://www.cisecurity.org/ and locate the Center’s benchmarks for configuring Windows Server systems. You will need to register to create an account on the Center’s website to download their standards. There is no fee required to complete this process. 2. Review the “Consensus Guidance” section of the document. Page 5 of 7 https://www.cisecurity.org/ Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab 10 3. Describe the process that the Center uses to ensure that its standards represent the consensus of the cybersecurity community. 4. Locate and review the section of the standard that implements password composition requirements.
  • 17. 5. Identify the section of the recommendations that achieves this goal. 6. Compare the configuration suggested in the policy to this subset of the NIST best practices that you reviewed in Part 1 of this lab: Passwords should be at least 8 characters in length. Passwords should not include repetitive or sequential characters or context-specific words. Passwords should not be subject to other complexity rules. Passwords should not be set to expire arbitrarily. Authentication systems should limit the number of failed consecutive logins for an account. 7. For each of the five best practices in the previous step, classify the practice as: Satisfied (indicate recommendation number that achieves the best practice) Violated (indicate recommendation number that violates the best practice) Not addressed Page 6 of 7 Applying the Security Policy Framework to an Access Control Environment (3e) Access Control and Identity Management, Third Edition - Lab
  • 18. 10 Challenge Exercise Note: The following scenario provided to allow independent, unguided work, similar to what you will encounter in a real situation. For this section of the lab, you should consider a security standard that you are familiar with from your employment, academic institution, and/or personal life. If you do not have a security standard that you are familiar with, use a search engine to locate a standard used by a government agency or educational institution. Identify a set of industry best practices covering the same area as the standard you selected. You may choose to use standards published by the Center for Internet Security, the National Institute for Standards and Technology, a vendor, or other sources. Select three specific statements included in the standard that you drew from your own experience that are covered by the industry best practice document that you selected. For each of these three statements: Identify the section of your standard. Identify the section of the industry best practices that covers the same topic. Identify whether the standard you selected satisfies or violates the industry best practice.
  • 19. Provide a rationale for your conclusion. Powered by TCPDF (www.tcpdf.org) Page 7 of 7 http://www.tcpdf.org