Saturday, May 18, 2019
Graded Assignments Essay
You go away learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and hitch actions.Assignment RequirementsThis is a matching activity. You will receive the Match Risks/Threats to Solutions worksheet, which contains a numbered list of common risks and threats build in a typical IT infrastructure. You must enter the letter for the correct solution or intervention action in the blank to the slump of each risk or threat.InstructionsYou be presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed.Write the letter of the correct solution or preventative action in the blank to the aright of each risk or threat.Risks or threats1. Violation of a security policy by a userc________2. Disgruntled employee sabotagei________3. Download of non-business videos using thea________Inte rnet to an employer-owned calculating machine4. Malware infection of a users laptopl________5. Unauthorized physical approach to the local area networkn________6. LAN server operating system vulnerabilitiesf________7. Download of unexplored institutionalise types from unknown sources by local usersb________8. Errors and weaknesses of network router, firewall, and network h________appliance configuration filem________9. WAN eavesdropping10. WAN Denial of Service (DoS) or Distributed Denial ofd________Service (DDoS) attacks11. Confidential entropy compromised remotelyk________12. Mobile worker token stoleng________13. Corrupt or lost informatione________14. Downtime of customer databasej________ ITT Educational Services, Inc.All Rights Reserved.-2-02/12/2012NT2580 Introduction to Information Security school-age child COPY Graded Assignment RequirementsSolutions or preventative actionsA. Enable content filtering and antivirus s basening at the origination and exit points of the Internet. Enable workstation auto-scans and auto-quarantinefor unknown file types.B. fancy file transfer monitoring, scanning, and alarming for unknown file types and sources.C. Place employee on probation, review unimpeachable use policy (AUP) and employee manual, and discuss status during performance reviews.D. consent filters on exterior Internet Protocol (IP) stateful firewalls and IP router WAN interfaces.E. Implement daily data backups and off-site data storage for monthly data archiving. Define data convalescence procedures based on delimitate Recovery Time Objectives (RTOs).F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments.G. Apply real-time lockout procedures.H. Define a strict zero-day vulnerability window definition. Update devices with security fixes and software patches right away.I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during o ff-hours. Begin IT access picture lockout procedures based on AUP monitoring and compliance.J. Develop a disaster recovery plan (DRP) specific to the recovery of mission-critical applications and data to maintain operations.K. Encrypt all confidential data in the database or hard drive. L. physical exertion workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection.M. Use encryption and virtual private network (VPN) tunneling for secure IP communications.N. Make sure wiring closets, data centers, and electronic computer rooms are secure. Provide no access without proper credentials.Assignment RequirementsYou are a networking medical intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the interior(a) Use Only data classification s tandard of Richman Investments. Write this report addressing which IT infrastructure domains are impact by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the Internal Use Only data classification standard. Your report will become let out of an executive summary to senior management.User humankind is where only one user will confuse access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can accessfrom the outside, only the IT Department can grant access privilege for Remote Access Point. The User ambit will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data that he or she has access to.Also, every user on the company is responsible for the security of the environment. Workstation Domain is where all the users work. Before a user can log into the machine, he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username and password. A security protocol requires the password to be changed every 30 days. All computers maintain reparation updates and continuous antivirus protection for monitoring. Additionally, no personal devices are allowed on the network.The Local Area Network (LAN) Domain is a group of computers all connected to a single LAN domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains accommodate data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel. It requires arduous security and access accommodates. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The LAN back off group is in charge maintaining and securing this domain.The biggest threat to the LAN domain is Un-authorized access to any matter (the LAN, the systems, & the data) on the network. One thing we can do is requiring strict security protocols for this domain, such as disabling all external access ports for the workstation. This would prevent any user within the company from bringing an external jump drive, and connecting it to the workstations. This way, we can control company intellectual property, and prevent viruses on the LAN network.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment