Scribd Logo
Carica

Benvenuto in Scribd!

  • Is4550 Lab 9

    Caricato da

    Bri Duq
    738 visualizzazioni3 pagine
    IS4550 Lab 9 Assessment

    Copyright

    © © All Rights Reserved

    Formati disponibili

    DOCX, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    IS4550 Lab 9 Assessment

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    738 visualizzazioni3 pagine

    Is4550 Lab 9

    Caricato da

    Bri Duq
    IS4550 Lab 9 Assessment

    Copyright:

    © All Rights Reserved
    Scarica in formato DOCX, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 3

    Is4550 Lab 9

    Risk-Threat-Vulnerability IT Security Policy Definition


    Unauthorized access from Public Internet Acceptable Us Policy
    User Destroys Data in application and deletes all files Asset Identification and Classification Policy
    Hacker penetrates you IT infrastructure and gains access to your internal network Vulnerability
    Assessment and Management Policy
    Intra-office employee romance gone bad Security Awareness Training Policy
    Fire destroys primary data center Threat Assessment and Management policy
    communication circuit outages Asset Protection Policy
    Workstation OS has a known software vulnerability Vulnerability Assessment and Management Policy
    Unauthorized access to organization owned Workstations Asset Management Policy
    Loss of production data Security Awareness Training Policy
    Denial of service attack on organization e-mail server Vulnerability Assessment and Management Policy
    Remote communications from home office Asset Protection Policy
    LAN server OS has a known software vulnerability Vulnerability Assessment and Management Policy
    User downloads an unknown e-mail attachment Security Awareness Training Policy
    Workstation browser has software vulnerability Vulnerability Assessment and Management Policy
    Service provider has a major network outage Asset Protection Policy
    Weak ingress/egress traffic filtering degrades performance Vulnerability Assessment and Management
    Policy
    User inserts CDs and USB hard drives with personal photos, music, and video's Security Awareness
    Training Policy
    VPN tunneling between remote computer and ingress/egress router Vulnerability Assessment and
    Management Policy
    WLAN access points are needed for LAN connectivity within a warehouse Asset Identification and
    Classification Policy
    Need to prevent rogue users from unauthorized WLAN access Vulnerability Assessment and
    Management Policy
    1. What is the purpose of having a policy framework definition as opposed to individual policies?
    a. It is a set of principles and long-term goals that form the basis of making rules and guidelines, and to
    give overall direction to planning and development of the organization.
    2. When should you use a policy definition as means of risk mitigation and element of a layered security
    strategy?
    a. When implementing a new Policy
    3. IN you gap analysis of the IT security policy framework definitions provided, which policy definition
    was missing from all access to various IT systems, applications, and data throughout the scenario?
    a. Data Access Policy
    4. Do you need policies for you telecommunication and Internet service providers?
    a. Yes
    5. Which policy definitions from the list provided in lab#9-part B helps optimize performance of an
    organizations internet connection?
    a. Asset Identification and Classification Policy
    6. What is the purpose of a Vulnerability Assessment & Management Policy for an IT infrastructure?
    a. It identifies, quantifies, and prioritizes (or ranking) the vulnerabilities in a system
    7. Which policy definition helps achieve availability goals for data recovery when data is lost or
    corrupted?
    a. Threat Assessment and Management Policy
    8. Which policy definitions reference a Data Classification Standard and use of cryptography for
    confidentiality purposes?
    a. Asset Management Policy
    9. Which policy definition from the sample IT security policy framework definition mitigate risk in thee
    User Domain?
    a. Security Awareness Training Policy
    10. Which Policy definition from the sample IT security policy framework definition mitigates risk in the
    LAN-to-WAN Domain?
    a. Vulnerability Assessment and Management Policy
    11. How does an IT security policy framework make it easier to monitor and enforce throughout an
    organization?
    a. Identifying safeguards and controls that protects information from security threats
    12. Which policy definition requires an organization to list its mission critical business operations and
    functions and the accompanying IT systems, application, and databases that support it?
    a. Asset Identification and Classification Policy
    13. Why is it common to find a Business Continuity Plan (BCP) Policy Definition and a Computer Security
    Incident Repose Team (CSIRT) Policy Definition?
    a. In order to protect the assets for a company you need to know the plan of the company.

    Potrebbero piacerti anche