Edudorm Facebook

Risk, Threat, and Vulnerability Management

Questions and Topics We Can Help You To Answer:
Paper Instructions:

  1. Security Assessment Report (12 pages)
    Conduct a Security Analysis Baseline (3 of 12 ages)
    Security requirements and goals for the preliminary security baseline activity.
    Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering.
    Include the impacts these attacks have on an organization.
    Network infrastructure and diagram, including configuration and connections 
    Describe the security posture with respect to LAN, MAN, WAN, enterprise.
    Network infrastructure and diagram, including configuration and connections and endpoints. 
    What are the security risks and concerns?
    What are ways to get real-time understanding of the security posture at any time?
    How regularly should the security of the enterprise network be tested, and what type of tests should be used?
    What are the processes in play, or to be established to respond to an incident?
    Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required?
    Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed?
    Describe the ways to detect these malicious code and what tactics bad actors use for evading detection.
    In the network diagram: include  the delineation of open and closed networks, where they co-exist.
    In the open network and closed network portion, show the connections to the Internet
    Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices?
    Discuss operating systems, servers, network management systems.data in transit vulnerabilities
    endpoint access vulnerabilities
    external storage vulnerabilities
    virtual private network vulnerabilities
    media access control vulnerabilities
    ethernet vulnerabilities
    Possible applications. Current and future mobile applications and possible future Bring Your Own Device policy. 
    Include:

    remediation
    mitigation
    countermeasure
    recovery
    Provide the methods used to provide the protections and defenses.
    From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified.
    Determine a Network Defense Strategy 2/12 pages
    Outline how you would test violations. 
    Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. 
    Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation.
    Explain the different testing types (black box testing, white box testing).
    Plan the Penetration Testing Engagement 2/12 pages
    Include all involved processes, people, and timeframe. 
    Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE)
    Conduct a Network Penetration Test 4/12 pages
    After finding the security issues within the network, define which control families from the NIST 800-53 are violated by these issues. 
    Explain in the SAR why each is a violation, support your arguments with a copy of your evidence
    Provide suggestions on improving the security posture of these violations.
    Complete a Risk Management Cost Benefit Analysis 1/12 pages
    Complete your SAR with a risk management cost benefit analysis. Think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.
539 Words  1 Pages
Get in Touch

If you have any questions or suggestions, please feel free to inform us and we will gladly take care of it.

Email us at support@edudorm.com Discounts

LOGIN
Busy loading action
  Working. Please Wait...