Implementing_a_Risk_Mitigation_Plan_3e_-_Adebusola_Adewole

pdf

School

University of Louisiana, Lafayette *

*We aren’t endorsed by this school

Course

590

Subject

Information Systems

Date

Dec 6, 2023

Type

pdf

Pages

10

Uploaded by MinisterJellyfishPerson3719

Report
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 Student: Email: Adebusola Adewole adebusola.adewole1@louisiana.edu Time on Task: Progress: 13 hours, 35 minutes 100% Report Generated: Wednesday, November 23, 2022 at 4:04 PM Guided Exercises Part 1: Update the Information Security Policy Document 3. Recommend and explain four properties and any associated values. 1. Password complexity :A strong password should be a mixture of uppercase, lowercase numbers and symbols which makes it harder for an attacker to guess. It stops brute force hacking attempts if the password is strong. 2. Password age: Passwords should be changed every 90 days. and It must be unique from your previously used passwords. An organization should enforce password history requirement which will limit how often old passwords can be used 3. Password length: Passwords must be at least 8 characters long. This increases the robustness of the passwords 4. It should not contain personal information like your name, date of birth, username of your company Page 1 of 10
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 4. Update the existing password policy with an additional statement for each property. 2.2.5 Passwords must exhibit complexity by containing upper (A through Z) and lower (a-z) case characters, base 10 digits (0 through 9) and non-alphabetic characters (for example !,$ #) 2.2.6 All users of Acme's network passwords will expire every 90 days and must be changed 2.2.7 All user level passwords must be at least 8 characters 2.2.8 Users will be locked out if more than 5 unsuccessful attempted logons Part 2: Sanitize a Windows Server Page 2 of 10
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 7. Make a screen capture showing the empty Documents folder and empty Recycle Bin icon . 12. Make a screen capture showing the empty acmeFTP folder and empty Recycle Bin icon . Page 3 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 22. Make a screen capture showing the Active Directory Users and Computers console without the Database_Test user . Part 3: Update the Active Directory Password Policy Page 4 of 10
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 11. Make a screen capture showing the updated password policy . Part 4: Change a User Password 12. Record the new password that you used. 0th3rus5@ Page 5 of 10
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 14. Make a screen capture showing the Jack Smith account logged in on the vWorkstation . Page 6 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 Challenge Exercises Part 1: Define a Security Policy for Handling Sensitive Information Create one or more clauses for each policy requirement. 1. Define the responsibilities of users and systems and security administrators. Users should be limited to access to files and accounts they need to meet their job requirements. Administrators should be in charge to establish policies regulating user accounts systems, authentication, and login. Also shared accounts should be avoided and account activities should be monitored through an audit trail. Administrators should be terminate dormant account after a pre-set period of inactivity. Also, should ensure that all pre-set passwords that are built into the software are changed. 2. Users should be prohibited from storing sensitive information in an insecure manner which can include storing in a clear txt file, sharing via email etc. Security policies should be enforced and the required training must be taken by all users. Users should understand the sensitivity of the data they are working with and their role in keeping it safe 3. Disciplinary actions that may be take in the event of a policy violation include suspension of access to technology resources, employment termination, civil or criminal prosecution under federal or state laws Part 2: Map Your Actions to the ISO/IEC 27002 Information Security Controls Page 7 of 10
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 Describe what you have already done in response to four of the security controls. I have created an information security policy explains what information needs to be protected. This policy also contains disciplinary actions that would be enforced if the policies are violated. Information security responsibilities have already been allocated so that users, systems and security administrators are aware of their roles and can be held accountable. Information security awareness, education and training is being conducted to ensure that employees are informed on how to best and safe practices for protecting and handling company data. Also protecting organizational records by ensuring sensitive information is not stored in clear text files and they are upload using acme's encrypted file servers Identify the five security controls that are not applicable to this case. 1. Data protection and privacy of personal information 2. Enforce intellectual property rights 3.. Correct data processing 4. Business continuity management 5. technical vulnerability management Describe what you could do to implement the remaining security control. To implement the management of information security incidents, I would ensure that individuals or teams are responsible for adequately managing security incidents which will prevent an attacker from exploiting the incident and ensure future incidents are handled properly Part 3: Harden TargetWindows01 Page 8 of 10
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 Make a screen capture showing the activated Windows Update service . Make a screen capture showing the disabled Microsoft FTP service . Page 9 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
Implementing a Risk Mitigation Plan (3e) Managing Risk in Information Systems, Third Edition - Lab 08 Make a screen capture showing the uninstalled third-party management tool that you located . Powered by TCPDF (www.tcpdf.org) Page 10 of 10

Related Documents

IT-226 Project 2 Stacy Meehan-Westervelt.pdf
Ch. 2 Quiz.docx
Ch. 5 Quiz.docx
Ch. 8 Quiz.docx
Assignment - HIF Ch. 10.docx
Assignment_2.docx
Adewole_Assignment-1_590.docx
Creating_an_IT_Asset_Inventory_3e_-_Adebusola_Adewole.pdf
Conducting_a_PCI_DSS_Compliance_Review_3e_-_Adebusola_Adewole.pdf
Week 5 Content based.docx
Inventory Assignment Week 5.docx
Week two discussion.docx