Cyb 300 4-4 Milestone two paper

docx

School

Southern New Hampshire University *

*We aren’t endorsed by this school

Course

300

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

4

Uploaded by LieutenantGoosePerson210

Report
Cyb 300 4-4 Milestone Joe Decormier Southern New Hampshire University 11-19-2023
For a variety of different companies, the minimum standard while undergoing a project like this is using various tools which most mainly start with a checklist analysis. This tool is used to identify a multitude of risks that could possibly occur during the project. Most company’s checklists will have a variety of things along the lines of procedures, items and or activities. Following this it will be reviewed under a set of criteria to make sure the method on the checklist will operate efficiently. While there are numerous ways to conduct checklist analysis, I feel the best method and the quickest is to use a checklist. With this current situation, a configuration checklist for CA server has been made available, we have been asked to analyze particular areas of a checklist to verify it has all the elements needed for a CA server. Seeing the age of the checklist our supervisor decided to prioritize three items and wants our opinion as Security Analysts on the matter. I am going to examine the checklist and identify minimum two items that will need to be updated, proceeding that I will determine whether the checklist is suitable for meeting any requirements that are outlined. While reading the section of controls overview section of the current checklist, it’s become apparent that the entirety of the IT department is responsible for all controls at this time. From my personal standpoint I believe that the IT department should be supervising some of the controls, like transport layer security and selecting accounts required for support, I believe everything is asking a lot. I believe that the section labeled PART B should be altered, it states the IT department is responsible for the selection of information systems and identifying who’s accountable for administration and maintenance as well. IT should choose the information system; I don’t believe they need entire control over who’s in charge and the maintenance. I
believe that they should have suggestions, but I believe the choice should be left up to the management of the organization. Another obligation that the IT department has is the identification of personnel liable for CA assignment approval has moved to the checklists part C which is labeled as “IT.” I believe that this should be moved to higher management or within someone from HR. When issuing a CA its common to consider the status of the employee and the work obligations that they have for the requested CA. The employees who would be most familiar with the responsibilities that are usually involved with the work are in the position or have the oversight to understand if it’s necessary and what sort of restrictions should or shouldn’t be applied. These are also on par with the material in the Checklist Part “F.” The individuals of staff who have the oversight and are most familiar with the tasks that are performed in their perspective areas or departments are the ones would be best suited to define an individual’s functions and what criteria would be satisfactory. From my standpoint I can see that the checklist will not cover all of the necessities that are required to construct a CA system that management wants. From what I can see that if anything involved in Part “A” or “B” is met the checklist will move onto part G, which will be the portion of consideration for the certificate. The multiple topics covered under this part are the revocation and assignment of the certificates. Within the predetermined validity length, management has required to include a predetermined PKI in the documentation. As a result of this, there will have to some modifications to the checklist in order for it to meet every single requirement.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
References: Executech. (2023, July 20). Full checklist for cyber security assessments . https://www.executech.com/insights/cyber-security-assessment-checklist/ Awati, R., & Cobb, M. (2021, August 20). What is a certificate revocation list (CRL) and how is it used? . Security. https://www.techtarget.com/searchsecurity/definition/Certificate- Revocation-List Sanders, R. (2023, September 12). What is a certificate revocation list (CRL) vs OCSP? . Keyfactor. https://www.keyfactor.com/blog/what-is-a-certificate-revocation-list-crl-vs- ocsp/

Related Documents

ethical hacking - assignment 1.pdf
ITNW 1354 Module 1 Mastery Assessment Lab v22-4.pdf
ITM550 CASE 3.docx
ITM550 SLP 2.docx
Course Project Milestone 1.docx
CYB 300 Milestone Three Worksheet.docx
CYB 240 Project One Vulnerability Summary Report.docx
CYB 240 Module Four Lab Worksheet.docx
CYB 240 Project One Milestone.docx
CYB 240 Module Five Lab Worksheet.docx
CYB 300 4-4 Milestone Two Checklist.docx
Screenshot 2023-12-03 224254.png