3.8 assignment

docx

School

Indiana Wesleyan University, Marion *

*We aren’t endorsed by this school

Course

320

Subject

Information Systems

Date

Dec 6, 2023

Type

docx

Pages

8

Uploaded by abjzumur

Report
3.8 Project Part Three 3.8 Project Part Three Task 1 You are tasked with explaining what goes into a Security Policy and providing examples of items that should be included. You are also tasked with creating a general AUP for all staff members to adhere to.
3.8 Project Part Three Ans: While the information security policy is broad and strategic, the Acceptable Use Policy (AUP) is more detailed and contains rules and guidelines the organization must abide by. The AUP is specific and actionable when it comes to security. The Acceptable Use Policy (AUP) lays out specific guidelines that should be followed in addition to the information security policy. These guidelines can include how long passwords should be, how safe Wi-Fi should be used, how clean desks should be, whether to send personal information via email and how private use of company equipment, such as laptops and smartphones, should be allowed. The AUP's goal is to level the playing field for the organization. All PIN codes and passwords are confidential. I advise creating a strong password with at least 12 characters extended and combining lowercase letters, numbers, and special characters. Symbols always log off or lock your computer before leaving it. Passwords should never be written on paper, posted on bulletin boards, or saved on hard drives or emails. Task 2 You are tasked with explaining the six main types of active phase controls. You also need to explain what each type of control does. You must provide an example of each type of control, a description of the command, and when it might take place using the store scenario (a general model may be found on page 665). Ans: the six main types of active phase controls are below-
3.8 Project Part Three 1. Inventory and Control of Hardware Assets: This CIS security control involves the active management and list of all hardware devices attached to the organization. Hardware devices include but are not limited to: Laptops Mobile devices (phones) Office computers (desktops) Servers “This control is crucial if the network is running test systems or demonstrations that are temporarily attached to the network. These should also be actively managed and isolated to limit attackers' time” (R. Security & Security, 2020b ). 2. Inventory and Control of Software Assets : Like the first CIS Security Control, this one also focuses on ensuring that only authorized software is installed and run on the network and that all unauthorized software is prevented from doing so. To do this, active management and inventory of software assets connected to the organization are required. Attackers constantly search for new ways to compromise systems, and software is no exception. Vulnerable software that has not been updated may present a vulnerability attackers could exploit. Media files, websites, document files, and other types of files may be created by attackers and left up for unsuspecting victims to fall victim to. These victims may be able to access the traps through unprotected web browsers or applications, allowing the attacker to create a backdoor and gain permanent access to the system.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3.8 Project Part Three 3. Continuous Vulnerability Management : To reduce the opportunities that attackers have over system vulnerabilities, this CIS security control calls for organizations to assess new information that might reveal network vulnerabilities continuously and to remediate, remove, and add to that information. 4. Controlled Use of Administrative Privileges: This CIS security control requires the organization to monitor how admin privileges are used throughout the network. To reduce the likelihood of a cyberattack, the organization must rectify, prevent, and regulate the use and distribution of admin privileges on the system. Abuse of admin privileges is hazardous for any system because they typically entail total control over all aspects of the network. 5. Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers: This may sound like a mouthful, but this CIS security control is arguably one of the most important of the six basic rules. The organization must actively monitor, manage, and make necessary corrections to the security configurations of all hardware and software operating on the network. This is primarily because new devices purchased "off the self” are frequently configured for ease of use rather than security. 6. Maintenance, Monitoring, and Analysis of Audit Logs : The last of the fundamental CIS security controls, point 6, mandates that businesses keep audit logs of every event that occurs on the network. Gathering, examining, and organizing these logs can assist the company in the event of a system breach by helping with system recovery. If you don't keep records of every event in your business, business attacks may go unnoticed and launch various malicious attacks. Task 3 Your task is to write a small paragraph on when training should occur and what should be covered.
3.8 Project Part Three Ans: Having well-organized ticket queues is possible with the best help desk software. Correctly categorizing your tickets allows agents access to additional information about each ticket and keeps individual tickets apart. Support teams use skill-based routing to match customer issues to the most appropriate pool of representatives. To put it another way, tickets are assigned to people with the desired skill sets and knowledge rather than to whoever is available to answer requests. Companies that use a help desk tool can easily set the priority of every issue as High, Low, or Normal, depending on the nature of the problem. To avoid this unpleasant situation, your agents should be encouraged to start with top-priority cases or issues that require immediate attention. Task 4 In a meeting, you were asked to review how easily the store's networks can grow to accommodate new services and devices. You have been tasked with explaining what a scalable network is. Ans: The ability of a network to support physical expansion into new development areas and increase bandwidth capacity to manage growing workloads economically and sustainably is known as scalability. In today's more advanced world, scalability is critical to future-proof cities and ensuring they can accommodate the demands of e-learning, remote work, Industry 4.0, and innovative city applications. To meet the rising needs, scalability refers to the ease with which you can scale up or down your operations. On the other hand, network scalability is the ease with which you can add or remove network bandwidth. Task 5 Several managers are going to be traveling over the next several months.
3.8 Project Part Three You have been tasked with exploring Remote VPN options to allow the managers to have access to corporate resources. Explain how this could be done and how cost-feasible it is. Ans: Remote desktop access differs significantly from cloud computing, even though both allow employees to work remotely. While remote desktop software allows users to access their physical desktop computer and only use files and applications saved locally on that desktop, cloud computing enables users to access files and applications stored in the cloud, specifically in cloud servers. Cloud computing can occasionally be more user-friendly and efficient to implement remotely. RDP uses network port 3389 to open a dedicated network channel for data transmission between the two connected machines (the remote desktop and the computer in use). All necessary data, including mouse movements and keystrokes, is sent over this channel via TCP/IP, the transport protocol used for most Internet traffic. Additionally, RDP encrypts all data, making connections over the public Internet more secure. A good VPN often costs around $5 to $10 per month. This pricing could vary depending on each VPN service provider, the features you want included, and your chosen subscription plan. Selecting an annual program, you pay for upfront reduces the overall cost. Task 6 Management has read about security concerns in the newspaper. You have been tasked with reviewing different types of firewall technology and firewall filtering options.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
3.8 Project Part Three Ans: A firewall can either be software or hardware. Software firewalls are programs installed on each computer that regulate network traffic through applications and port numbers. Meanwhile, hardware firewalls are the equipment established between the gateway and your network. Additionally, you call a firewall delivered by a cloud solution as a cloud firewall. A packet-filtering firewall controls data flow to and from a network. It allows or blocks the data transfer based on the packet's soup packet, destination address, the application protocols to transfer the data, etc. You have also been asked to explain what ACL and ACEs are and how they relate to security access for corporate resources. Ans: A single ACL can have multiple Access Control Entry (ACE) to accomplish a given task. An Access Control List (ACL) is an ordered list of actions the switch performs individually. Each step is defined by an ACE that outlines the decisions the ACL must make. These ACEs can perform tasks like allowing or denying a specific network portion or protocol. ACLs are helpful in a network since they provide the tools to filter traffic according to the network's needs, making it more reliable and efficient.
3.8 Project Part Three Reference Security, R., & Security, R. (2020, June 29). What are the Six Basic CIS Critical Security Controls? RSI Security. https://blog.rsisecurity.com/what-are-the-six-basic-cis-critical-security-controls/ Deshpande, C. (2023, August 29). What is a firewall: types, how does it work, advantages & its importance. Simplilearn.com. https://www.simplilearn.com/tutorials/cyber-security-tutorial/what-is- firewall Access Control lists (ACLs) and Access Control Entries (ACEs) configuration on SX200/300 series managed switches. (2018b, June 25). https://community.cisco.com/t5/small-business-support-knowledge- base/access-control-lists-acls-and-access-control-entries-aces/ta-p/3146359#:~:text=An%20Access %20Control%20List%20(ACL,portion%2C%20or%20a%20network%20protocol .

Related Documents

Cisco Networking Academy Guide for Students - Discount for Exams at bottom.docx
Assignment 11 - Code Officials and the Code Process-SFA.docx
Personal Pitch - Sajira Nageswaran.pdf
Lab 11 Q&A.docx
Lab 9 Q&A.docx
Lab 4 Q&A.docx
CH answers VU21995 8 questions.docx
JWI 531_Assignment Workbook_1236 October 22.xlsx
JWI 531_Assignment Workbook_1236 October 19.xlsx
JWI 531_Assignment Workbook_1236 November 13.xlsx
UNIT 2 INDIVIDUAL PROJECT PRINCIPLES OF IT PROJECT MANAGEMENT.docx
UNIT 4 INDIVIDUAL PROJECT IT PRINCIPLES OF PROJECT MANAGEMENT.docx