Implementing_a_Risk_Mitigation_Plan_3e_-_Madeline_OMalley
pdf
keyboard_arrow_up
School
Utica College *
*We aren’t endorsed by this school
Course
356
Subject
Information Systems
Date
Dec 6, 2023
Type
Pages
10
Uploaded by BrigadierJellyfishPerson5726
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
Student:
Email:
Madeline O`Malley
madeline.omalley@spartans.ut.edu
Time on Task:
Progress:
4 hours, 46 minutes
100%
Report Generated:
Sunday, November 26, 2023 at 9:45 PM
Guided Exercises
Part 1: Update the Information Security Policy Document
3.
Recommend
and
explain
four properties and any associated values.
Length:
Longer passwords generally provide better security because they increase the possible
combinations of characters, making it more difficult for attackers to guess or crack the password.
Aiming for a minimum of 12 characters is important. Consider using even longer passwords, especially
for more sensitive accounts.
Complexity:
A strong password should include a mix of different character types, such as uppercase
letters, lowercase letters, numbers, and special symbols. This complexity makes it harder for attackers
to use brute-force methods. Use a combination of uppercase and lowercase letters, numbers, and
special characters.
Unpredictability:
Avoid using easily guessable information, such as dictionary words, common
phrases, or easily accessible personal information. The goal is to create a password that is difficult for
others to guess, even with knowledge of your personal details. Do not use easily guessable
information like names, birthdays, or common words. Consider using a combination of unrelated
characters or create a passphrase that is memorable to you but difficult for others to guess.
Uniqueness:
Each of your passwords should be unique to each account. Using the same password
across multiple accounts increases the risk that if one account is compromised, others will be as well.
Avoid using the same password for different accounts. Consider using a password manager to
generate and store unique, complex passwords for each of your accounts.
Page 1 of 10
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
4.
Update
the existing password policy with an additional statement for each property.
2.2.1 - Failure to comply with this policy may result in access restrictions and other disciplinary actions
in accordance with the organization's security protocols
2.2.2 - Each employee is responsible for maintaining the confidentiality of their assigned password. If
an employee suspects that their password may have been compromised or if they encounter any
suspicious activity related to their account, it is their duty to promptly report such incidents to the IT
department for investigation and resolution.
2.2.3 - In order to uphold the highest standards of security, employees are expressly prohibited from
writing down their passwords or storing them in easily accessible locations. If employees find it
challenging to remember complex passwords, they are encouraged to use secure password
management tools provided by the organization. Any instance of a written password, whether on
physical or digital mediums, poses a significant security risk and must be avoided.
Part 2: Sanitize a Windows Server
7.
Make a screen capture
showing the
empty Documents folder and empty Recycle Bin
icon
.
Page 2 of 10
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
12.
Make a screen capture
showing the
empty acmeFTP folder and empty Recycle Bin icon
.
Page 3 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
22.
Make a screen capture
showing the
Active Directory Users and Computers console
without the Database_Test user
.
Page 4 of 10
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
Part 3: Update the Active Directory Password Policy
Page 5 of 10
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
11.
Make a screen capture
showing the
updated password policy
.
Part 4: Change a User Password
12.
Record
the new password that you used.
Patri0ts#12
Page 6 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
14.
Make a screen capture
showing the
Jack Smith account logged in on the vWorkstation
.
Page 7 of 10
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
Challenge Exercises
Part 1: Define a Security Policy for Handling Sensitive Information
Create
one or more clauses for each policy requirement.
Passwords must adhere to the organization's specified complexity requirements. Recognize and
understand that the confidentiality of passwords is crucial for maintaining the security of the
organization's information systems. Passwords must be memorized, and any difficulties should be
addressed using secure password management tools provided by the organization. Report any loss or
compromise of access credentials immediately upon discovery. System and security administrators
are responsible for implementing and enforcing password policies across the organization. Conduct
regular security awareness training for all users to educate them on password security best practices.
Implement and maintain monitoring mechanisms to detect and respond to unauthorized access or
suspicious activities. Administer user accounts in a timely manner, including provisioning and de-
provisioning access based on role changes or departures.
Part 2: Map Your Actions to the ISO/IEC 27002 Information Security Controls
Describe
what you have already done in response to four of the security controls.
deleted critical files to protect sensitive information and changed the password of one user to meet the
companies new standards of 8 characters minimum.
Identify
the five security controls that are not applicable to this case.
enforce intellectual property, information security awareness, education, and training, correct data
processing, technical vulnerability management, business continuity management
Describe
what you could do to implement the remaining security control.
The implementation of information security incident management involves the establishment of a
structured and comprehensive framework to proactively address, detect, respond to, and recover from
security incidents. This begins with the development of a thorough Incident Response Plan that clearly
delineates the roles and responsibilities of the incident response team. The organization should form a
dedicated team comprising individuals with expertise in IT, security, legal, and communications.
Monitoring systems and tools must be implemented to promptly identify and classify security incidents
based on severity. Incident response procedures should cover containment, eradication, and forensic
analysis to understand the incident's scope and impact.
Part 3: Harden TargetWindows01
Page 8 of 10
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
Make a screen capture
showing the
activated Windows Update service
.
Make a screen capture
showing the
disabled Microsoft FTP service
.
Page 9 of 10
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Implementing a Risk Mitigation Plan (3e)
Managing Risk in Information Systems, Third Edition - Lab 08
Make a screen capture
showing the
uninstalled third-party management tool that you located
.
Powered by TCPDF (www.tcpdf.org)
Page 10 of 10