IT-FPX4803_GwynnHonda_Assessment2-1
docx
keyboard_arrow_up
School
Capella University *
*We aren’t endorsed by this school
Course
4803
Subject
Information Systems
Date
Apr 3, 2024
Type
docx
Pages
9
Uploaded by Five4Fit
IT-FPX4803 - System Assurance Security
Assessment 2 Template
Part 1: Lab Exercise
Screenshots:
Insert and title (with step number) all screenshots in the same order as the order specified in the assessment directions. Part 1
Step 10 Ports/Hosts tab from the SYN scan for 172.30.0.10
1
Step 16 Host Details tab from the OS scan for 172.30.0.2
2
Step 20 Ports/Hosts tab from the Service scan for 172.30.0.11
Part 1.3 Response:
Nessus is a remote scanning tool used to perform vulnerability assessments, and it can perform
network discoveries of devices being used. It is used during the vulnerability phase of ethical hacking whenever the network mapping scan is completed. Nmap, or network mapper, on the other hand, is used during the scanning and vulnerability phase of ethical hacking. It is a Linux-based command line tool used for scanning IP addresses and ports within a network. Nessus is able to scan ports normally in a similar manner to Nmap, but Nessus considers the open ports and provides notifications to the user or users if there have been any vulnerabilities 3
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
found during the scan. Nmap is able to offer fast sweeps of a network and quickly discover what vulnerabilities may be present on a network. If a business needs a thorough vulnerability scanning tool, Nessus would be the best option. However, Nmap is better for companies or organizations that need a free scanning tool to find open ports and specific vulnerabilities. Nessus is better for vulnerability testing, and Nmap is better for network mapping. Both of these tools are beneficial in one way or another, but Nmap is more valuable than Nessus. Not only does Nmap scan ports, but it also helps the user to see the results quickly; probably quicker than Nessus. You could perform the scan to find the hosts that need repairing, and it would show the results. Nmap is also free.
4
Part 2: Security Planning
5
[Enter content for Part 2 of the assessment here – make sure to label your work appropriately)]
[Item 2.1]:
Vulnerability Management Policy
Purpose: To create more robust security within Laskondo Healthcare systems and to reduce any security threats to decrease the healthcare system’s vulnerabilities.
Scope: This policy will apply to all Laskondo Healthcare employees and any other entity that can access Laskondo Healthcare systems. This includes employees, doctors, contractors, volunteers, etc. Policy Statement: 1.
Vulnerability Assessments
1.1. Any device and/or asset connecting to any portion of Laskondo Healthcare’s network will be monitored and scanned regularly. 1.2. These assessments will be performed and maintained every month.
1.2.1.
Assessments will include identifying software bugs or errors and locating any gaps in the LAN domain.
1.2.2.
All scans will be completed by the 15
th
and by the 28
th
.
1.2.2.1.
These scans will include desktops, laptops, mobile devices such as tablets or iPads, mobile phones, and devices connected to the Laskondo Healthcare network.
2.
Roles and Responsibilities
6
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
2.1. CIO
2.2. Project Manager
2.3. Department Managers
2.4. Employees
3.
Effective Dates
3.1. The beginning of each quarter.
3.2. Reviewed by the end of each quarter.
3.3. Revised dates as necessary.
4.
Policy Statements
4.1. PHI should have the highest priority.
4.2. Immediate response to all adverse usage of Laskondo Healthcare’s network.
4.3. CIO and the IT department will manage this policy.
4.3.1.
Including testing and reporting any vulnerability risks.
[Item 2.2]:
Patch Management Policy
Purpose: This policy will be used to outline processes and procedures to maintain the regular updates and management for hardware and software used by Laskondo Healthcare systems.
Scope: The policy will apply to all of Laskondo Healthcare Systems’ (referred to as organization throughout this policy) system resources connected to the organization’s network. The policy will apply to all entities of Laskondo Healthcare, including, but not 7
limited to; medical staff, physicians, and contractors.
Policy: Patch management will be categorized and implemented according to the level of threat and vulnerability risks. When a patch is established, the Patch Management policy will become effective.
Process:
1.
Continuous monitoring and scanning will be completed by the IT department to release updates and patches for the organization’s network.
2.
The IT department will patch or update once the source will be verified prior to downloading.
3.
Any vulnerabilities or threats found will be categorized by threat level.
4.
Testing and results will be documented.
5.
Any possibilities of data being affected will be backed up according to the patches and/or updates.
6.
Patches should be implemented, monitored, and evaluated.
7.
Document the patch management process.
Enforcement: Any employee and/or outside entity who deliberately violates this policy will be disciplined accordingly, which will include termination. Misleading or falsified reports will not be tolerated, and those actions will lead to termination.
Non-compliance with software, firmware, etc., during patching requirements, should be removed from all critical resources.
This policy will be distributed to any and all of Laskondo Healthcare’s staff including, but not limited to executives, medical staff, IT staff, and contractors.
8
9
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help