Description
- Imagine you are an administrator for a large organization which participates in the competitive widget market. Identify the types of documents that your organization will use. Assess the importance of protecting your organization’s HR, legal, administrative, etc. documents. Determine the method or tools you would use to classify the documents, and the approach you would use to protect the documents. Justify your suggestions.
- Suppose the same large organization mentioned above consisted of several large sites and many smaller sites connected with WAN links (versus the often faster LAN option). Due to this structure you have multiple repositories that must be accessed from multiple sites. Speculate on the possible challenges that you believe users will encounter when accessing the various repositories. Suggest the key ways to mitigate these challenges.
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Explanation & Answer
Review
Review
Anonymous
Great! 10/10 would recommend using Studypool to help you study.
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
24/7 Homework Help
Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!
Most Popular Content
CST 630 CALUMS Advance Cyber Exploitation Discussion
Risk Management
[MUSIC]
After completing your master's degree, you have been hired by a contracting company as an informat ...
CST 630 CALUMS Advance Cyber Exploitation Discussion
Risk Management
[MUSIC]
After completing your master's degree, you have been hired by a contracting company as an information systems security officer, or ISSO, supporting systems for federal clients. One morning, your boss asks you to come to her office. She tells you that you'll be working on a network security audit. Network security audits, based on FISMA standards, are used annually to determine the effectiveness of our security controls. The boss explains: "Prior to the security audit, I will need you to test, execute, collect, and compile your results into a security assessment report, or SAR. Once you're finished, you will submit the report to me and the executive leadership."
Later, you receive a follow-up email from your boss with instructions. First you will conduct a risk and threat assessment of the enterprise network. Next, you will perform black box testing of the network using network analysis tools. After identifying any network vulnerabilities, you will lead efforts to remedy and mitigate those vulnerabilities using appropriate risk management controls. You will then perform a white box test, and compile the results in the final security assessment report. And provide this to leadership, along with an executive briefing in your lab analysis, so management has a baseline view of the security posture of the enterprise network, before the actual external IT audit. The email ends with this note: "Thank you for taking this on. Our executive leadership is excited to learn of your findings."
Project 1: Risk Management
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from this data-flow diagram and report, which is generated by the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization.
Include the following areas in this portion of the SAR:
Security requirements and goals for the preliminary security baseline activity.
Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization.
Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: local area network (LAN), metropolitan area network (MAN), wide area network (WAN), enterprise. Use these questions to guide you:
What are the security risks and concerns?
What are ways to get real-time understanding of the security posture at any time?
How regularly should the security of the enterprise network be tested, and what type of tests should be used?
What are the processes in play, or to be established to respond to an incident?
Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required?
Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed?
Describe the ways to detect these malicious codes and what tactics bad actors use for evading detection.
Public and private access areas, web access points. Include in the network diagram the delineation between open and closed networks, where they coexist, and show the connections to the internet.
Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices?
Operating systems, servers, network management systems as they relate to data in transit vulnerabilities:
endpoint access vulnerabilities
external storage vulnerabilities
media access control and Ethernet vulnerabilities
virtual private network vulnerabilities
Possible applications. This network will incorporate a BYOD (bring your own device) policy in the future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5.
The overall SAR should detail the security measures needed, or implementation status of those in progress, to address the identified vulnerabilities. Include:
remediation
mitigation
countermeasures
recovery
Through your research, provide the methods used to provide the protections and defenses.
From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified.
The baseline should make up at least three of the 12 pages of the overall report.
When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures
Step 2: Determine a Network Defense Strategy
You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network.
Start by reading a publication by the National Institute of Standards and Technology, Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black, white, and gray box testing).
Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report.
Click the following link to learn more about cybersecurity for process control systems.
After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE).that will help determine the company's overall network defense strategy.
Step 3: Plan the Penetration Testing Engagement
Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and time frame. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format.
This portion should be about two pages of the overall 12-page report.
After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are.
Professionals in the Field
Get a Secure Network Up, Quick!
A cyber tale about building skills
Transcript
Image 1
Your team is setting up a secure network for an important tech conference. Attendees will be trying to access the network later that same day. The pressure is on...
Ned, a cyber co-worker, says “Hey, network is up. Can you pen test it for me? Check ports and see if any of my dummy client files are exposed? Nikto should work.... And by the way, with all the big names here, I wouldn’t be surprised if someone is in the lobby trying to sniff our traffic already, so give it your best shot. We only have a few hours to finish.”
You respond, “No problem. I can be done in 30 minutes.”
Ned replies, “That is great! I’ll need time to fix anything you find.”
Image 2
Pressure reminds you of a particular phone call from your Uncle Ray during your time in school. One evening after work, Uncle Ray calls and you answer, “Uncle Ray! Uh oh, I forgot about the big dinner tonight!
Uncle Ray replies, “Hey chief! Will I see you at dinner tonight?”
You answer: “Um...not sure, I have schoolwork to do ....hey! A friend gave me a copy of his assignments from last semester. I can probably just base mine on his. Then I can meet up for dinner tonight."
Uncle Ray says with concern, “Well, okay. It will save you some time, but let me ask you: What are you going to do when you get a job and can’t do the work for real? “
You imagine Uncle Ray the time you visited him at work, welding, his mustache visible below welding goggles. He continues, “I’ve been certified to do 22 types of welds on dozens of job sites. And let me tell you—that wouldn’t have been possible if I waited to learn the welds on the job site. You have to do the weld on the spot while they watch to get a cert for a job.”
Image 3
Ray softens his tone, “Hey, I know you can do it. Put in the work now so you’re ready when you need it, and we’ll see you next time.”
You say, “I’ll think about it. Thanks, Uncle Ray.”
You think to yourself, “It’s not just getting the degree—I have to put in the work, so the degree means something.”
The memory dissipates—back in present at conference you tell Ned, “Here are the results: I can see 32 open ports and I found four files marked Confidential Client Files. Happy to do a second round of pen testing after you fix those.”
Ned says with a big smile, “Thanks!”
Step 4: Conduct a Network Penetration Test
You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization.
To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network.
Your assessments within the lab will be reported in the SAR.
Complete This Lab
Resources
Accessing the Virtual Lab Environment: Navigating UMGC Virtual Labs and Lab Setup
Self-Help Guide (Workspace): Getting Started and Troubleshooting
Link to the Virtual Lab Environment: https://vdi.umgc.edu/
Lab Instructions
Penetration Testing Lab
Getting Help
To obtain lab assistance, fill out the support request form.
Make sure you fill out the fields on the form as shown below:
Case Type: UMGC Virtual Labs Support
Customer Type: Student (Note: faculty should choose Staff/Faculty)
SubType: ELM-Cyber (CST/DFC/CBR/CYB)
SubType Detail: Pick the category that best fits the issue you are experiencing
Email: The email that you currently use for classroom communications
In the form's description box, provide information about the issue. Include details such as steps taken, system responses, and add screenshots or supporting documents.
After finding the security issues within the network, define which control families from NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, are violated by these issues. Explain in the SAR why each is a violation, support your arguments with a copy of your evidence, and then provide suggestions on improving the security posture of these violations.
This section should make up at least four of the 12 pages in the overall report.
After you've completed the penetration testing, move to the next step, where you will compile a risk management cost benefit analysis.
Step 5: Complete a Risk Management Cost Benefit Analysis
You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.
When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR.
Step 6: Compile and Submit the SAR and Lab Report
You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR.
Ashworth College evolution of Style Sheets Discussion
Threaded Discussion InstructionsReview the threaded discussion question posted by the course faculty. You are required to ...
Ashworth College evolution of Style Sheets Discussion
Threaded Discussion InstructionsReview the threaded discussion question posted by the course faculty. You are required to submit at least two (2) responses to this question by 11:59pm EST on Sunday. The first response should be to the faculty; the second response can be directed either to the faculty or to other students in the class. Your responses should be substantive, and reflect analytical and critical thinking skills, as well as, a thorough understanding of your reading assignment. A typical response should consist of 100-150 words in a single-spaced format. Refer to the TDQ Rubric below for more guidance on how to respond.Discuss the evolution of style sheets from print media to the Web, along with the advantages of using Cascading Style Sheets.
CMGT 410 University of Phoenix Small Business Website Development Worksheet
A project’s Work Breakdown Structure (WBS) and Gantt chart provide structure for a project. In this week’s assignment ...
CMGT 410 University of Phoenix Small Business Website Development Worksheet
A project’s Work Breakdown Structure (WBS) and Gantt chart provide structure for a project. In this week’s assignment you develop both the WBS and Gantt chart for a fictitious organization. The Manage Your Health, Inc (MYH) scenario will be used in the weekly assignments for the rest of the course.Review the Manage Your Health Scenario and follow the directions below for completing a WBS and Gantt chart.Develop a work breakdown structure (WBS) for the project. Break down the work to Level 3 or Level 4, as appropriate. Use the Work Breakdown Structure example in this text as a guide, and the "WBS and Gantt Template" below to create your own. The WBS should be based on the information that would be in a project scope of this scenario. You can review your project plan from Week 1. Change the Phases, Categories, Tasks, and Dates on the template. Make it your own and applicable to your project.Week 2 - WBS and Gantt Template.xlsxCreate a Gantt chart using the WBS you developed with Microsoft Excel or another software of your choice. At the minimum, your WBS needs to have a Start and End date for each task, in order for you to create a Gantt chart. Tasks should happen sequentially, but some can happen at the same time (or at least start at the same time). Additional columns with added information like Task Owner (who is the person/team responsible for this task?), Cost, and so on, are optional.(source)A proper WBS is worth up to 50 points, and a matching Gantt Chart, with one line for each task in the WBS, is also worth up to 50. If you leave either one out, you will lose 50 points, which is equivalent to half a letter grade on your Final Grade for the course. The more detailed and realistic you make the WBS and Gantt, the better. Minimal work = Minimal grade.Submit TWO deliverables: the WBS and Gantt Chart as one document (as per the WBS-Gantt template), WBS on the left, and Gantt on the right of it, showing when each task on the WBS takes place. Like the example above. Each task on the WBS has a line on the Gantt.
ISSC341 Central Texas College Building a Wirless Network Paper
Uh-oh, the Legal department and the HR department are demanding their own network.The departments feel that their data is ...
ISSC341 Central Texas College Building a Wirless Network Paper
Uh-oh, the Legal department and the HR department are demanding their own network.The departments feel that their data is sensitive enough that their data should be separated from the other departments.In addition, the Outside Sales department has gotten brand new Apple iPads for all of their users. So there needs to be a Wireless network setup so they can go online.So, you need to build out a change order for the network to account for these two curveball requests.Your submission should be in a Word document and should cover the following (not a complete list)How will you separate the networks, physically or virtually?What type of WiFi network will you setup?What hardware will you use?What encryption method will you use?Will you limit the WiFi signal via physical means?What additional hardware is needed? Software? Etc?Remember to justify your choicesAssignment Grading CriteriaMaximum PointsAppropriate use of terms, correct spelling and grammar 1Uses external resources validating position with applicable knowledge 1.5Completion of required tasks 2Compliance with APA Style Formatting .5 Total Points: 5.0
4 pages
Task 1 Technology.edited
Do you feel that countries and companies need explicit strategies for technology development, given the tremendous amount ...
Task 1 Technology.edited
Do you feel that countries and companies need explicit strategies for technology development, given the tremendous amount of largely spontaneous ...
10 pages
The Osi Reference Model B
Communication can only happen when the participants are able to speak a common language. However, complexity of communicat ...
The Osi Reference Model B
Communication can only happen when the participants are able to speak a common language. However, complexity of communication when it involves more ...
Similar Content
UC Mobile Technology & Tools for Building the Derby App in PhoneGap Discussion
See "Building the Derby App" in App in PhoneGap App in PhoneGap - Alternative Formats(attached) - Page 330. see Chapter ...
WTLS Protocol Architecture, computer science homework help
Hello,Who could provide me with a summary of WTLS Protocol Architecture?Also includes the followings:- WTLS...
Online Videos & Gaming for Learning
I need 400 words on the use of Online
Videos & Gaming for Learning for an online teachers training class1-2 references...
questions about solving algorithms
Solving some questions about different problems such AVL tree and sets and disjoint set Union. ...
UC File Less Malware & Application Security Framework for IT Sourcing Discussion
Task1:
1st - After reading about the management framework for IT sourcing (Chapter 8 in the IT Strategy textbook) on IT de...
UC Search Warrants and Subpoenas Essay
Using the Web or other resources, find a case where an illegal search was claimed.Write a brief essay describing that case...
Replies
Artificial intelligence is an emerging type of technology and agreeable in forms of machines that have the capacity to sol...
Discussion 35088091
Email can be separated into two parts; The addressing information that guides the message from the sender to the receiver ...
Answer 1
Microsoft maintains support website for their products at https://support.microsoft.com. Users can easily get information ...
Related Tags
Book Guides
Get 24/7
Homework help
Our tutors provide high quality explanations & answers.
Post question
Most Popular Content
CST 630 CALUMS Advance Cyber Exploitation Discussion
Risk Management
[MUSIC]
After completing your master's degree, you have been hired by a contracting company as an informat ...
CST 630 CALUMS Advance Cyber Exploitation Discussion
Risk Management
[MUSIC]
After completing your master's degree, you have been hired by a contracting company as an information systems security officer, or ISSO, supporting systems for federal clients. One morning, your boss asks you to come to her office. She tells you that you'll be working on a network security audit. Network security audits, based on FISMA standards, are used annually to determine the effectiveness of our security controls. The boss explains: "Prior to the security audit, I will need you to test, execute, collect, and compile your results into a security assessment report, or SAR. Once you're finished, you will submit the report to me and the executive leadership."
Later, you receive a follow-up email from your boss with instructions. First you will conduct a risk and threat assessment of the enterprise network. Next, you will perform black box testing of the network using network analysis tools. After identifying any network vulnerabilities, you will lead efforts to remedy and mitigate those vulnerabilities using appropriate risk management controls. You will then perform a white box test, and compile the results in the final security assessment report. And provide this to leadership, along with an executive briefing in your lab analysis, so management has a baseline view of the security posture of the enterprise network, before the actual external IT audit. The email ends with this note: "Thank you for taking this on. Our executive leadership is excited to learn of your findings."
Project 1: Risk Management
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from this data-flow diagram and report, which is generated by the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization.
Include the following areas in this portion of the SAR:
Security requirements and goals for the preliminary security baseline activity.
Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization.
Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: local area network (LAN), metropolitan area network (MAN), wide area network (WAN), enterprise. Use these questions to guide you:
What are the security risks and concerns?
What are ways to get real-time understanding of the security posture at any time?
How regularly should the security of the enterprise network be tested, and what type of tests should be used?
What are the processes in play, or to be established to respond to an incident?
Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required?
Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed?
Describe the ways to detect these malicious codes and what tactics bad actors use for evading detection.
Public and private access areas, web access points. Include in the network diagram the delineation between open and closed networks, where they coexist, and show the connections to the internet.
Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices?
Operating systems, servers, network management systems as they relate to data in transit vulnerabilities:
endpoint access vulnerabilities
external storage vulnerabilities
media access control and Ethernet vulnerabilities
virtual private network vulnerabilities
Possible applications. This network will incorporate a BYOD (bring your own device) policy in the future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5.
The overall SAR should detail the security measures needed, or implementation status of those in progress, to address the identified vulnerabilities. Include:
remediation
mitigation
countermeasures
recovery
Through your research, provide the methods used to provide the protections and defenses.
From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified.
The baseline should make up at least three of the 12 pages of the overall report.
When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures
Step 2: Determine a Network Defense Strategy
You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network.
Start by reading a publication by the National Institute of Standards and Technology, Special Publication 800-115, Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black, white, and gray box testing).
Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report.
Click the following link to learn more about cybersecurity for process control systems.
After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE).that will help determine the company's overall network defense strategy.
Step 3: Plan the Penetration Testing Engagement
Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and time frame. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format.
This portion should be about two pages of the overall 12-page report.
After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are.
Professionals in the Field
Get a Secure Network Up, Quick!
A cyber tale about building skills
Transcript
Image 1
Your team is setting up a secure network for an important tech conference. Attendees will be trying to access the network later that same day. The pressure is on...
Ned, a cyber co-worker, says “Hey, network is up. Can you pen test it for me? Check ports and see if any of my dummy client files are exposed? Nikto should work.... And by the way, with all the big names here, I wouldn’t be surprised if someone is in the lobby trying to sniff our traffic already, so give it your best shot. We only have a few hours to finish.”
You respond, “No problem. I can be done in 30 minutes.”
Ned replies, “That is great! I’ll need time to fix anything you find.”
Image 2
Pressure reminds you of a particular phone call from your Uncle Ray during your time in school. One evening after work, Uncle Ray calls and you answer, “Uncle Ray! Uh oh, I forgot about the big dinner tonight!
Uncle Ray replies, “Hey chief! Will I see you at dinner tonight?”
You answer: “Um...not sure, I have schoolwork to do ....hey! A friend gave me a copy of his assignments from last semester. I can probably just base mine on his. Then I can meet up for dinner tonight."
Uncle Ray says with concern, “Well, okay. It will save you some time, but let me ask you: What are you going to do when you get a job and can’t do the work for real? “
You imagine Uncle Ray the time you visited him at work, welding, his mustache visible below welding goggles. He continues, “I’ve been certified to do 22 types of welds on dozens of job sites. And let me tell you—that wouldn’t have been possible if I waited to learn the welds on the job site. You have to do the weld on the spot while they watch to get a cert for a job.”
Image 3
Ray softens his tone, “Hey, I know you can do it. Put in the work now so you’re ready when you need it, and we’ll see you next time.”
You say, “I’ll think about it. Thanks, Uncle Ray.”
You think to yourself, “It’s not just getting the degree—I have to put in the work, so the degree means something.”
The memory dissipates—back in present at conference you tell Ned, “Here are the results: I can see 32 open ports and I found four files marked Confidential Client Files. Happy to do a second round of pen testing after you fix those.”
Ned says with a big smile, “Thanks!”
Step 4: Conduct a Network Penetration Test
You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization.
To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network.
Your assessments within the lab will be reported in the SAR.
Complete This Lab
Resources
Accessing the Virtual Lab Environment: Navigating UMGC Virtual Labs and Lab Setup
Self-Help Guide (Workspace): Getting Started and Troubleshooting
Link to the Virtual Lab Environment: https://vdi.umgc.edu/
Lab Instructions
Penetration Testing Lab
Getting Help
To obtain lab assistance, fill out the support request form.
Make sure you fill out the fields on the form as shown below:
Case Type: UMGC Virtual Labs Support
Customer Type: Student (Note: faculty should choose Staff/Faculty)
SubType: ELM-Cyber (CST/DFC/CBR/CYB)
SubType Detail: Pick the category that best fits the issue you are experiencing
Email: The email that you currently use for classroom communications
In the form's description box, provide information about the issue. Include details such as steps taken, system responses, and add screenshots or supporting documents.
After finding the security issues within the network, define which control families from NIST SP 800-53A, Assessing Security and Privacy Controls in Federal Information Systems and Organizations, are violated by these issues. Explain in the SAR why each is a violation, support your arguments with a copy of your evidence, and then provide suggestions on improving the security posture of these violations.
This section should make up at least four of the 12 pages in the overall report.
After you've completed the penetration testing, move to the next step, where you will compile a risk management cost benefit analysis.
Step 5: Complete a Risk Management Cost Benefit Analysis
You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.
When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR.
Step 6: Compile and Submit the SAR and Lab Report
You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR.
Ashworth College evolution of Style Sheets Discussion
Threaded Discussion InstructionsReview the threaded discussion question posted by the course faculty. You are required to ...
Ashworth College evolution of Style Sheets Discussion
Threaded Discussion InstructionsReview the threaded discussion question posted by the course faculty. You are required to submit at least two (2) responses to this question by 11:59pm EST on Sunday. The first response should be to the faculty; the second response can be directed either to the faculty or to other students in the class. Your responses should be substantive, and reflect analytical and critical thinking skills, as well as, a thorough understanding of your reading assignment. A typical response should consist of 100-150 words in a single-spaced format. Refer to the TDQ Rubric below for more guidance on how to respond.Discuss the evolution of style sheets from print media to the Web, along with the advantages of using Cascading Style Sheets.
CMGT 410 University of Phoenix Small Business Website Development Worksheet
A project’s Work Breakdown Structure (WBS) and Gantt chart provide structure for a project. In this week’s assignment ...
CMGT 410 University of Phoenix Small Business Website Development Worksheet
A project’s Work Breakdown Structure (WBS) and Gantt chart provide structure for a project. In this week’s assignment you develop both the WBS and Gantt chart for a fictitious organization. The Manage Your Health, Inc (MYH) scenario will be used in the weekly assignments for the rest of the course.Review the Manage Your Health Scenario and follow the directions below for completing a WBS and Gantt chart.Develop a work breakdown structure (WBS) for the project. Break down the work to Level 3 or Level 4, as appropriate. Use the Work Breakdown Structure example in this text as a guide, and the "WBS and Gantt Template" below to create your own. The WBS should be based on the information that would be in a project scope of this scenario. You can review your project plan from Week 1. Change the Phases, Categories, Tasks, and Dates on the template. Make it your own and applicable to your project.Week 2 - WBS and Gantt Template.xlsxCreate a Gantt chart using the WBS you developed with Microsoft Excel or another software of your choice. At the minimum, your WBS needs to have a Start and End date for each task, in order for you to create a Gantt chart. Tasks should happen sequentially, but some can happen at the same time (or at least start at the same time). Additional columns with added information like Task Owner (who is the person/team responsible for this task?), Cost, and so on, are optional.(source)A proper WBS is worth up to 50 points, and a matching Gantt Chart, with one line for each task in the WBS, is also worth up to 50. If you leave either one out, you will lose 50 points, which is equivalent to half a letter grade on your Final Grade for the course. The more detailed and realistic you make the WBS and Gantt, the better. Minimal work = Minimal grade.Submit TWO deliverables: the WBS and Gantt Chart as one document (as per the WBS-Gantt template), WBS on the left, and Gantt on the right of it, showing when each task on the WBS takes place. Like the example above. Each task on the WBS has a line on the Gantt.
ISSC341 Central Texas College Building a Wirless Network Paper
Uh-oh, the Legal department and the HR department are demanding their own network.The departments feel that their data is ...
ISSC341 Central Texas College Building a Wirless Network Paper
Uh-oh, the Legal department and the HR department are demanding their own network.The departments feel that their data is sensitive enough that their data should be separated from the other departments.In addition, the Outside Sales department has gotten brand new Apple iPads for all of their users. So there needs to be a Wireless network setup so they can go online.So, you need to build out a change order for the network to account for these two curveball requests.Your submission should be in a Word document and should cover the following (not a complete list)How will you separate the networks, physically or virtually?What type of WiFi network will you setup?What hardware will you use?What encryption method will you use?Will you limit the WiFi signal via physical means?What additional hardware is needed? Software? Etc?Remember to justify your choicesAssignment Grading CriteriaMaximum PointsAppropriate use of terms, correct spelling and grammar 1Uses external resources validating position with applicable knowledge 1.5Completion of required tasks 2Compliance with APA Style Formatting .5 Total Points: 5.0
4 pages
Task 1 Technology.edited
Do you feel that countries and companies need explicit strategies for technology development, given the tremendous amount ...
Task 1 Technology.edited
Do you feel that countries and companies need explicit strategies for technology development, given the tremendous amount of largely spontaneous ...
10 pages
The Osi Reference Model B
Communication can only happen when the participants are able to speak a common language. However, complexity of communicat ...
The Osi Reference Model B
Communication can only happen when the participants are able to speak a common language. However, complexity of communication when it involves more ...
Earn money selling
your Study Documents