System Security Goals

Anonymous
timer Asked: Oct 19th, 2018
account_balance_wallet $15

Question Description

Critical Thinking: System Security Goals

Assignment Details:

In an essay, answer the following questions based on this week’s module:

  • How do you know if your system is meeting your security goals?
  • You can verify that controls are working, but how do you know if they are getting the job done?
  • What auditing practices or procedures would you implement for your organization? Why?

Deliverables:

Provide information from your readings to support your statements. Your well-written essay should be 4-5 pages in length, incorporating at least three academic resources from the Library in addition to the case study. Cite all sources using APA style guidelines, citing references as appropriate.

Unformatted Attachment Preview

Module 07: Critical Thinking Critical Thinking: System Security Goals (60 points) Assignment Details: In an essay, answer the following questions based on this week’s module: • How do you know if your system is meeting your security goals? • You can verify that controls are working, but how do you know if they are getting the job done? • What auditing practices or procedures would you implement for your organization? Why? Deliverables: Provide information from your readings to support your statements. Your well-written essay should be 4-5 pages in length, incorporating at least three academic resources from the Library in addition to the case study. Cite all sources using APA style guidelines, citing references as appropriate. Security Strategies in Windows Platforms and Applications Lesson 7 Microsoft Windows Security Profile and Audit Tools © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective and Key Concepts Learning Objective ▪ Explain profile and audit tools to keep Windows systems secure. Key Concepts ▪ Profiling Windows Security ▪ Microsoft Baseline Security Analyzer (MBSA) ▪ Performing a security audit ▪ Best practices for Microsoft Windows security audits Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Profiling Microsoft Windows Security Baseline • A collection of configuration settings Profiling • The process of comparing real computer configurations to known baselines Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Security Configuration and Analysis (SCA) Security Templates Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 SCA MMC Snap-in Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 SCA Snap-in Analysis Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 SCA Command-Line Tool Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 SCA Command-Line Tool Analysis Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Microsoft Baseline Security Analyzer (MBSA) ▪ Evaluates the current state of a Windows computer ▪ Compares the state to a known baseline ▪ Reports any differences as issues • Ranks issues based on severity • Recommends methods to fix each issue Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 When to Run MBSA ▪ MBSA is a convenient tool for any organization. ▪ MBSA is most helpful in following scenarios: • After adding new computers • To verify compliance • To ensure you haven’t missed important vulnerabilities Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 MBSA Benefits ▪ Visibility of multiple computers’ security ▪ Comparing of multiple computers’ security • Comparing settings is difficult with stand- alone computers ▪ Identifying differences from standards • Scanning large and small groups of computers becomes easy Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 MBSA Procedure Download and install MBSA Run MBSA and select the desired option Scan a computer Scan multiple computers View scan reports Select desired scan options Review scan results when done Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 MBSA Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 MBSA Scan Options Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 MBSA Scan Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 MBSA Command-Line Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 MBSA Command-Line Scan Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 NetChk Protect Limited Scan Summary Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 NetChk Protect Limited Scan Results Viewed in MBSA Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 Secunia’s Online Software Inspector (OSI) Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 Secunia’s Personal Software Inspector (PSI) Simple Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 Secunia’s PSI Advanced Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22 Windows Security Audit Activities Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23 Windows Audits Windows security audit involves identifying, collecting, and analyzing information. Make an audit plan and gather tools to make the task manageable. Collect audit information as soon as possible. Goal is to collect all information that an auditor can use to verify compliance or research unusual activity. Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24 Best Practices for Security Audits ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Create initial baselines Develop security templates in SCA Run SCA/MBSA using command-line interface options Develop batch files to run scans and collect operational information Collect information using a set schedule Archive collected data files Maintain current backups Enable Windows auditing Do not enable Read or List auditing Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25 Best Practices for Security Audits (con’t) ▪ Do not enable Execute auditing on binary files e ▪ Limit enabling all auditing actions to files, folders, programs, and other resources ▪ Enable auditing for all change actions for your Windows install folder ▪ Audit all printer actions ▪ Ignore Read and Write actions for temporary folders ▪ Develop Windows policies and Group Policy Objects that are as simple as possible Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26 Summary ▪ MBSA and its benefits Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27 Virtual Lab ▪ Managing Group Policy Within the Microsoft Windows Environment Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28 ...
Purchase answer to see full attachment

Tutor Answer

NicholasI
School: Duke University

Hi, kindly find attached

Running head: SYSTEM SECURITY GOALS

System Security goals
Student’s Name
Institution
Date

1

SYSTEM SECURITY GOALS

2
System security goals

Every organization strives to ensure that its system is safe from security threats. With the
recent growth in technology, it is important to have sound security control features. The primary
objective of having security controls is to ensure that data and information systems are secure
from threats. It is important to note. Nowadays computers are always vulnerable to attacks.
However, not all attacks come from external parties, employees commit some within the firms.
Quality control measures should still be in place to ensure that the information system is not
compromised (Bertino, 2015). Due to advancement in technology, almost every organization
stores data in computers. Hence, the IT manager should always ensure that data and information
are safe. One of the primary determinants which prove that the security controls are working is
the reliability and availability of the information system. If a system can be accessed at any time,
it shows that quality control measures are in place. An information system which is
compromised is not reliable, and at times it may fail to function. However, if the information
system offers every user with accessibility regardless of the time, it proves that security controls
are working efficiently. It also shows that the system has control over any attacks that may
disrupt the normal functioning of ...

flag Report DMCA
Review

Anonymous
Good stuff. Would use again.

Similar Questions
Hot Questions
Related Tags
Study Guides

Brown University





1271 Tutors

California Institute of Technology




2131 Tutors

Carnegie Mellon University




982 Tutors

Columbia University





1256 Tutors

Dartmouth University





2113 Tutors

Emory University





2279 Tutors

Harvard University





599 Tutors

Massachusetts Institute of Technology



2319 Tutors

New York University





1645 Tutors

Notre Dam University





1911 Tutors

Oklahoma University





2122 Tutors

Pennsylvania State University





932 Tutors

Princeton University





1211 Tutors

Stanford University





983 Tutors

University of California





1282 Tutors

Oxford University





123 Tutors

Yale University





2325 Tutors