System Security Goals

User Generated

f00f

Computer Science

Description

Critical Thinking: System Security Goals

Assignment Details:

In an essay, answer the following questions based on this week’s module:

  • How do you know if your system is meeting your security goals?
  • You can verify that controls are working, but how do you know if they are getting the job done?
  • What auditing practices or procedures would you implement for your organization? Why?

Deliverables:

Provide information from your readings to support your statements. Your well-written essay should be 4-5 pages in length, incorporating at least three academic resources from the Library in addition to the case study. Cite all sources using APA style guidelines, citing references as appropriate.

Unformatted Attachment Preview

Module 07: Critical Thinking Critical Thinking: System Security Goals (60 points) Assignment Details: In an essay, answer the following questions based on this week’s module: • How do you know if your system is meeting your security goals? • You can verify that controls are working, but how do you know if they are getting the job done? • What auditing practices or procedures would you implement for your organization? Why? Deliverables: Provide information from your readings to support your statements. Your well-written essay should be 4-5 pages in length, incorporating at least three academic resources from the Library in addition to the case study. Cite all sources using APA style guidelines, citing references as appropriate. Security Strategies in Windows Platforms and Applications Lesson 7 Microsoft Windows Security Profile and Audit Tools © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Learning Objective and Key Concepts Learning Objective ▪ Explain profile and audit tools to keep Windows systems secure. Key Concepts ▪ Profiling Windows Security ▪ Microsoft Baseline Security Analyzer (MBSA) ▪ Performing a security audit ▪ Best practices for Microsoft Windows security audits Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 2 Profiling Microsoft Windows Security Baseline • A collection of configuration settings Profiling • The process of comparing real computer configurations to known baselines Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 3 Security Configuration and Analysis (SCA) Security Templates Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 4 SCA MMC Snap-in Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 5 SCA Snap-in Analysis Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 6 SCA Command-Line Tool Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 7 SCA Command-Line Tool Analysis Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 8 Microsoft Baseline Security Analyzer (MBSA) ▪ Evaluates the current state of a Windows computer ▪ Compares the state to a known baseline ▪ Reports any differences as issues • Ranks issues based on severity • Recommends methods to fix each issue Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 9 When to Run MBSA ▪ MBSA is a convenient tool for any organization. ▪ MBSA is most helpful in following scenarios: • After adding new computers • To verify compliance • To ensure you haven’t missed important vulnerabilities Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 10 MBSA Benefits ▪ Visibility of multiple computers’ security ▪ Comparing of multiple computers’ security • Comparing settings is difficult with stand- alone computers ▪ Identifying differences from standards • Scanning large and small groups of computers becomes easy Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 11 MBSA Procedure Download and install MBSA Run MBSA and select the desired option Scan a computer Scan multiple computers View scan reports Select desired scan options Review scan results when done Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 12 MBSA Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 13 MBSA Scan Options Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 14 MBSA Scan Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 15 MBSA Command-Line Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 16 MBSA Command-Line Scan Results Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 17 NetChk Protect Limited Scan Summary Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 18 NetChk Protect Limited Scan Results Viewed in MBSA Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 19 Secunia’s Online Software Inspector (OSI) Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 20 Secunia’s Personal Software Inspector (PSI) Simple Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 21 Secunia’s PSI Advanced Interface Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 22 Windows Security Audit Activities Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 23 Windows Audits Windows security audit involves identifying, collecting, and analyzing information. Make an audit plan and gather tools to make the task manageable. Collect audit information as soon as possible. Goal is to collect all information that an auditor can use to verify compliance or research unusual activity. Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 24 Best Practices for Security Audits ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ ▪ Create initial baselines Develop security templates in SCA Run SCA/MBSA using command-line interface options Develop batch files to run scans and collect operational information Collect information using a set schedule Archive collected data files Maintain current backups Enable Windows auditing Do not enable Read or List auditing Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 25 Best Practices for Security Audits (con’t) ▪ Do not enable Execute auditing on binary files e ▪ Limit enabling all auditing actions to files, folders, programs, and other resources ▪ Enable auditing for all change actions for your Windows install folder ▪ Audit all printer actions ▪ Ignore Read and Write actions for temporary folders ▪ Develop Windows policies and Group Policy Objects that are as simple as possible Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 26 Summary ▪ MBSA and its benefits Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 27 Virtual Lab ▪ Managing Group Policy Within the Microsoft Windows Environment Security Strategies in Windows Platforms and Applications © 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Page 28
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Hi, kindly find attached

Running head: SYSTEM SECURITY GOALS

System Security goals
Student’s Name
Institution
Date

1

SYSTEM SECURITY GOALS

2
System security goals

Every organization strives to ensure that its system is safe from security threats. With the
recent growth in technology, it is important to have sound security control features. The primary
objective of having security controls is to ensure that data and information systems are secure
from threats. It is important to note. Nowadays computers are always vulnerable to attacks.
However, not all attacks come from external parties, employees commit some within the firms.
Quality control measures should still be in place to ensure that the information system is not
compromised (Bertino, 2015). Due to advancement in technology, almost every organization
stores data in computers. Hence, the IT manager should always ensure that data and information
are safe. One of the primary determinants which prove that the security controls are working is
the reliability and availability of the information system. If a system can be accessed at any time,
it shows that quality control measures are in place. An information system which is
compromised is not reliable, and at times it may fail to function. However, if the information
system offers every user with accessibility regardless of the time, it proves that security controls
are working efficiently. It also shows that the system has control over any attacks that may
disrupt the normal functioning of ...


Anonymous
I was struggling with this subject, and this helped me a ton!

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags