Description
Purpose
This connection explores the advantages/disadvantages of using a RAID system.
Connection
Does a Raid 5 system setup eliminate the need for doing tape backups and/or other disaster recovery methods? Defend your position.
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.
Explanation & Answer
Review
Review
Anonymous
Great content here. Definitely a returning customer.
Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4
24/7 Homework Help
Stuck on a homework question? Our verified tutors can answer all questions, from basic math to advanced rocket science!
Most Popular Content
Linux Administration Project
I need help with Linux Implementation Proposal or Virtual Install. Check the attachments and pick whichever proposal you f ...
Linux Administration Project
I need help with Linux Implementation Proposal or Virtual Install. Check the attachments and pick whichever proposal you feel more comfortable with.
CMSC 430 University of Maryland Global Campus Compiler Theory Project
the project skeleton code is in this link: https://drive.google.com/file/d/1ktBOeenBIcMGLORWg...
CMSC 430 University of Maryland Global Campus Compiler Theory Project
the project skeleton code is in this link: https://drive.google.com/file/d/1ktBOeenBIcMGLORWg...
ITAS 669 AIUO Risk Assessment Discussion
At the end of each unit, DB participation is assessed based on level of engagement and the quality of the contribution to ...
ITAS 669 AIUO Risk Assessment Discussion
At the end of each unit, DB participation is assessed based on level of engagement and the quality of the contribution to the discussion. DBs allow learners to learn through sharing ideas and experiences as they relate to course content. Because it is not possible to engage in two-way dialogue after a conversation has ended, no posts to the DB are accepted after the end of the unit. Learners must demonstrate an appropriate depth of understanding of course content to receive credit for having submitted substantive posts. Typically, this is achieved with 3–4 strong paragraphs for Main Posts and 2–3 strong paragraphs for Response Posts.At this point, you have a pretty clear understanding that although PVSS has a desire to do things in sound and secure fashion, it is not able to consolidate efforts and focus its attention in appropriate places. Part of the IT organization thinks that locking down the workstations is critical at this point, while a different group thinks that securing the network and servers should be considered a top priority.Explain why you feel that having both teams continuously discussing and working separately would not be the ideal solution. What is your understanding of risk assessment? How do you think a risk assessment might be able to resolve this conflict? What is your understanding of risk assessment?
Assignment : Information Technology Audit and Control, computer science homework help
Assignment : Information Technology Audit and Control Explain the use of standards and frameworks in a compliance au ...
Assignment : Information Technology Audit and Control, computer science homework help
Assignment : Information Technology Audit and Control Explain the use of standards and frameworks in a compliance audit of an IT infrastructure. You
have been hired as an auditor for a local university. The university is
preparing to undergo an accreditation inspection to validate security
controls are in place and adhered to and that data is protected from
unauthorized access from both people internal and external to the
organization. As the auditor, you play a key role in ensuring
regulations and compliances are met. As the organization prepares for
its three-year accreditation, you are tasked with gathering the
artifacts that will be used to build the accreditation package. Your university has an IT staff consisting of the following personnel: CIO – Overall in charge of network operations and cyber security. Information Security Officer – Implements and manages cyber security policies. System
Analysts – Tasked with monitoring security features implemented on
hosts (laptops, desktops) and server side security (NIPS, NIDS). Auditors
– Tasked with validating baseline compliance of systems in accordance
with Security Technical Information Guide (STIG), NIST, and Federal,
state and local policies, regulations and laws. System Administrators – tasked with managing data and applications on servers. Network Administrators – tasked with managing all switches, routers, firewalls, and sensors. Desktop
Administrators – Tasked with administering hardware and software to
users and managing the day to day trouble calls for users. Help Desk – Acts as the liaison between the customer and administrators through the use of a Ticket Management System (TMS). To
ensure separation of duties, all employees are designated in writing
the roles and responsibilities for which they are responsible.
Terminated employees are debriefed and physical and logical access
controls are removed to prevent further access. Users are
defined as those individuals that don’t have any elevated privileges
that can affect the configuration of a computer or networked device. All
users, prior to gaining access to the network, must read and sign a
user agreement outlining the rules and terms of use. These forms are
reviewed annually by the ISO and stored digitally on the network for
three years from the date of termination. The organization defines a
time period for each type of account after which the information system
terminates temporary and emergency accounts (14 days) and all inactive
accounts (accounts that have not been accessed for 45 days) are
suspended and after 90 days, removed from Active Directory. Advanced
users are those users who possess the rights and credentials to
physically make a configuration change to a networked device or direct a
configuration change through positional authority. All advanced users
complete the same initial user agreement as standard users as well as a
Non-Disclosure Agreement (NDA). There is no required training needed for
standard and advanced users. For automated account management,
the university uses Active Directory (AD). When a user arrives, they
submit a request to have an account created to the Help Desk. The Help
Desk creates a ticket that includes the signed User Agreement and
assigns the ticket to the System Administrators (SA’s). The SA’s create
the account and assign the user access based on their role. Users are
assigned Least Privilege when an account is created. Discretionary
Access Control is created for departments within the university to allow
users within the department to share information amongst defined users.
These processes aren’t audited and Active Directory has become a
massive database containing users that are no longer employed within the
organization as well as files that were created by them. No negative
impact has been observed by this. System Admins track when users login
and log out so that security and software patches can be pushed to the
users machine. This tracking mechanism also contributes to
non-repudiation in the event of a cyber security incident. Additionally,
if there is no activity on the user’s computer for two minutes, the
machine is configured to log the user out. Failure to login correctly
three times will result in the account being locked out and will require
the user to visit the Help Desk in person to validate their credentials
prior to the account being unlocked. As the organization
prepares for its three-year accreditation, you are tasked with gathering
the artifacts and complete an assessment which will be used to build
the accreditation package. The accreditation package that will be
submitted is will be under the Risk Management Framework (RMF) and will
be utilizing the controls found in NIST Publications 800-53 and 800-53A.
The controls that are to be audited have been provided to you. We will
start with addressing the Access Control Policy and Procedure (AC-1). STUDENTS:
The focus of this assignment is the appropriate application and testing
of controls listed in the Access Control family. For this assignment, complete the following tasks within this worksheet. Refer
to the scenario above and NIST 800-53 and 53A for reference when
completing the spreadsheet contained in this worksheet. Ensure that
you answer based on the information provided to you based on the
Assessment Objective listed in the control and the data provided to you
in the scenario. For example; Control Assessment Objective Examine Test / Interview Compliant / Non-Compliant AC-1.1 The
organization develops and formally documents access control policy;
the organization access control policy addresses: purpose; scope;
roles and responsibilities; management commitment; coordination among
organizational entities; and compliance; the organization disseminates
formal documented access control policy to elements within the
organization having associated access control roles and
responsibilities; the organization develops and formally documents
access control procedures the organization access control procedures
facilitate implementation of the access control policy and associated
access controls; and the organization disseminates formal documented
access control procedures to elements within the organization having
associated access control roles and responsibilities. Access control policy and procedures; other relevant documents or records. Organizational personnel with access control responsibilities. Compliant – organization documents access control policy and is implemented based on user role and organizational policies. Control Assessment Objective Examine Test / Interview Compliant / Non-Compliant AC-1.2 AC-2.1 AC-2.(2).1 AC-2.(3).1 AC-2(5).1 AC-3.1 AC-3(2).1 AC-3(4).1 AC-5.1 AC-6.1 AC-7.1 Note:The assignment will be check for plagiarism. The grading rubric for this assignment attached below. Grading
for this assignment will be based on answer quality, logic /
organization of the paper, and language and writing skills, using the
following rubric. Points: 50 Worksheet 3: Information Technology Audit & Control Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1. Determine correct Assessment Objectives for each of the 11 controls presented in the Worksheet. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Assessment Objectives with no more than four errors. Partially determined correct Assessment Objectives with no more than three errors. Satisfactorily determined correct Assessment Objectives with no more than two errors. Successfully determined correct Assessment Objectives for all 11 controls. 2. Examine categories for all controls are correctly identified as defined in IAW NIST 800-53. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Examine categories with no more than four errors. Partially determined correct Examine categories with no more than three errors. Satisfactorily determined correct Examine categories with no more than two errors. Successfully determined correct Examine categories for all 11 controls. 3. Test / Interview categories for all controls are correctly identified as defined in IAW NIST 800-53. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Test / Interview categories with no more than four errors. Partially determined correct Test / Interview categories with no more than three errors. Satisfactorily determined correct Test / Interview categories with no more than two errors. Successfully determined correct Test / Interview categories for all 11 controls. 4. Compliant / Non-Compliant for all controls are correctly identified as defined in IAW NIST 800-53. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Compliant / Non-Compliant categories with no more than four errors. Partially determined correct Compliant / Non-Compliant categories with no more than three errors. Satisfactorily determined correct Compliant / Non-Compliant categories with no more than two errors. Successfully determined correct Compliant / Non-Compliant categories for all 11 controls.
CIS359 WEEK 8 ON-LINE Discussion questions
CIS359 WEEK 8 ON-LINE Discussion questions Question ONE: From the first e-Activity, select one portion of the I ...
CIS359 WEEK 8 ON-LINE Discussion questions
CIS359 WEEK 8 ON-LINE Discussion questions Question ONE: From the first e-Activity, select one portion of the IRS disaster recovery plan that you found interesting. Explain why this portion was interesting to you, and determine whether or not you believe this portion is critical to the overall contingency planning efforts of the agency. Provide a rationale to support your answer. Determine whether or not you believe the IRS DRP would be comparable to that of large enterprises in the private sector (e.g., ConocoPhillips, General Motors, etc.), and explain whether or not you consider this to be the case. Question TWO: From the second e-Activity, determine whether or not you believe the ability to dynamically adapt to the extreme conditions was crucial for disaster response personnel when faced with the challenges caused by Hurricane Sandy. Use examples to support your answer. Explain how dynamic disaster plans can be created and tested. Determine whether or not you think these plans have the ability to be truly dynamic and assist personnel when amidst a disaster situation. E-Activity: Go to the Internal Revenue Service’s (IRS’) Website and review the published disaster recovery plan dated September 4, 2015. Be prepared to discuss. Go to Information Week’s Website and read the article titled “Hurricane Sandy: Disaster Recovery Improv Tales,” dated November 1, 2012, located at http://www.informationweek.com/services/disaster-recovery/hurricane-sandy-disaster-recovery-improv/240012673. Be prepared to discuss. *** Current reverences needed please.This is not an essay, it is short answers. ***
Similar Content
Harvard University Algorithm Problem Set Computer Science Question
just please follow the instructions that are written in the pictures attached within the question. thank you. due in 5 hou...
University of The Cumberlands Data Science and Big Data Worksheet
1. How do you use “pair wise” plots to evaluate the effectiveness of the clustering?
2. The attributes of a data set a...
UC Mining Least Privilege Attribute Based Access Control Policies Discussion
Consider the organization where you work, or an organization where you would like to work if you are not currently employe...
Web Security- CASE PROJECT. I NEED AN EXPERT WHO KNOWS ABOUT CYBER SECURITY
CASE PROJECT: LAW FIRM Points (1000) Company: Law Firm: Lincoln Partners, Esq. A law firm has hired you as a Network ...
Analysis of an Emerging Technology Firm Analytical Review
Project
Analysis of an Emerging Technology Firm
Please find a technology firm recently listed in any U.S. stock market, an...
In your opinion, what are three main topics of chapter nine?, assignment help
In your opinion, what are three main topics of chapter nine?Describe the three topics in detail?must be a minimum of 600 w...
Tech 4
...
Business Intelligence Discussion.edited
The field of business analytics has experienced growth over the years giving rise to more forms of analysis that enable or...
Cloud Computing
Cloud computing refers to a modern technology used in organizations to deliver different services via the internet. The se...
Related Tags
Book Guides
One Flew Over the Cuckoos Nest
by Ken Kesey
The Jade Peony
by Wayson Choy
Calypso
by David Sedaris
Mockingjay
by Suzanne Collins
The Great Gatsby
by Francis Scott Key Fitzgerald
Into Thin Air
by Jon Krakauer
Death on the Nile
by Agatha Christie
The 7 Habits of Highly Effective People
by Stephen R. Covey
The Road
by Cormac McCarthy
Get 24/7
Homework help
Our tutors provide high quality explanations & answers.
Post question
Most Popular Content
Linux Administration Project
I need help with Linux Implementation Proposal or Virtual Install. Check the attachments and pick whichever proposal you f ...
Linux Administration Project
I need help with Linux Implementation Proposal or Virtual Install. Check the attachments and pick whichever proposal you feel more comfortable with.
CMSC 430 University of Maryland Global Campus Compiler Theory Project
the project skeleton code is in this link: https://drive.google.com/file/d/1ktBOeenBIcMGLORWg...
CMSC 430 University of Maryland Global Campus Compiler Theory Project
the project skeleton code is in this link: https://drive.google.com/file/d/1ktBOeenBIcMGLORWg...
ITAS 669 AIUO Risk Assessment Discussion
At the end of each unit, DB participation is assessed based on level of engagement and the quality of the contribution to ...
ITAS 669 AIUO Risk Assessment Discussion
At the end of each unit, DB participation is assessed based on level of engagement and the quality of the contribution to the discussion. DBs allow learners to learn through sharing ideas and experiences as they relate to course content. Because it is not possible to engage in two-way dialogue after a conversation has ended, no posts to the DB are accepted after the end of the unit. Learners must demonstrate an appropriate depth of understanding of course content to receive credit for having submitted substantive posts. Typically, this is achieved with 3–4 strong paragraphs for Main Posts and 2–3 strong paragraphs for Response Posts.At this point, you have a pretty clear understanding that although PVSS has a desire to do things in sound and secure fashion, it is not able to consolidate efforts and focus its attention in appropriate places. Part of the IT organization thinks that locking down the workstations is critical at this point, while a different group thinks that securing the network and servers should be considered a top priority.Explain why you feel that having both teams continuously discussing and working separately would not be the ideal solution. What is your understanding of risk assessment? How do you think a risk assessment might be able to resolve this conflict? What is your understanding of risk assessment?
Assignment : Information Technology Audit and Control, computer science homework help
Assignment : Information Technology Audit and Control Explain the use of standards and frameworks in a compliance au ...
Assignment : Information Technology Audit and Control, computer science homework help
Assignment : Information Technology Audit and Control Explain the use of standards and frameworks in a compliance audit of an IT infrastructure. You
have been hired as an auditor for a local university. The university is
preparing to undergo an accreditation inspection to validate security
controls are in place and adhered to and that data is protected from
unauthorized access from both people internal and external to the
organization. As the auditor, you play a key role in ensuring
regulations and compliances are met. As the organization prepares for
its three-year accreditation, you are tasked with gathering the
artifacts that will be used to build the accreditation package. Your university has an IT staff consisting of the following personnel: CIO – Overall in charge of network operations and cyber security. Information Security Officer – Implements and manages cyber security policies. System
Analysts – Tasked with monitoring security features implemented on
hosts (laptops, desktops) and server side security (NIPS, NIDS). Auditors
– Tasked with validating baseline compliance of systems in accordance
with Security Technical Information Guide (STIG), NIST, and Federal,
state and local policies, regulations and laws. System Administrators – tasked with managing data and applications on servers. Network Administrators – tasked with managing all switches, routers, firewalls, and sensors. Desktop
Administrators – Tasked with administering hardware and software to
users and managing the day to day trouble calls for users. Help Desk – Acts as the liaison between the customer and administrators through the use of a Ticket Management System (TMS). To
ensure separation of duties, all employees are designated in writing
the roles and responsibilities for which they are responsible.
Terminated employees are debriefed and physical and logical access
controls are removed to prevent further access. Users are
defined as those individuals that don’t have any elevated privileges
that can affect the configuration of a computer or networked device. All
users, prior to gaining access to the network, must read and sign a
user agreement outlining the rules and terms of use. These forms are
reviewed annually by the ISO and stored digitally on the network for
three years from the date of termination. The organization defines a
time period for each type of account after which the information system
terminates temporary and emergency accounts (14 days) and all inactive
accounts (accounts that have not been accessed for 45 days) are
suspended and after 90 days, removed from Active Directory. Advanced
users are those users who possess the rights and credentials to
physically make a configuration change to a networked device or direct a
configuration change through positional authority. All advanced users
complete the same initial user agreement as standard users as well as a
Non-Disclosure Agreement (NDA). There is no required training needed for
standard and advanced users. For automated account management,
the university uses Active Directory (AD). When a user arrives, they
submit a request to have an account created to the Help Desk. The Help
Desk creates a ticket that includes the signed User Agreement and
assigns the ticket to the System Administrators (SA’s). The SA’s create
the account and assign the user access based on their role. Users are
assigned Least Privilege when an account is created. Discretionary
Access Control is created for departments within the university to allow
users within the department to share information amongst defined users.
These processes aren’t audited and Active Directory has become a
massive database containing users that are no longer employed within the
organization as well as files that were created by them. No negative
impact has been observed by this. System Admins track when users login
and log out so that security and software patches can be pushed to the
users machine. This tracking mechanism also contributes to
non-repudiation in the event of a cyber security incident. Additionally,
if there is no activity on the user’s computer for two minutes, the
machine is configured to log the user out. Failure to login correctly
three times will result in the account being locked out and will require
the user to visit the Help Desk in person to validate their credentials
prior to the account being unlocked. As the organization
prepares for its three-year accreditation, you are tasked with gathering
the artifacts and complete an assessment which will be used to build
the accreditation package. The accreditation package that will be
submitted is will be under the Risk Management Framework (RMF) and will
be utilizing the controls found in NIST Publications 800-53 and 800-53A.
The controls that are to be audited have been provided to you. We will
start with addressing the Access Control Policy and Procedure (AC-1). STUDENTS:
The focus of this assignment is the appropriate application and testing
of controls listed in the Access Control family. For this assignment, complete the following tasks within this worksheet. Refer
to the scenario above and NIST 800-53 and 53A for reference when
completing the spreadsheet contained in this worksheet. Ensure that
you answer based on the information provided to you based on the
Assessment Objective listed in the control and the data provided to you
in the scenario. For example; Control Assessment Objective Examine Test / Interview Compliant / Non-Compliant AC-1.1 The
organization develops and formally documents access control policy;
the organization access control policy addresses: purpose; scope;
roles and responsibilities; management commitment; coordination among
organizational entities; and compliance; the organization disseminates
formal documented access control policy to elements within the
organization having associated access control roles and
responsibilities; the organization develops and formally documents
access control procedures the organization access control procedures
facilitate implementation of the access control policy and associated
access controls; and the organization disseminates formal documented
access control procedures to elements within the organization having
associated access control roles and responsibilities. Access control policy and procedures; other relevant documents or records. Organizational personnel with access control responsibilities. Compliant – organization documents access control policy and is implemented based on user role and organizational policies. Control Assessment Objective Examine Test / Interview Compliant / Non-Compliant AC-1.2 AC-2.1 AC-2.(2).1 AC-2.(3).1 AC-2(5).1 AC-3.1 AC-3(2).1 AC-3(4).1 AC-5.1 AC-6.1 AC-7.1 Note:The assignment will be check for plagiarism. The grading rubric for this assignment attached below. Grading
for this assignment will be based on answer quality, logic /
organization of the paper, and language and writing skills, using the
following rubric. Points: 50 Worksheet 3: Information Technology Audit & Control Criteria Unacceptable Below 60% F Meets Minimum Expectations 60-69% D Fair 70-79% C Proficient 80-89% B Exemplary 90-100% A 1. Determine correct Assessment Objectives for each of the 11 controls presented in the Worksheet. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Assessment Objectives with no more than four errors. Partially determined correct Assessment Objectives with no more than three errors. Satisfactorily determined correct Assessment Objectives with no more than two errors. Successfully determined correct Assessment Objectives for all 11 controls. 2. Examine categories for all controls are correctly identified as defined in IAW NIST 800-53. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Examine categories with no more than four errors. Partially determined correct Examine categories with no more than three errors. Satisfactorily determined correct Examine categories with no more than two errors. Successfully determined correct Examine categories for all 11 controls. 3. Test / Interview categories for all controls are correctly identified as defined in IAW NIST 800-53. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Test / Interview categories with no more than four errors. Partially determined correct Test / Interview categories with no more than three errors. Satisfactorily determined correct Test / Interview categories with no more than two errors. Successfully determined correct Test / Interview categories for all 11 controls. 4. Compliant / Non-Compliant for all controls are correctly identified as defined in IAW NIST 800-53. Weight: 25% Did not submit or more than four errors present. Insufficiently determined correct Compliant / Non-Compliant categories with no more than four errors. Partially determined correct Compliant / Non-Compliant categories with no more than three errors. Satisfactorily determined correct Compliant / Non-Compliant categories with no more than two errors. Successfully determined correct Compliant / Non-Compliant categories for all 11 controls.
CIS359 WEEK 8 ON-LINE Discussion questions
CIS359 WEEK 8 ON-LINE Discussion questions Question ONE: From the first e-Activity, select one portion of the I ...
CIS359 WEEK 8 ON-LINE Discussion questions
CIS359 WEEK 8 ON-LINE Discussion questions Question ONE: From the first e-Activity, select one portion of the IRS disaster recovery plan that you found interesting. Explain why this portion was interesting to you, and determine whether or not you believe this portion is critical to the overall contingency planning efforts of the agency. Provide a rationale to support your answer. Determine whether or not you believe the IRS DRP would be comparable to that of large enterprises in the private sector (e.g., ConocoPhillips, General Motors, etc.), and explain whether or not you consider this to be the case. Question TWO: From the second e-Activity, determine whether or not you believe the ability to dynamically adapt to the extreme conditions was crucial for disaster response personnel when faced with the challenges caused by Hurricane Sandy. Use examples to support your answer. Explain how dynamic disaster plans can be created and tested. Determine whether or not you think these plans have the ability to be truly dynamic and assist personnel when amidst a disaster situation. E-Activity: Go to the Internal Revenue Service’s (IRS’) Website and review the published disaster recovery plan dated September 4, 2015. Be prepared to discuss. Go to Information Week’s Website and read the article titled “Hurricane Sandy: Disaster Recovery Improv Tales,” dated November 1, 2012, located at http://www.informationweek.com/services/disaster-recovery/hurricane-sandy-disaster-recovery-improv/240012673. Be prepared to discuss. *** Current reverences needed please.This is not an essay, it is short answers. ***
Earn money selling
your Study Documents