Identify, formulate, and solve technical and policy challenges

timer Asked: Feb 20th, 2014

Question description

Objective: Identify, formulate, and solve technical and policy challenges in an InfoSEC position.

Background: Dave Dandy, Owner of David’s Dandy Doohickies (D.D.D.) has noticed that several of the intranet servers are located in the system administrator’s cube and have been for 3 months. The servers include these servers: a web server that hosts the HR system; an internal email server that routes mail destined for the “outside” to the world facing server in the DMZ; and an internal only ftp server used to hold proprietary design information on the new lone of framastats that D.D.D is developing.

The current server room at D.D.D. has no locks, cameras, or access lists. In fact, it still resembles the warehouse that it is housed in, lacking even a rudimentary fire extinguisher system. While there is a tape backup process, labels consist of small notes taped to each backup tape. There is also no centralized log management; list of who has administrative rights on any of the servers in the server room or outside the administrator’s cube.

Instructions: Remember there are three types of controls: administrative, technical, and policy. You first need to identify all of the security issues with D.D.D. Divide the issues identified into the three control categories. Each issue may over lap the categories and often do. For each issue, identify a specific technique in that control category to mitigate the issue. This is most easily done with a matrix but there are certainly many other acceptable ways. 

You should seek controls that will provide the most security effectiveness for the money. That said, Dave will listen to reasonable proposals for spending his money.


Submit a matrix or other suitable way of expressing the relationship between issue, type of control, and type of mitigation. Use proper citations when appropriate, so a reference page will also be required. Remember that security must be cost effective as well as effective so use wisdom when deciding to use a control or a mitigation technique.

While there are non-access control issues that you may include, the focus should be on those issues related to access control as we have discussed during this course.

Example Deliverable:

Note: this example may or may not follow the citation rules used by the school. You need to check the proper citation rules for yourself. 

An organization has decided to implement a stronger password management system. For this one issue, a matrix could look like this:





Password security

Establish policy to require minimum length of 14 characters, mixed case and special characters (1997)

Enforce policy using PAM (2004).

Use OTP token to provide multi-factor RSA (2006)

Explanation of mitigation:

Pluggable Authentication Module (PAM) will allow verification and enforcement of more complex password rules than provided for in our current authentication system.

A One Time Password (OTP) token such as MyPw will allow inexpensive multi-factor authentication (


(1997). "RFC-2196, Site Security Handbook." Request for Comments Retrieved February 8, 2005, from

(2004) OATH Reference Architecture Release 1.0. Volume, DOI:

RSA (2006). Making the FFIEC Guidance Operational, Balancing Authentication Methods with Online Banking Risk, RSA.

Grading Criteria AssignmentsMaximum Points
Meets or exceeds established assignment criteria40
Demonstrates an understanding of lesson concepts20
Clearly presents well-reasoned ideas and concepts30
Uses proper mechanics, punctuation, sentence structure, spelling, APA Format10

Tutor Answer

(Top Tutor) Studypool Tutor
School: Duke University
Studypool has helped 1,244,100 students
flag Report DMCA
Similar Questions
Hot Questions
Related Tags

Brown University

1271 Tutors

California Institute of Technology

2131 Tutors

Carnegie Mellon University

982 Tutors

Columbia University

1256 Tutors

Dartmouth University

2113 Tutors

Emory University

2279 Tutors

Harvard University

599 Tutors

Massachusetts Institute of Technology

2319 Tutors

New York University

1645 Tutors

Notre Dam University

1911 Tutors

Oklahoma University

2122 Tutors

Pennsylvania State University

932 Tutors

Princeton University

1211 Tutors

Stanford University

983 Tutors

University of California

1282 Tutors

Oxford University

123 Tutors

Yale University

2325 Tutors