Lab report

  
Week 3 Assignment: Lab Project 
Defining an Information Systems Security Policy Framework for an IT Infrastructure
         
In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. 
The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. 
In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. 
You will submit 2 files at the end of this lab: 1) Lab Report file, and 2) Lab 3 Assessment worksheet
 
Steps:
1. This assignment also includes a link to download the Lab 3 Assessment worksheet. Review the objectives and the questions from this worksheet. You will find answers to these questions as you proceed through the lab steps.
2. Review the seven domains of a typical IT infrastructure. You can find a chart showing these domains and their components on page 80 of the textbook, or you can search the powerpoint over chapter 4.
3. Go to this link: http://www.continuitycompliance.org/security-policy-components-of-a-good-policy/ and review the information to determine the components of an information systems security policy.
4. Create a Lab Report file, a word document recording the information you find. For the first section of this file, identify the major components of an information systems security policy.
5. Review the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure:
  
Risks, Threats, and Vulnerabilities

Domain
 
Unauthorized   access from public Internet

Don't use plagiarized sources. Get Your Custom Essay on
Lab report
Just from $13/Page
Order Essay

 
Hacker   penetrates IT infrastructure

 
Communication   circuit outages

 
Workstation   operating system (OS) has a known software vulnerability

 
Unauthorized   access to organization-owned data

 
Denial of   service attack on organization’s email

 
Remote   communications from home office

 
Workstation   browser has software vulnerability

 
Weak   ingress/egress traffic-filtering degrades performance

 
Wireless   Local Area Network (WLAN) access points are needed for Local Area Network   (LAN) connectivity within a warehouse

 
User destroys   data in application, deletes all files, and gains access to internal network

 
Fire destroys   primary data center

 
Intraoffice   employee romance gone bad

 
Loss of   production data

 
Need to   prevent rogue users from unauthorized WLAN access

 
LAN server OS   has a known software vulnerability

 
User   downloads an unknown email attachment

 
Service   provider has a major network outage

 
User inserts   CDs and USB hard drives with personal photos, music, and videos on   organization-owned computers

 
Virtual   Private Network (VPN) tunneling between the remote computer and   ingress/egress router

6. In your Lab Report file, copy the chart and align or assign reach of the risks, threats, and vulnerabilities identified in the previous table to the domain impacted (refer to step 2 above).
7. In your Lab Report file, explain how risks like these can be mitigated with an information systems security policy.
8. Go to this link: https://pdfs.semanticscholar.org/231b/c2ca1c556cb7b46bc46dd49e86f0e6ab8050.pdf and read the SANS Institute document, “A Short Primer for Developing Security Policies.”
9. In your Lab Report file, define what a policy is according to the SANS Institute.
[Note: It is important to understand how and why a policy differs from a standard, a procedure, and a guideline. From the top down, the policy should not change or need modification unless a major shift in corporate values or business process occurs. On the contrary, guidelines should be reviewed, and possibly changed, often. Similarly, even though a policy should be written clearly and concisely, it is a high-level document answering the “why” questions. Standards are also high-level, but instead should answer the “what” questions. Finally, the procedures and guidelines provide the “how.”]
10. Using the SANS primer, in your Lab Report file, describe the basic requirements of policies, their benefits, the control factors, and policies every organization needs.
11. Review the identified risks, threats, and vulnerabilities in the table in step 8, and then select an appropriate policy definition that might help mitigate each of them. You can select one of the SANS policies or choose one from the following list:
a. Acceptable Use Policy
b. Access Control Policy Definition
c. Business Continuity—Business Impact Analysis (BIA) Policy Definition
d. Business Continuity & Disaster Recovery Policy Definition
e. Data Classification Standard & Encryption Policy Definition
f. Internet Ingress/Egress Traffic Policy Definition
g. Mandated Security Awareness Training Policy Definition
h. Production Data Backup Policy Definition
i. Remote Access Policy Definition
j. Vulnerability Management & Vulnerability Window Policy Definition
k. Wide Area Network (WAN) Service Availability Policy Definition
12. In your Lab Report file, add your selected security policies and definitions, identifying what risks, threats, or vulnerabilities each selected policy would mitigate.
This completes the Lab Report file. Save your file using a name that includes your last name.
Now, complete the Lab 3 Assessment Worksheet. You can type in this PDF file, adding your answers. Make sure you also enter your name in the field at the top. Resave the worksheet with a new name that includes your last name.
Submit both files when you submit the Week 3 Assignment.

Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more
Live Chat+1(978) 822-0999EmailWhatsApp