Graded Assignments

Graded Assignments

You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions.

Assignment Requirements

This is a matching activity. You will receive the Match Risks/Threats to Solutions worksheet, which contains a numbered list of common risks and threats found in a typical IT infrastructure. You must enter the letter for the correct solution or preventative action in the blank to the right of each risk or threat.

Instructions:

You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed.

Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat.

Risks or threats:
1. Violation of a security policy by a user

c
________

2. Disgruntled employee sabotage

i
________

3. Download of non-business videos using the
a
________

Internet to an employer-owned computer
4. Malware infection of a user’s laptop

l
________

5. Unauthorized physical access to the LAN

n
________

6. LAN server operating system vulnerabilities

f
________

7. Download of unknown file types from unknown sources by local users

b
________

8. Errors and weaknesses of network router, firewall, and network h
________

appliance configuration file

m
________

9. WAN eavesdropping
10. WAN Denial of Service (DoS) or Distributed Denial of

d
________

Service (DDoS) attacks
11. Confidential data compromised remotely

k
________

12. Mobile worker token stolen

g
________

13. Corrupt or lost data

e
________

14. Downtime of customer database

j
________

© ITT Educational Services, Inc.
All Rights Reserved.

-2-

02/12/2012

NT2580 Introduction to Information Security

STUDENT COPY: Graded Assignment Requirements

Solutions or preventative actions:

A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types.

B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources.

C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews.

D. Apply filters on exterior Internet Protocol (IP) stateful firewalls and IP router WAN interfaces.

E. Implement daily data backups and off-site data storage for monthly data archiving. Define data recovery procedures based on defined Recovery Time Objectives (RTOs).

F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments.

G. Apply real-time lockout procedures.

H. Define a strict zero-day vulnerability window definition. Update devices with security fixes and software patches right away.

I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance.

J. Develop a disaster recovery plan (DRP) specific to the recovery of mission-critical applications and data to maintain operations.

K. Encrypt all confidential data in the database or hard drive. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection.

M. Use encryption and virtual private network (VPN) tunneling for secure IP communications.

N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials.

Assignment Requirements

You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the “Internal Use Only” data classification standard of Richman Investments. Write this report addressing which IT infrastructure domains are affected by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. Your report will become part of an executive summary to senior management.

User Domain is where only one user will have access to it. This can be configured to internal use only. By default, the IT department tries to maintain a certain level of Security for this, so that nobody can access from the outside, only the IT Department can grant access privilege for Remote Access Point. The User Domain will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data that he or she has access to.

Also, every user on the company is responsible for the security of the environment. Workstation Domain is where all the users work. Before a user can log into the machine, he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username and password. A security protocol requires the password to be changed every 30 days. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are allowed on the network.

The Local Area Network (LAN) Domain is a group of computers all connected to a single LAN domain. The LAN Domain is a collection of computers connected to one another or to a common medium. All LAN domains include data closets, physical elements of the LAN, as well as logical elements as designated by authorized personnel. It requires strong security and access controls. This domain can access company-wide systems, applications, and data from anywhere within the LAN. The LAN support group is in charge maintaining and securing this domain.

The biggest threat to the LAN domain is Un-authorized access to anything (the LAN, the systems, & the data) on the network. One thing we can do is requiring strict security protocols for this domain, such as disabling all external access ports for the workstation. This would prevent any user within the company from bringing an external jump drive, and connecting it to the workstations. This way, we can control company intellectual property, and prevent viruses on the LAN network.

Get Assignment Help Services with StudyAcer.

StudyAcer
Calculate your paper price
Pages (550 words)
Approximate price: -

Why Work With StudyAcer

StudyAcer

Quality Researched Papers

We always make sure that writers follow all your instructions precisely. You can choose your academic level: high school, college/university or professional, and we will assign a writer who has a respective degree.

StudyAcer

Qualified Writers

We have hired a team of professional writers experienced in academic and business writing. Most of them are native speakers and PhD holders able to take care of any assignment you need help with.

StudyAcer

Unlimited Revisions

If you think we missed something, send your order for a free revision. You have 10 days to submit the order for review after you have received the final document. You can do this yourself after logging into your personal account.

StudyAcer

Prompt Delivery

All papers are always delivered on time. In case we need more time to master your paper, we may contact you regarding the deadline extension. We will always strive to deliver on time.

StudyAcer

Original & Confidential

We use several writing tools checks to ensure that all documents you receive are free from plagiarism. Our editors carefully review all quotations in the text.

StudyAcer

24/7 Customer Support

Our support agents are available 24 hours a day 7 days a week and committed to providing you with the best customer experience. Get in touch whenever you need any assistance.

Try it now!

Calculate the price of your order

Total price:
$0.00

How it works?

Follow these simple steps to get your paper done

StudyAcer

Place your order

Fill in the order form and provide all details of your assignment.

StudyAcer

Proceed with the payment

Choose the payment system that suits you most.

StudyAcer

Receive the final file

Once your paper is ready, we will email it to you.

StudyAcer Services

No need to work on your paper at night. Sleep tight, we will cover your back. We offer all kinds of writing services.

StudyAcer StudyAcer

Essays

Essay Writing Service

No matter what kind of academic paper you need and how urgent you need it, you are welcome to choose your academic level and the type of your paper at an affordable price. We take care of all your paper needs and give a 24/7 customer care support system.

StudyAcer StudyAcer

Admissions

Admission Essays

An admission essay is an essay or other written statement by a candidate, often a potential student enrolling in a college, university, or graduate school. You can be rest assurred that through our service we will write the best admission essay for you.

StudyAcer StudyAcer

Reviews

Editing Support

Our academic writers and editors make the necessary changes to your paper so that it is polished. We also format your document by correctly quoting the sources and creating reference lists in the formats APA, Harvard, MLA, Chicago / Turabian.

StudyAcer StudyAcer

Reviews

Revision Support

If you think your paper could be improved, you can request a review. In this case, your paper will be checked by the writer or assigned to an editor. You can use this option as many times as you see fit. This is free because we want you to be completely satisfied.