1
窗体底端
1. In your browser,
navigate to
https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331
.
Read Sections 1-5 of the SANS Policy Development Guide.
Summarize the Policy Development Guide’s recommendations for organizing a policy hierarchy and selecting policy topics.
2. In your browser, navigate to
https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html
.
Describe the core principles and objectives of COBIT 2019.
3. Review the following list of risks, threats, and vulnerabilities at the fictional Healthwise Health Care Company.
1. Unauthorized access from public Internet
2. Hacker penetrates IT infrastructure
3. Communication circuit outages
4. Workstation operating system (OS) has a known software vulnerability
5. Unauthorized access to organization-owned data
6. Denial of service attack on organization’s e-mail
7. Remote communications from home office
8. Workstation browser has software vulnerability
9. Weak ingress/egress traffic-filtering degrades performance
10. Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse
11. User destroys data in application, deletes all files, and gains access to internal network
12. Fire destroys primary data center
13. Intraoffice employee romance gone bad
14. Loss of production data
15. Need to prevent rogue users from unauthorized WLAN access
16. LAN server OS has a known software vulnerability
17. User downloads an unknown e-mail attachment
18. Service provider has a major network outage
19. User inserts a USB hard drive with personal photos, music, and videos on organization-owned computers
20. Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router
For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the following list.
4. Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.
5. A user at Digital Innovation Products has been using company network resources to download torrent files onto a USB drive and transfer those files to their home computer. IT tracked down the torrent traffic during a recent network audit. Unfortunately, the company does not have a current policy that restricts this type of activity.
A. Identify at least two appropriate policies that should be in place to define this type of behavior and the consequences thereof.
B.
Write a brief overview for C-level executives explaining which policies should be added to the company’s overall security policy framework, why they should be added, and how those policies could protect the company.
1
1.
In
your
browser,
navigate
to
https://www.sans.org/reading-
room/whitepapers/policyissues/information-security-policy-development-
guide-large-small-companies-1331
.
Read
Sections
1-5
of
the
SANS
Policy
Development
Guide.
Summarize
the
Policy
Development
Guide’s
recommendations
for
organizing
a
policy
hierarchy
and
selecting
policy
topics.
2.
In
your
browser,
navigate
to
https://www.cio.com/article/3243684/what-
is-cobit-a-framework-for-alignment-and-governance.html
.
Describe
the
core
principles
and
objectives
of
COBIT
2019.
3.
Review
the
following
list
of
risks,
threats,
and
vulnerabilities
at
the
fictional
Healthwise
Health
Care
Company.
1.
Unauthorized
access
from
public
Internet
2.
Hacker
penetrates
IT
infrastructure
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
