The Security Posture of the IS

The security posture of the information systems infrastructure of an organization should be regularly monitored and assessed (including software, hardware, firmware components, governance policies, and implementation of security controls). The monitoring and assessment of the infrastructure and its components, policies, and processes should also account for changes and new procurements that are sure to follow in order to stay in step with ever-changing information system technologies.

The data breach at the Office of Personnel Management (OPM) is one of the largest in US government history. It provides a series of lessons learned for other organizations in industry and the public sector. Some critical security practices, such as lack of diligence to security controls and management of changes to the information systems infrastructure were cited as contributors to the massive data breach in the OPM Office of the Inspector General’s (OIG) , which can be found in open source searches. Some of the findings in the report include: weak authentication mechanisms; lack of a plan for life-cycle management of the information systems; lack of a configuration management and change management plan; lack of inventory of systems, servers, databases, and network devices; lack of mature vulnerability scanning tools; lack of valid authorizations for many systems, and lack of plans of action to remedy the findings of previous audits.

The breach ultimately resulted in removal of OPM’s top leadership. The impact of the breach on the livelihoods of millions of people is ongoing and may never be fully known. There is a critical need for security programs that can assess vulnerabilities and provide mitigations.

There are 10 steps that will help you create your final deliverables. The deliverables for this project are as follows:

Security Assessment Report (SAR): This should be an 8-10 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a 5-6 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.
When you submit your project, your work will be evaluated using the competencies listed below. You can use the list below to self-check your work before submission.

1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writers ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
5.2 Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of stan
5.6: Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology
7.3: Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk
8.1: Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
8.2: Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately.
Step 1: Organizational Background
During Project One, you researched a hypothetical or actual organization of your choice. In light of lessons learned from your analysis of the OPM breach and the various publicly available audit reports, you will now learn more about and propose a LAN, WAN, and systems environment in diagram format for your organization. Discuss the security benefits of your chosen network design.

Then read about the following computing platforms available for networks, and discuss how these platforms should be implemented in your organization:

common computing platforms
cloud computing
distributed computing
centralized computing
secure programming fundamentals
Step 2: Organizational Threats
You just provided detailed background information on your organization. Next, youll describe threats to your organizations system. Before you get started, select and explore the contents of the following link: insider threats (also known as internal threats). As youre reading, take note of which insider threats are a risk to your organization.

Now, differentiate between the external threats to the system and the insider threats. Identify where these threats can occur in the previously created diagrams. Define threat intelligence, and explain what kind of threat intelligence is known about the OPM breach. Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?

Step 3: Scanning the Network
Note: You will utilize the tools in Workspace for this step. If you need help outside the classroom to complete this project, you must register for CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Primary lab assistance is available from a team of lab assistants. Lab assistants are professionals and are trained to help you.

Click here to access the instructions for Navigating the Workspace and the Lab Setup.

Click here to access the Project 3 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. You will perform this lab in Step 7.

In order to validate the assets and devices on the organization’s network, run scans using security and vulnerability assessment analysis tools such as MBSA, OpenVAS, Nmap, or NESSUS depending on the operating systems of your organization’s networks. Live network traffic can also be sampled and scanned using Wireshark (we do this in step 7) on either the Linux or Windows systems. Wireshark allows you to inspect all OSI Layers of traffic information. Click the following link to read more about these network monitoring tools: Tools to Monitor and Analyze Network Activities.

Provide the report as part of the SAR.

Review the information captured in these two links message and protocols and Transmission Control Protocol/Internet Protocol (TCP/IP), and identify any security communication, message and protocols, or security data transport methods used such as (TCP/IP), SSL, and others. Make note of this, as it should be mentioned in your reports.

Step 4: Identifying Security Issues
You have a suite of security tools, techniques, and procedures that can be used to assess the security posture of your organization’s network in a SAR.

Now it’s time to identify the security issues in your organization’s networks. You have already used password cracking tools to crack weak and vulnerable passwords. Provide an analysis of the strength of passwords used by the employees in your organization. Are weak passwords a security issue for your organization?

Step 5: Firewalls and Encryption
Next, examine these resources on firewalls and auditingRDBMS related to the use of the Relational Database Management System (i.e., the database system and data) RDBMS. Also review these resources related to access control.

Determine the role of firewalls and encryption, and auditing RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems.

Reflect any weaknesses found in the network and information system diagrams previously created, as well as in the developing SAR.

Step 6: Threat Identification
You know of the weaknesses in your organization’s network and information system. Now you will determine various known threats to the organization’s network architecture and IT assets.

Get acquainted with the following types of threats and attack techniques. Which are a risk to your organization?

IP address spoofing/cache poisoning attacks
denial of service attacks (DoS)
packet analysis/sniffing
session hijacking attacks
distributed denial of service attacks
In identifying the different threats, complete the following tasks:

Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization.
Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
Also discuss the value of using access control, database transaction and firewall log files.
Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks.
Include these in the SAR.

Step 7: Network Analysis
Note: You will utilize the tools in Workspace for this step.

You will now investigate network traffic, and the security of the network and information system infrastructure overall. Past network data has been logged and stored, as collected by a network analyzer tool such as Wireshark.

Select the following link to enter Workspace and complete the lab activities related to network vulnerabilities.

Perform a network analysis on the to you in Workspace and assess the network posture and any vulnerability or suspicious information you are able to obtain. Include this information in the SAR. Further analyze the packet capture for network performance, behavior, and any suspicious source and destination addresses on the networks.

In the previously created Wireshark files, identify if any databases had been accessed. What are the IP addresses associated with that activity? Include this information in the SAR.

Step 8: Suspicious Activity
Note: You will utilize the tools in Workspace for this step.

Hackers frequently scan the Internet for computers or networks to exploit. An effective firewall can prevent hackers from detecting the existence of networks. Hackers continue to scan ports, but if the hacker finds there is no response from the port and no connection, the hacker will move on. The firewall can block unwanted traffic and NMap can be used to self-scan to test the responsiveness of the organization’s network to would-be hackers.

Select the following link to enter Workspace and conduct the port scanning. Provide your findings in the SAR deliverable. Provide analyses of the scans and any recommendation for remediation, if needed. Identify any suspicious activity and formulate the steps in an incidence response that could have been, or should be, enacted. Include the responsible parties that would provide that incidence response and any follow-up activity. Include this in the SAR. Please note that some scanning tools are designed to be undetectable. While running the scan and observing network activity with Wireshark, attempt to determine the detection of the scan in progress. If you cannot identify the scan as it is occurring, indicate this in your SAR.

Step 9: Risk and Remediation
What is the risk and what is the remediation? What is the security exploitation? You can use the OPM OIG Final Audit Report findings and recommendations as a possible source for methods to remediate vulnerabilities.

Read this risk assessment resource to get familiar with the process, then prepare the risk assessment. Be sure to first list the threats, then the vulnerabilities, and then pairwise comparisons for each threat and vulnerability, and determine the likelihood of that event occurring, and the level of impact it would have on the organization. Use the OPM OIG Final Audit Report findings as a possible source for potential mitigations. Include this in the risk assessment report (RAR).

Step 10: Creating the SAR and RAR
Your research and Workspace exercise have led you to this moment: creating your SAR and RAR. Consider what you have learned in the previous steps as you create your reports for leadership.

Prepare a Security Assessment Report (SAR) with the following sections:

Purpose
Organization
Scope
Methodology
Data
Results
Findings
The final SAR does not have to stay within this framework, and can be designed to fulfill the goal of the security assessment.

Prepare a Risk Assessment Report (RAR) with information on the threats, vulnerabilities, likelihood of exploitation of security weaknesses, impact assessments for exploitation of security weaknesses, remediation, and cost/benefit analyses of remediation. Devise a high-level plan of action with interim milestones (POAM), in a system methodology, to remedy your findings. Include this high-level plan in the RAR. Summarize the results you obtained from the vulnerability assessment tools (i.e., MBSA and OpenVas) in your report.

The deliverables for this project are as follows:

Security Assessment Report (SAR): This should be an 8-10 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
Risk Assessment Report (RAR): This report should be a 5-6 page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables, or citations.
In a Word document, share your lab experience and provide screen prints to demonstrate that you performed the lab.
Submit your deliverables to the assignment folder.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

1.1: Organize document or presentation in a manner that promotes understanding and meets the requirements of the assignment.
1.2: Develop coherent paragraphs or points to be internally unified and function as part of the whole document or presentation.
1.3: Provide sufficient, correctly cited support that substantiates the writers ideas.
1.4: Tailor communications to the audience.
1.5: Use sentence structure appropriate to the task, message and audience.
1.6: Follow conventions of Standard Written English.
5.2 Enterprise Architecture: Knowledge of architectural methodologies used in the design and development of information systems, including the physical structure of a system’s internal operations and interactions with other systems and knowledge of stan
5.6: Technology Awareness: Explore and address cybersecurity concerns, promote awareness, best practice, and emerging technology
7.3: Risk Management : Knowledge of methods and tools used for risk management and mitigation of risk
8.1: Incident Detection: Demonstrate the abilities to detect, identify, and resolve host and network intrusion incidents.
8.2: Incident Classification: Possess knowledge and skills to categorize, characterize, and prioritize an incident as well as to handle relevant digital evidence appropriately.


Get Professional Assignment Help Cheaply

Buy Custom Essay

Are you busy and do not have time to handle your assignment? Are you scared that your paper will not make the grade? Do you have responsibilities that may hinder you from turning in your assignment on time? Are you tired and can barely handle your assignment? Are your grades inconsistent?

Whichever your reason is, it is valid! You can get professional academic help from our service at affordable rates. We have a team of professional academic writers who can handle all your assignments.

Why Choose Our Academic Writing Service?

  • Plagiarism free papers
  • Timely delivery
  • Any deadline
  • Skilled, Experienced Native English Writers
  • Subject-relevant academic writer
  • Adherence to paper instructions
  • Ability to tackle bulk assignments
  • Reasonable prices
  • 24/7 Customer Support
  • Get superb grades consistently

Online Academic Help With Different Subjects

Literature

Students barely have time to read. We got you! Have your literature essay or book review written without having the hassle of reading the book. You can get your literature paper custom-written for you by our literature specialists.

Finance

Do you struggle with finance? No need to torture yourself if finance is not your cup of tea. You can order your finance paper from our academic writing service and get 100% original work from competent finance experts.

Computer science

Computer science is a tough subject. Fortunately, our computer science experts are up to the match. No need to stress and have sleepless nights. Our academic writers will tackle all your computer science assignments and deliver them on time. Let us handle all your python, java, ruby, JavaScript, php , C+ assignments!

Psychology

While psychology may be an interesting subject, you may lack sufficient time to handle your assignments. Don’t despair; by using our academic writing service, you can be assured of perfect grades. Moreover, your grades will be consistent.

Engineering

Engineering is quite a demanding subject. Students face a lot of pressure and barely have enough time to do what they love to do. Our academic writing service got you covered! Our engineering specialists follow the paper instructions and ensure timely delivery of the paper.

Nursing

In the nursing course, you may have difficulties with literature reviews, annotated bibliographies, critical essays, and other assignments. Our nursing assignment writers will offer you professional nursing paper help at low prices.

Sociology

Truth be told, sociology papers can be quite exhausting. Our academic writing service relieves you of fatigue, pressure, and stress. You can relax and have peace of mind as our academic writers handle your sociology assignment.

Business

We take pride in having some of the best business writers in the industry. Our business writers have a lot of experience in the field. They are reliable, and you can be assured of a high-grade paper. They are able to handle business papers of any subject, length, deadline, and difficulty!

Statistics

We boast of having some of the most experienced statistics experts in the industry. Our statistics experts have diverse skills, expertise, and knowledge to handle any kind of assignment. They have access to all kinds of software to get your assignment done.

Law

Writing a law essay may prove to be an insurmountable obstacle, especially when you need to know the peculiarities of the legislative framework. Take advantage of our top-notch law specialists and get superb grades and 100% satisfaction.

What discipline/subjects do you deal in?

We have highlighted some of the most popular subjects we handle above. Those are just a tip of the iceberg. We deal in all academic disciplines since our writers are as diverse. They have been drawn from across all disciplines, and orders are assigned to those writers believed to be the best in the field. In a nutshell, there is no task we cannot handle; all you need to do is place your order with us. As long as your instructions are clear, just trust we shall deliver irrespective of the discipline.

Are your writers competent enough to handle my paper?

Our essay writers are graduates with bachelor's, masters, Ph.D., and doctorate degrees in various subjects. The minimum requirement to be an essay writer with our essay writing service is to have a college degree. All our academic writers have a minimum of two years of academic writing. We have a stringent recruitment process to ensure that we get only the most competent essay writers in the industry. We also ensure that the writers are handsomely compensated for their value. The majority of our writers are native English speakers. As such, the fluency of language and grammar is impeccable.

What if I don’t like the paper?

There is a very low likelihood that you won’t like the paper.

Reasons being:

  • When assigning your order, we match the paper’s discipline with the writer’s field/specialization. Since all our writers are graduates, we match the paper’s subject with the field the writer studied. For instance, if it’s a nursing paper, only a nursing graduate and writer will handle it. Furthermore, all our writers have academic writing experience and top-notch research skills.
  • We have a quality assurance that reviews the paper before it gets to you. As such, we ensure that you get a paper that meets the required standard and will most definitely make the grade.

In the event that you don’t like your paper:

  • The writer will revise the paper up to your pleasing. You have unlimited revisions. You simply need to highlight what specifically you don’t like about the paper, and the writer will make the amendments. The paper will be revised until you are satisfied. Revisions are free of charge
  • We will have a different writer write the paper from scratch.
  • Last resort, if the above does not work, we will refund your money.

Will the professor find out I didn’t write the paper myself?

Not at all. All papers are written from scratch. There is no way your tutor or instructor will realize that you did not write the paper yourself. In fact, we recommend using our assignment help services for consistent results.

What if the paper is plagiarized?

We check all papers for plagiarism before we submit them. We use powerful plagiarism checking software such as SafeAssign, LopesWrite, and Turnitin. We also upload the plagiarism report so that you can review it. We understand that plagiarism is academic suicide. We would not take the risk of submitting plagiarized work and jeopardize your academic journey. Furthermore, we do not sell or use prewritten papers, and each paper is written from scratch.

When will I get my paper?

You determine when you get the paper by setting the deadline when placing the order. All papers are delivered within the deadline. We are well aware that we operate in a time-sensitive industry. As such, we have laid out strategies to ensure that the client receives the paper on time and they never miss the deadline. We understand that papers that are submitted late have some points deducted. We do not want you to miss any points due to late submission. We work on beating deadlines by huge margins in order to ensure that you have ample time to review the paper before you submit it.

Will anyone find out that I used your services?

We have a privacy and confidentiality policy that guides our work. We NEVER share any customer information with third parties. Noone will ever know that you used our assignment help services. It’s only between you and us. We are bound by our policies to protect the customer’s identity and information. All your information, such as your names, phone number, email, order information, and so on, are protected. We have robust security systems that ensure that your data is protected. Hacking our systems is close to impossible, and it has never happened.

How our Assignment Help Service Works

1. Place an order

You fill all the paper instructions in the order form. Make sure you include all the helpful materials so that our academic writers can deliver the perfect paper. It will also help to eliminate unnecessary revisions.

2. Pay for the order

Proceed to pay for the paper so that it can be assigned to one of our expert academic writers. The paper subject is matched with the writer’s area of specialization.

3. Track the progress

You communicate with the writer and know about the progress of the paper. The client can ask the writer for drafts of the paper. The client can upload extra material and include additional instructions from the lecturer. Receive a paper.

4. Download the paper

The paper is sent to your email and uploaded to your personal account. You also get a plagiarism report attached to your paper.

smile and order essay GET A PERFECT SCORE!!! smile and order essay Buy Custom Essay


Place your order
(550 words)

Approximate price: $22

Calculate the price of your order

550 words
We'll send you the first draft for approval by September 11, 2018 at 10:52 AM
Total price:
$26
The price is based on these factors:
Academic level
Number of pages
Urgency
Basic features
  • Free title page and bibliography
  • Unlimited revisions
  • Plagiarism-free guarantee
  • Money-back guarantee
  • 24/7 support
On-demand options
  • Writer’s samples
  • Part-by-part delivery
  • Overnight delivery
  • Copies of used sources
  • Expert Proofreading
Paper format
  • 275 words per page
  • 12 pt Arial/Times New Roman
  • Double line spacing
  • Any citation style (APA, MLA, Chicago/Turabian, Harvard)

Our guarantees

Delivering a high-quality product at a reasonable price is not enough anymore.
That’s why we have developed 5 beneficial guarantees that will make your experience with our service enjoyable, easy, and safe.

Money-back guarantee

You have to be 100% sure of the quality of your product to give a money-back guarantee. This describes us perfectly. Make sure that this guarantee is totally transparent.

Read more

Zero-plagiarism guarantee

Each paper is composed from scratch, according to your instructions. It is then checked by our plagiarism-detection software. There is no gap where plagiarism could squeeze in.

Read more

Free-revision policy

Thanks to our free revisions, there is no way for you to be unsatisfied. We will work on your paper until you are completely happy with the result.

Read more

Privacy policy

Your email is safe, as we store it according to international data protection rules. Your bank details are secure, as we use only reliable payment systems.

Read more

Fair-cooperation guarantee

By sending us your money, you buy the service we provide. Check out our terms and conditions if you prefer business talks to be laid out in official language.

Read more
error: Content is protected !!
Open chat
1
Need assignment help? You can contact our live agent via WhatsApp using +1 718 717 2861

Feel free to ask questions, clarifications, or discounts available when placing an order.
  +1 718 717 2861           + 44 161 818 7126           [email protected]
  +1 718 717 2861         [email protected]