Many companies and agencies conduct IT audits to test and assess the rigor of IT security controls in order to mitigate risks to IT networks. Such audits meet compliance mandates by regulatory organizations. Federal IT systems follow Federal Information System Management Act (FISMA) guidelines and report security compliance to US-CERT, the United States Computer Emergency Readiness Team, which handles defense and response to cyberattacks as part of the Department of Homeland Security. In addition, the Control Objective for Information Technology (COBIT) is a set of IT security guidelines that provides a framework for IT security for IT systems in the commercial sector. These audits are comprehensive and rigorous, and negative findings can lead to significant fines and other penalties. Therefore, industry and federal entities conduct internal self-audits in preparation for actual external IT audits, and compile security assessment reports. In this project, you will develop a 12-page written security assessment report and executive briefing (slide presentation) for a company and submit the report to the leadership of that company. There are six steps to complete the project. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than three weeks to complete. Begin with the workplace scenario, and then continue to Step 1. Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: Security requirements and goals for the preliminary security baseline activity. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you: What are the security risks and concerns? What are ways to get real-time understanding of the security posture at any time? How regularly should the security of the enterprise network be tested, and what type of tests should be used? What are the processes in play, or to be established to respond to an incident? Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? Operating systems, servers, network management systems. data in transit vulnerabilities endpoint access vulnerabilities external storage vulnerabilities virtual private ne…
Looking for solution of this Assignment?
WHY CHOOSE US?
We deliver quality original papers |
Our experts write quality original papers using academic databases.We dont use AI in our work. We refund your money if AI is detected |
Free revisions |
We offer our clients multiple free revisions just to ensure you get what you want. |
Discounted prices |
All our prices are discounted which makes it affordable to you. Use code FIRST15 to get your discount |
100% originality |
We deliver papers that are written from scratch to deliver 100% originality. Our papers are free from plagiarism and NO similarity.We have ZERO TOLERANCE TO USE OF AI |
On-time delivery |
We will deliver your paper on time even on short notice or short deadline, overnight essay or even an urgent essay |