Preliminary Security Assessment - 1466 Words

u04a1 Preliminary Security Assessment TS5311 Enterprise Security February 3, 2013 Introduction The number one responsibility of the Information Assurance/Network Security Officer(s) is to maintain the best security posture for the network that is possible. This task also means that the confidentiality, availability and integrity of the system are maintained. One of the first steps towards this is to perform an assessment of the potential issues with all areas of the network. A preliminary security assessment will begin the task of identifying a list of vulnerabilities (weaknesses and flaws) that could possibly be exploited by a threat†¦show more content†¦These policies are required under Army Regulation 25-2 (Information, n.d.). Rules of Behavior – These guidelines are established to hold users and administrators responsible for their actions as related to information security. Incident Response Plan – Provides guidelines on the correct response based on the type of security incident. These guidelines reflect lessons learned in responding to incidents in the past Contingency Plan – Closely related to the IRP. Based on the type of incident, a plan may be devised to provide a direction to proceed. Natural disasters are usually presented in a contingency plan. Backup Procedures – Also related to the IRP. Providing a point at which all files can be recovered prevents data loss should some type of incident occur, no matter if that is a virus or a power outage. Configuration Management Plan – A CMP is designed to provide guidance and to establish a standard when changing the configuration of any item on the network. This includes adding hardware, adding software, changing configurations of network devices or changing the capability of the system in any way. All changes must be approved by the Configuration Control Board as established in the CMP. Anti-Virus – This plan will ensure all virus definitions are up to date and provide procedures for doing this. There may be other policies or plans that will be addressed in the final report.Show MoreRelatedObjectives Of National Preparedness Goals963 Words   |  4 Pageswith national incidents that affect our Nation’s homeland security. According to Gus Martin, 2015, a summary of the five mission areas and each goal are as follows: The first mission area is prevention, which involves, preventing, avoiding, or stopping a threat or a terroristic act. The main focus is to ensure all are prepared to prevent terrorist attack within the United States. Prevention Mission Area Capabilities and Preliminary Targets are as follows: Planning, Public Information and WarningRead MoreThe Importance Of IT Risk Management Training Program1161 Words   |  5 Pagesthe extent determined necessary by the Secretary to improve the efficiency of operation or security of federal information systems, and such standards prescribed include information security standards that provide minimum information security requirements and are otherwise necessary to improve the security of federal information and information systems (Jansen Grace, 2011). Additionally, other security-related publications, including interagency reports (NISTIRs) and ITL Bulletins, provide technicalRead MoreUnit 7 Technical Assessment Questions967 Words   |  4 Pagesï » ¿1. Why is risk mitigation and filling in critical security gaps an important next step after the security assessment is performed? During your security assessment you probably found some gaps, some of them may be critical gaps, so naturally the next step should be to fix those gaps. Once you know you are exposed you want to fix those gaps ASAP before they get exploited. 2. How do you align the results of the qualitative risk assessment to risk mitigation? You align the results by how likely eachRead MoreThe Assessment Team Administrator Should Begin The Process Of Soliciting Evaluation Team Members838 Words   |  4 PagesThe assessment team administrator should begin the process of soliciting assessment team members. Many organizations solicit members through. Their corporate newsletter, electronic mail, or a personal letter sent from the president/CEO inviting participation. Team members selections should be considered from a group of employees who have expressed an interest in better understanding homeland security and using the Baldrige Criteria as a template for improving their organization’s homeland securityRead MoreMy Results And Observations From The Four Career Profile981 Words   |  4 Pagesthe first career profile activity, Interest, I will be talking about my results from my three letter code(RIASEC) and my SDS(Self-Directed Search) assessment. For the second career profile activity, Personalities, I will be tal king about my results from my preliminary MBTI mini(Myers-Briggs Type Indicator) code, my â€Å"functional pair† in my preliminary MBTI, and information about the characteristics of my MBTI. For the third career profile activity, Values, I will be talking about my results from theRead MoreRisk Management1179 Words   |  5 Pages ABSTRACT Risk management is an activity, which integrates recognition of risk, risk assessment, developing strategies to manage it, and mitigation of risk using managerial resources. Some traditional risk managements are focused on risks stemming from physical or legal causes. (For example, natural disasters or fires, accidents, death). It may refer to numerous types of threats caused by environment, technology, humans, organizations and politics. Objective of risk management is identifying theRead Morehazard and risk1044 Words   |  5 Pageshazardous or non-hazardous equipment and materials such as use of scissors, containers and other materials being used or walking to the park. A risk assessment is a tool for conducting a formal examination of the harm or hazard to people (or an organisation) that could result from a particular activity or situation. Types if risks ; Physical risks, Security risks, Personal safety risks, emotional risks, food safety risks and fire risks. Effective management of risks should become automatic as you becomeRead MorePrivacy Policy : The Fastest Growing Crime1134 Words   |  5 Pagesstep-by-step guide helps your organization leap into action, minimize response time, and therefore mitigate the negative impact of the breach. The policy should address the following steps for responding to the breach: - Breach containment and preliminary assessment; - Evaluating the risks associated with the breach; - Determining the cause and extent of the breach; - Assessing the foreseeable harm from the breach to individuals and the company; - Notifying individuals who may be potentially harmed andRead MoreCase Study : Nexquirk 1447 Words   |  6 PagesNexquirk’s competitor. Such a loss to occur in six months will have a negative impact on the revenues of the organization. Mr. Williams chose to conceal the loss of the firm’s contract from the equity firm, and did not disclose said loss within Securities and Exchange Commission (SEC) filings for stock registration. Additionally, Mr. Williams directed his sales team to offer special pricing to current customers to flood the market with inventory prior to the expiration of the lost contract. Read MoreEssay on System Development Life Cycle1231 Words   |  5 PagesAnderson CMGT/582 - CIS Security and Ethics June 23, 2014 Krystal Hall System Development Life Cycle â€Å"Both risk governance and regulatory requirements emphasize the need for an effective risk management plan. And to effectively manage risk, it is important that definitions of the risk management plan objectives are clear from the start, so that the plan can head in the right direction. Risk management of information assets also provides a strong basis for information security activities, such as