Question Description

All submissions need to closely adhere to the below listed criteria; I will be stringent on accepting work.

—————————————————————————————————

Get Your Custom Essay Written From Scratch

We have worked on a similar problem. If you need help click order now button and submit your assignment instructions.

Get Answer Over WhatsApp Order Paper Now

Just from $13/Page

Objective:  Identify, formulate, and solve technical and policy challenges in an InfoSEC position.

Background: Dave Dandy, Owner ofDavid’s Dandy Doohickies (D.D.D.) has noticed that several of theintranet servers are located in the system administrator’s cube and havebeen for 3 months. The servers include these servers:  aweb server that hosts the HR system; an internal email server thatroutes mail destined for the “outside” to the world facing server in theDMZ; and an internal only ftp server used to hold proprietary designinformation on the new lone of framastats that D.D.D is developing.

The current server room at D.D.D. has no locks, cameras, or access lists.  In fact, it still resembles the warehouse that it is housed in, lacking even a rudimentary fire extinguisher system.  While there is a tape backup process, labels consist of small notes taped to each backup tape.  Thereis also no centralized log management; list of who has administrativerights on any of the servers in the server room or outside theadministrator’s cube.

Instructions: Remember there are three types of controls: administrative, technical, and policy.  You first need to identify all of the security issues with D.D.D.  Divide the issues identified into the three control categories.  Each issue may over lap the categories and often do.  For each issue, identify a specific technique in that control category to mitigate the issue.  This is most easily done with a matrix but there are certainly many other acceptable ways. 

You should seek controls that will provide the most security effectiveness for the money.  That said, Dave will listen to reasonable proposals for spending his money.

Deliverables:

Submit a matrix or other suitable way of expressing the relationship between issue, type of control, and type of mitigation.  Use proper citations when appropriate, so a reference page will also be required.  Rememberthat security must be cost effective as well as effective so use wisdomwhen deciding to use a control or a mitigation technique.

While there are non-access control issues that you mayinclude, the focus should be on those issues related to access controlas we have discussed during this course.

Example Deliverable:

Note: this example may or may not follow the citation rules used by the school.  You need to check the proper citation rules for yourself. 

An organization has decided to implement a stronger password management system.  For this one issue, a matrix could look like this:

Issue

Administrative

Technical

Physical

Password security

Establish policy to require minimum length of 14 characters, mixed case and special characters (1997)

Enforce policy using PAM (2004).

Use OTP token to provide multi-factor RSA (2006)

Explanation of mitigation:

PluggableAuthentication Module (PAM) will allow verification and enforcement ofmore complex password rules than provided for in our currentauthentication system.

A One Time Password (OTP) token such as MyPw will allow inexpensive multi-factor authentication (www.MyPw.com).

References

(1997). “RFC-2196, Site Security Handbook.” Request for Comments  Retrieved February 8, 2005, from http://www.ietf.org/rfc/rfc2196.txt.

(2004) OATH Reference Architecture Release 1.0.  Volume,  DOI:

RSA (2006). Making the FFIEC Guidance Operational, Balancing Authentication Methods with Online Banking Risk, RSA.

Needs help with similar assignment?

We are available 24x7 to deliver the best services and assignment ready within 3-4 hours? Order a custom-written, plagiarism-free paper

Get Answer Over WhatsApp Order Paper Now