Use NIST SP 800-53 for all questions related to security controls.
1. Sarbanes-O
Use NIST SP 800-53 for all questions related to security controls.
1. Sarbanes-Oxley contains 11 titles that describe specific mandates and requirements for financial reporting. Which title enforces IT security controls and explain how these controls can be implemented to protect banking assets. 2. Describe the critical success factors in implementing an efficient and effective information security risk assessment program. 3. The GAO Report, Information Security Risk Assessment, identified three methods of conducting and documenting the assessment. These three methods were discussed in class. Using the information from the case study provided below identify the pertinent threats, vulnerabilities, and recommended countermeasures using one of the risk assessment methods from the GAO Report. Case Study: Recently, the Department of Veteran’s Affairs reported that an employee took a laptop computer home that contained records of millions of veterans. The computer was stolen. You were hired as an outside consultant to conduct a risk assessment and present the results to the Department’s Chief Information Security Officer so she can prepare for a Congressional testimony.
4. Based on previous discussions in class/online about FISMA security controls, answer the following questions:
a. Your IT enterprise is comprised of both host-based and network-based IDSs, application gateway firewalls, and VPN-enabled applications to support its sales department. Identify the security controls that each technology implements and explain how these controls support confidentiality, integrity, and availability. b. Identify the appropriate security controls that apply to an organization that has medical applications. Specifically, identify 5 security controls and explain (1-2 paragraphs) how these controls help mitigate the risk of inadvertent disclosure of personal information, modification of data, or the availability of data. c. You report to the CIO for a large financial institution and he/she tasked you to develop procedures to implement 5 Access Control mechanisms for the IT systems. Explain (1-2 paragraphs for each mechanism) how you would implement each control.
5. Using the Security Target for Bioscriipt, Version 2.1.3 (Bioscriipt, Version 2.1.3 see attached document in BlackBoard), identify the relevant security features for logical and physical access, and identify how these features would support best security practices (e.g., FISMA, SOX, or HIPAA). Select 5 security controls. Additionally, explain how these security functional requirements protect inadvertent disclosure of information, modification of data, and/or the availability of data.
6. Explain which NIST security controls enforce the Principle of Least Privilege. 7. Port scanning allows a user to sequentially probe a number of ports on a target system in order to see if there is a service that is listening. Explain how effective packet filtering can deter scanning probes from devices like FIN scanners.
Leave a Reply