SlideShare a Scribd company logo

Many companies and agencies conduct IT audits to test and assess the.docx

Download as DOCX, PDF
T
tienboileau

The document outlines the process for conducting IT audits to assess security controls and compliance with regulations such as FISMA and COBIT. It details a project involving the creation of a Security Assessment Report (SAR) and an executive briefing, consisting of six steps including conducting a security analysis, determining a defense strategy, planning penetration testing, and completing a risk management cost-benefit analysis. The final deliverables should include a comprehensive 12-page SAR and a 3-5 slide presentation for executives.

Education
1 of 9
Download to read offline
1
2
3
4
5
6
7
8
9
Many companies and agencies conduct IT audits to test and assess the rigor of IT security controls in order to mitigate risks to IT networks. Such audits meet compliance mandates by regulatory organizations. Federal IT systems follow Federal Information System Management Act (FISMA) guidelines and report security compliance to US-CERT, the United States Computer Emergency Readiness Team, which handles defense and response to cyberattacks as part of the Department of Homeland Security. In addition, the Control Objective for Information Technology (COBIT) is a set of IT security guidelines that provides a framework for IT security for IT systems in the commercial sector. These audits are comprehensive and rigorous, and negative findings can lead to significant fines and other penalties. Therefore, industry and federal entities conduct internal self- audits in preparation for actual external IT audits, and compile security assessment reports. In this project, you will develop a 12-page written security assessment report and executive briefing (slide presentation) for a company and submit the report to the leadership of that company. There are six steps to complete the project. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than three weeks to complete. Begin with the workplace scenario, and then continue to Step 1. Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security
analysis baseline of the IT systems, which will include a data- flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: Security requirements and goals for the preliminary security baseline activity. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you: What are the security risks and concerns? What are ways to get real-time understanding of the security posture at any time?
How regularly should the security of the enterprise network be tested, and what type of tests should be used? What are the processes in play, or to be established to respond to an incident? Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? Operating systems, servers, network management systems. data in transit vulnerabilities
endpoint access vulnerabilities external storage vulnerabilities virtual private network vulnerabilities media access control vulnerabilities ethernet vulnerabilities Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include: remediation mitigation countermeasure recovery
Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment , and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing).
Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE). Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture.
Black box testing is performed with little or no information about the network and organization. To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network. Your assessments within the lab will be reported in the SAR. Complete This Lab Here are some resources that will help you complete the lab: Accessing the Virtual Lab Environment: Navigating the Workspace and the Lab Setup . Review the Workspace and Lab Machine Environment Tutorial Lab Instructions: Penetration Testing Lab Step 5: Complete a Risk Management Cost Benefit Analysis You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.
When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR. As part of the final assignment, remember that you will need to create a slide presentation as part of the executive briefing, and submit that along with the SAR.Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows: Executive briefing: A three- to five-slide visual presentation for business executives and board members. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations. Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows:
Executive briefing: A three- to five-slide visual presentation for business executives and board members. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations.

More Related Content

DOCX
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
DOC
Cst 630 Enhance teaching / snaptutorial.com
Baileyabw
 
DOCX
CST 630 Effective Communication - snaptutorial.com
donaldzs8
 
DOC
Cst 630 Inspiring Innovation--tutorialrank.com
PrescottLunt385
 
PDF
Cst 630 Education Organization-snaptutorial.com
robertlesew6
 
DOCX
Cst 630Education Specialist / snaptutorial.com
McdonaldRyan79
 
PDF
Cst 630 Believe Possibilities / snaptutorial.com
Davis11a
 
DOCX
CST 630 Exceptional Education - snaptutorial.com
DavisMurphyA97
 
CST 630 RANK Redefined Education--cst630rank.com
claric241
 
Cst 630 Enhance teaching / snaptutorial.com
Baileyabw
 
CST 630 Effective Communication - snaptutorial.com
donaldzs8
 
Cst 630 Inspiring Innovation--tutorialrank.com
PrescottLunt385
 
Cst 630 Education Organization-snaptutorial.com
robertlesew6
 
Cst 630Education Specialist / snaptutorial.com
McdonaldRyan79
 
Cst 630 Believe Possibilities / snaptutorial.com
Davis11a
 
CST 630 Exceptional Education - snaptutorial.com
DavisMurphyA97
 

Similar to Many companies and agencies conduct IT audits to test and assess the.docx (20)

PDF
CST 630 RANK Remember Education--cst630rank.com
chrysanthemu49
 
DOCX
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
DOCX
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
PDF
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 
PDF
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
DOCX
CST 630 RANK Achievement Education--cst630rank.com
kopiko147
 
DOC
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
DOC
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
DOC
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
DOCX
College of Administrative and Financial SciencesAssignment 1.docx
mccormicknadine86
 
DOCX
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
DOCX
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
taitcandie
 
PPT
Cyber crime with privention
Manish Dixit Ceh
 
PPTX
Phi 235 social media security users guide presentation
Alan Holyoke
 
PDF
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
PPT
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
DOCX
ISE 620 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
PPTX
Database development and security certification and accreditation plan pitwg
John M. Kennedy
 
DOCX
CYB610 Project Common computing platforms.docx
write5
 
PPTX
Security Baselines and Risk Assessments
Priyank Hada
 
CST 630 RANK Remember Education--cst630rank.com
chrysanthemu49
 
CST 630 RANK Inspiring Innovation--cst630rank.com
KeatonJennings104
 
CST 630 RANK Educational Specialist--cst630rank.com
VSNaipaul15
 
CST 630 RANK Become Exceptional--cst630rank.com
agathachristie113
 
CST 630 RANK Introduction Education--cst630rank.com
agathachristie266
 
CST 630 RANK Achievement Education--cst630rank.com
kopiko147
 
Cst 630 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 630 Extraordinary Success/newtonhelp.com
amaranthbeg113
 
Cst 630 Education is Power/newtonhelp.com
amaranthbeg73
 
College of Administrative and Financial SciencesAssignment 1.docx
mccormicknadine86
 
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
taitcandie
 
Cyber crime with privention
Manish Dixit Ceh
 
Phi 235 social media security users guide presentation
Alan Holyoke
 
Today's Cyber Challenges: Methodology to Secure Your Business
JoAnna Cheshire
 
M Kamens Iia Financial Services Presentation At Disney
kamensm02
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
christiandean12115
 
Database development and security certification and accreditation plan pitwg
John M. Kennedy
 
CYB610 Project Common computing platforms.docx
write5
 
Security Baselines and Risk Assessments
Priyank Hada
 

More from tienboileau (20)

DOCX
MAT308Chapter 10 Test (75 Points)Show You Work!(1) The mean .docx
tienboileau
 
DOCX
Masters level forum Compare and contrast what President Woodrow .docx
tienboileau
 
DOCX
Martin Wolf MARCH 24 2020 The coronavirus seeks only t.docx
tienboileau
 
DOCX
Mass movementChoose oneA.  happens only when the slope .docx
tienboileau
 
DOCX
Marys one year old daughter is due to be given the Measles, Mum.docx
tienboileau
 
DOCX
Masaccio, Trinity, Santa Maria Novella, Florence, 1426-27.docx
tienboileau
 
DOCX
Matthew Shepard Was Killed Due To His Sexual Orientation. Defend, Ch.docx
tienboileau
 
DOCX
MBA 665 Final Project Milestone Three Guidelines and Rubric .docx
tienboileau
 
DOCX
max 200 words due in 2 hoursSummarize the article by parap.docx
tienboileau
 
DOCX
MBA 599 – Strategic Management Case Project This capsto.docx
tienboileau
 
DOCX
MBA 640 Final Project Milestone Two Guidelines and Rubric .docx
tienboileau
 
DOCX
Mary and Elmer’s fifth child, Melvin, was born 6 weeks prematurely a.docx
tienboileau
 
DOCX
Maryland Technology Consultants is a fictitious company create.docx
tienboileau
 
DOCX
Martha Rogers’ Science of Unitary Human BeingsFOR THE THEORY CRI.docx
tienboileau
 
DOCX
Materials for Your Works Cited PagesNOTE When you are writing.docx
tienboileau
 
DOCX
MasubenPrivate equity firm can be very helpful for a company’s g.docx
tienboileau
 
DOCX
MATH 114Discussion Board Forum 2 PromptPlease also pay close a.docx
tienboileau
 
DOCX
MaterialsGeology.com (httpsgeology.comrocks) as .docx
tienboileau
 
DOCX
Master75.18473.416-216.822-62.774-98.972229103.995-200225121Pref.docx
tienboileau
 
DOCX
MAT 308 Test 1 Chapters 6 & 7(170 Total Points)Show All Work!.docx
tienboileau
 
MAT308Chapter 10 Test (75 Points)Show You Work!(1) The mean .docx
tienboileau
 
Masters level forum Compare and contrast what President Woodrow .docx
tienboileau
 
Martin Wolf MARCH 24 2020 The coronavirus seeks only t.docx
tienboileau
 
Mass movementChoose oneA.  happens only when the slope .docx
tienboileau
 
Marys one year old daughter is due to be given the Measles, Mum.docx
tienboileau
 
Masaccio, Trinity, Santa Maria Novella, Florence, 1426-27.docx
tienboileau
 
Matthew Shepard Was Killed Due To His Sexual Orientation. Defend, Ch.docx
tienboileau
 
MBA 665 Final Project Milestone Three Guidelines and Rubric .docx
tienboileau
 
max 200 words due in 2 hoursSummarize the article by parap.docx
tienboileau
 
MBA 599 – Strategic Management Case Project This capsto.docx
tienboileau
 
MBA 640 Final Project Milestone Two Guidelines and Rubric .docx
tienboileau
 
Mary and Elmer’s fifth child, Melvin, was born 6 weeks prematurely a.docx
tienboileau
 
Maryland Technology Consultants is a fictitious company create.docx
tienboileau
 
Martha Rogers’ Science of Unitary Human BeingsFOR THE THEORY CRI.docx
tienboileau
 
Materials for Your Works Cited PagesNOTE When you are writing.docx
tienboileau
 
MasubenPrivate equity firm can be very helpful for a company’s g.docx
tienboileau
 
MATH 114Discussion Board Forum 2 PromptPlease also pay close a.docx
tienboileau
 
MaterialsGeology.com (httpsgeology.comrocks) as .docx
tienboileau
 
Master75.18473.416-216.822-62.774-98.972229103.995-200225121Pref.docx
tienboileau
 
MAT 308 Test 1 Chapters 6 & 7(170 Total Points)Show All Work!.docx
tienboileau
 

Recently uploaded (20)

PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PDF
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PPTX
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
PDF
Pre independence Education in Inndia.pdf
goofy5603
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
Mark Klimek Lecture Notes_240423 revision books _173037.pdf
pascalgumisiriza1
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Anesthesia in Laparoscopic Surgery in India
mohitsuren827
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
01-Introduction-to-Information-Management.pdf
PrinceIbarra
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Introduction to Child Health Nursing – Unit I | Child Health Nursing I | B.Sc...
RAKESH SAJJAN
 
Pre independence Education in Inndia.pdf
goofy5603
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Cell Types and Its function , kingdom of life
ClaireMangundayao1
 

Many companies and agencies conduct IT audits to test and assess the.docx

  • 1. Many companies and agencies conduct IT audits to test and assess the rigor of IT security controls in order to mitigate risks to IT networks. Such audits meet compliance mandates by regulatory organizations. Federal IT systems follow Federal Information System Management Act (FISMA) guidelines and report security compliance to US-CERT, the United States Computer Emergency Readiness Team, which handles defense and response to cyberattacks as part of the Department of Homeland Security. In addition, the Control Objective for Information Technology (COBIT) is a set of IT security guidelines that provides a framework for IT security for IT systems in the commercial sector. These audits are comprehensive and rigorous, and negative findings can lead to significant fines and other penalties. Therefore, industry and federal entities conduct internal self- audits in preparation for actual external IT audits, and compile security assessment reports. In this project, you will develop a 12-page written security assessment report and executive briefing (slide presentation) for a company and submit the report to the leadership of that company. There are six steps to complete the project. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than three weeks to complete. Begin with the workplace scenario, and then continue to Step 1. Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security
  • 2. analysis baseline of the IT systems, which will include a data- flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: Security requirements and goals for the preliminary security baseline activity. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you: What are the security risks and concerns? What are ways to get real-time understanding of the security posture at any time?
  • 3. How regularly should the security of the enterprise network be tested, and what type of tests should be used? What are the processes in play, or to be established to respond to an incident? Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? Operating systems, servers, network management systems. data in transit vulnerabilities
  • 4. endpoint access vulnerabilities external storage vulnerabilities virtual private network vulnerabilities media access control vulnerabilities ethernet vulnerabilities Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include: remediation mitigation countermeasure recovery
  • 5. Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment , and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing).
  • 6. Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE). Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture.
  • 7. Black box testing is performed with little or no information about the network and organization. To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network. Your assessments within the lab will be reported in the SAR. Complete This Lab Here are some resources that will help you complete the lab: Accessing the Virtual Lab Environment: Navigating the Workspace and the Lab Setup . Review the Workspace and Lab Machine Environment Tutorial Lab Instructions: Penetration Testing Lab Step 5: Complete a Risk Management Cost Benefit Analysis You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.
  • 8. When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR. As part of the final assignment, remember that you will need to create a slide presentation as part of the executive briefing, and submit that along with the SAR.Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows: Executive briefing: A three- to five-slide visual presentation for business executives and board members. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations. Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows:
  • 9. Executive briefing: A three- to five-slide visual presentation for business executives and board members. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations.