SlideShare a Scribd company logo

Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

Download as DOCX, PDF
C
cockekeshia

The document outlines the compliance and auditing requirements for information security systems within LAN and WAN environments, emphasizing the importance of implementing security controls based on regulations and best practices. It describes the structure and components of networks, the necessity for service level agreements when outsourcing, and Tidewater LLC's specific needs for establishing its IT department. The document also tasks the auditor with developing a control sheet based on NIST 800-53a to enhance security and compliance for the organization.

Education
1 of 7
Download to read offline
1
2
3
4
5
6
7
Week 7 Worksheet 4: LAN/WAN Compliance and Auditing Course Learning Outcome(s) · Analyze information security systems compliance requirements within the Workstation and LAN Domains. · Design and implement ISS compliance within the LAN-to- WAN and WAN domains with an appropriate framework. As auditors, we presume that no data produced on a computer is 100% secure regardless of whether it’s a standalone device or connected to a local area network (LAN) or a wide area network (WAN). Organizations implement controls, which are developed and implemented based on regulations and best security practices. Security is implemented throughout an organizations enterprise – from the host the user sits and throughout the devices data traverses or is stored. Here’s an example of a basic enterprise and the security controls that may be implemented. Remember, controls can be physical or logical devices, software or encryption. Host – A host is a computer, tablet or other device that a user interfaces with to perform a function. The device you’re reading this on is a host. The security controls that could be implemented onto a host include a Host Based Intrusion Detection Systems (HIDS), Host Based Intrusion Prevention System (HIPS), a software Firewall, and Antivirus protection. Policy controls implemented on a host include Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Login requirements, lockout settings and others that restrict what a user can and can’t do while logged into a host and software to manage (allow and deny) policies electronically (ePo). Local Area Network – Think of a LAN as an internal network
used by an organization that allows user to execute functions using various applications and storage while also having the ability to connect to other organizations using the Internet or Virtual Private Networks (VPN’s). A host connects to a switch and data is routed to a router where it either access systems on the LAN or to a router where it’s going to exchange data with another LAN or WAN. The devices that comprise a LAN and WAN are similar with a difference in that a WAN is built to a much larger scale. As stated, in a network, there are many devices, servers, switches, routers, storage, Call Managers (for VoIP communications), firewalls, web content filters, security appliances that manage Network Intrusion Detection Systems (NIDS), Network Intrusion Prevention Systems (NIPS) and other organization unique systems. Often as a cost savings measure, services such as security, web content filtering, storage, IP telephony, Software licensing (SaaS) and others can be outsourced to a third party vendor. An agreement is made between the organization and the vendor on the expected requirements and documented in the contract. These requirements are known as Service Level Agreements (SLA).At no point does an organization relieve itself of regulatory requirements for data protection by contracting it out to a third party or organization external to itself. Regulatory controls must be incorporated into the SLA’s and audited by the company contracting services out to ensure compliance. Repercussions for not meeting SLA requirements should also be included in the SLA. Read the scenario below and complete the associated worksheet. Tidewater LLC is an organization that produces and sells apparel for men, women and children online. The company has grown 70% over the past 2 years and is building a new facility to support the continued growth. All current services with the exception of managing their website are hosted by various third party vendors. Because of the growth, the leadership within the organization has not been able to validate compliance of the SLA’s and feel that the vendors do not have the best interest of
Tidewater LLC in mind. Currently, there is a CIO and web developer acting as the IT staff. Tidewater LLC is in the process of recovering all IT services into the server facility being housed in their new facility. Tidewater LLC wishes establish and staff an IT department with a system administrator, network administrator, two general technicians, cyber security specialist and a full time system auditor. The new office is a 2000sqft open office with the server room located in an adjacent room. Hardware supporting the organizations IT services include 100 desktop computers supporting the staff, network switches, routers, a firewall, Maciffy Security Appliance to provide intrusion detection, prevention and antivirus protection, Network Attached Storage (NAS) for users to have a home drive as well as a shared networked drive for collaboration and sharing, an IIS server for website management and a call manager for VoIP. Wi-Fi access points will be added as the network installation progresses. Email will be managed by an exchange server. The only service outsourced is a100mbps connection for Internet and VPN’s between the organization and its suppliers. Current employees are assigned desk with computer. There are no prerequisite requirements such as training for users to have accounts created. All data is stored by a third party vendor in a shared environment. No controls are implemented to prevent any user from accessing any other user’s files or folders. You’ve been retained as an organizations auditor and your first task is to determine what controls need to be implemented so that the organization achieves a high level of sustained security and compliance. Utilizing the NIST 800-53A, develop a control sheet that the organization should implement and will not impede with the organization’s mission. This control sheet should encompass controls that apply to the users and systems within the organization. You will brief these controls to the CEO and CIO and explain why you choose these controls and any impact it will have to the organization.
From the Access Control (AC) family of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Security Awareness and Training Policy and Procedures (AT) of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Audit and Control (AU) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
From the Configuration Management (CM) section of the NIST 800-53A, select four controls you would recommend be implemented. Control Definition Why Chosen From the Security Assessment and Authorization (CA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
From the Contingency Planning (CP) section of the NIST 800- 53A, select two controls you would recommend be implemented. Control Definition Why Chosen From the Identification and Authentication Policy and Procedures (IA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

More Related Content

DOCX
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
griffinruthie22
 
DOC
Uop cis 349 week 8 assignment 4 designing compliance within the lan towan domain
eyavagal
 
DOC
Uop cis 349 week 8 assignment 4 designing compliance within the lan towan domain
uopassignment
 
DOCX
Imagine you are an Information Systems Security Officer for a medium.docx
gordienaysmythe
 
PDF
IAS1-FINALS.pdf for bsit students who are studying information technology
LesbertBayanay
 
RTF
Case Problem for Global Finance, Inc.
David Bustin
 
DOCX
Assignment 1 Designing Compliance within the LAN-to-WAN DomainN.docx
carlibradley31429
 
DOCX
Designing Compliance within the LAN-to-WAN DomainNote Rev
emersonpearline
 
Worksheet 4 LANWAN Compliance and Auditinglook on the docume.docx
griffinruthie22
 
Uop cis 349 week 8 assignment 4 designing compliance within the lan towan domain
eyavagal
 
Uop cis 349 week 8 assignment 4 designing compliance within the lan towan domain
uopassignment
 
Imagine you are an Information Systems Security Officer for a medium.docx
gordienaysmythe
 
IAS1-FINALS.pdf for bsit students who are studying information technology
LesbertBayanay
 
Case Problem for Global Finance, Inc.
David Bustin
 
Assignment 1 Designing Compliance within the LAN-to-WAN DomainN.docx
carlibradley31429
 
Designing Compliance within the LAN-to-WAN DomainNote Rev
emersonpearline
 

Similar to Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx (20)

PDF
Unit v
bharatnaruka90
 
PPTX
DOC-20250530-WA0008.pptx.................
salmannawaz6566504
 
PDF
Cyber security for manufacturers umuc cadf-ron mcfarland
Highervista
 
PPTX
Cyber Risks Implementation on an IP MPLS Network
Gabriel E Ozique
 
DOCX
Note Review the page requirements and formatting instructions for.docx
juliennehar
 
DOCX
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
PPTX
2016 01-05 csr css non-confidential slide deck
Richard (Dick) Kaufman
 
DOC
Cst 610 Motivated Minds/newtonhelp.com
amaranthbeg53
 
DOC
Cst 610 Education is Power/newtonhelp.com
amaranthbeg73
 
DOC
Cst 610 Your world/newtonhelp.com
amaranthbeg93
 
PPTX
CompTIA Security+ Chapter Four Review
DCPS
 
DOCX
OverviewYou have been hired as an auditor for a local univer.docx
aman341480
 
DOCX
Note Review the page requirements and formatting  instruction.docx
poulterbarbara
 
PDF
FixNix vCISO CyberSecurity Network Security for Covid91
Shanmugavel Sankaran
 
PDF
1 info sec+risk-mgmt
madunix
 
PDF
BAIT1103 Chapter 1
limsh
 
PPTX
abc.pptx
BhargaviGorde1
 
PPT
Top Tactics For Endpoint Security
Ben Rothke
 
PDF
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
DOCX
Note Review the page requirements and formatting instructions for.docx
carlibradley31429
 
Unit v
bharatnaruka90
 
DOC-20250530-WA0008.pptx.................
salmannawaz6566504
 
Cyber security for manufacturers umuc cadf-ron mcfarland
Highervista
 
Cyber Risks Implementation on an IP MPLS Network
Gabriel E Ozique
 
Note Review the page requirements and formatting instructions for.docx
juliennehar
 
Running Head CYBERSECURITY FRAMEWORK1CYBERSECURITY FRAMEWORK.docx
healdkathaleen
 
2016 01-05 csr css non-confidential slide deck
Richard (Dick) Kaufman
 
Cst 610 Motivated Minds/newtonhelp.com
amaranthbeg53
 
Cst 610 Education is Power/newtonhelp.com
amaranthbeg73
 
Cst 610 Your world/newtonhelp.com
amaranthbeg93
 
CompTIA Security+ Chapter Four Review
DCPS
 
OverviewYou have been hired as an auditor for a local univer.docx
aman341480
 
Note Review the page requirements and formatting  instruction.docx
poulterbarbara
 
FixNix vCISO CyberSecurity Network Security for Covid91
Shanmugavel Sankaran
 
1 info sec+risk-mgmt
madunix
 
BAIT1103 Chapter 1
limsh
 
abc.pptx
BhargaviGorde1
 
Top Tactics For Endpoint Security
Ben Rothke
 
CNIT 160: Ch 2b: Security Strategy Development
Sam Bowne
 
Note Review the page requirements and formatting instructions for.docx
carlibradley31429
 

More from cockekeshia (20)

DOCX
at least 2 references in each peer responses! I noticed .docx
cockekeshia
 
DOCX
At least 2 pages longMarilyn Lysohir, an internationally celebra.docx
cockekeshia
 
DOCX
At least 2 citations. APA 7TH EditionResponse 1. TITop.docx
cockekeshia
 
DOCX
At each decision point, you should evaluate all options before selec.docx
cockekeshia
 
DOCX
At an elevation of nearly four thousand metres above sea.docx
cockekeshia
 
DOCX
At a minimum, your outline should include the followingIntroducti.docx
cockekeshia
 
DOCX
At least 500 wordsPay attention to the required length of these.docx
cockekeshia
 
DOCX
At a generic level, innovation is a core business process concerned .docx
cockekeshia
 
DOCX
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
cockekeshia
 
DOCX
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
cockekeshia
 
DOCX
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
cockekeshia
 
DOCX
Astronomers have been reflecting laser beams off the Moon since refl.docx
cockekeshia
 
DOCX
Astrategicplantoinformemergingfashionretailers.docx
cockekeshia
 
DOCX
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docx
cockekeshia
 
DOCX
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
cockekeshia
 
DOCX
Assumption-Busting1. What assumption do you have that is in s.docx
cockekeshia
 
DOCX
Assuming you have the results of the Business Impact Analysis and ri.docx
cockekeshia
 
DOCX
Assuming you are hired by a corporation to assess the market potenti.docx
cockekeshia
 
DOCX
Assuming that you are in your chosen criminal justice professi.docx
cockekeshia
 
DOCX
assuming that Nietzsche is correct that conventional morality is aga.docx
cockekeshia
 
at least 2 references in each peer responses! I noticed .docx
cockekeshia
 
At least 2 pages longMarilyn Lysohir, an internationally celebra.docx
cockekeshia
 
At least 2 citations. APA 7TH EditionResponse 1. TITop.docx
cockekeshia
 
At each decision point, you should evaluate all options before selec.docx
cockekeshia
 
At an elevation of nearly four thousand metres above sea.docx
cockekeshia
 
At a minimum, your outline should include the followingIntroducti.docx
cockekeshia
 
At least 500 wordsPay attention to the required length of these.docx
cockekeshia
 
At a generic level, innovation is a core business process concerned .docx
cockekeshia
 
Asymmetric Cryptography•Description of each algorithm•Types•Encrypt.docx
cockekeshia
 
Astronomy HWIn 250-300 words,What was Aristarchus idea of the.docx
cockekeshia
 
Astronomy ASTA01The Sun and PlanetsDepartment of Physic.docx
cockekeshia
 
Astronomers have been reflecting laser beams off the Moon since refl.docx
cockekeshia
 
Astrategicplantoinformemergingfashionretailers.docx
cockekeshia
 
Asthma, Sleep, and Sun-SafetyPercentage of High School S.docx
cockekeshia
 
Asthma DataSchoolNumStudentIDGenderZipDOBAsthmaRADBronchitisWheezi.docx
cockekeshia
 
Assumption-Busting1. What assumption do you have that is in s.docx
cockekeshia
 
Assuming you have the results of the Business Impact Analysis and ri.docx
cockekeshia
 
Assuming you are hired by a corporation to assess the market potenti.docx
cockekeshia
 
Assuming that you are in your chosen criminal justice professi.docx
cockekeshia
 
assuming that Nietzsche is correct that conventional morality is aga.docx
cockekeshia
 

Recently uploaded (20)

PPTX
Lesson notes of climatology university.
sgladness67
 
PPTX
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
PDF
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
PPTX
Pharma ospi slides which help in ospi learning
rameetkumar304
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PDF
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PDF
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
PDF
Trump Administration's workforce development strategy
Mebane Rash
 
PPTX
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PPTX
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 
Lesson notes of climatology university.
sgladness67
 
Tissue processing ( HISTOPATHOLOGICAL TECHNIQUE
mathiasmelwyn7
 
Complications of Minimal Access Surgery at WLH
mohitsuren827
 
Pharma ospi slides which help in ospi learning
rameetkumar304
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Microbial disease of the cardiovascular and lymphatic systems
KeyaSharma
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
OBE - B.A.(HON'S) IN INTERIOR ARCHITECTURE -Ar.MOHIUDDIN.pdf
ArchitectAFMMohiuddi
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Chinmaya Tiranga quiz Grand Finale.pdf
Nitin Suresh
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
A systematic review of self-coping strategies used by university students to ...
CleeveMoralde1
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
202450812 BayCHI UCSC-SV 20250812 v17.pptx
home
 
Trump Administration's workforce development strategy
Mebane Rash
 
Pharmacology of Heart Failure /Pharmacotherapy of CHF
Rajshri Ghogare
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
GDM (1) (1).pptx small presentation for students
shrawanbpkihs
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
A GUIDE TO GENETICS FOR UNDERGRADUATE MEDICAL STUDENTS
DrBincy A. S
 

Week 7Worksheet 4 LANWAN Compliance and AuditingCourse L.docx

  • 1. Week 7 Worksheet 4: LAN/WAN Compliance and Auditing Course Learning Outcome(s) · Analyze information security systems compliance requirements within the Workstation and LAN Domains. · Design and implement ISS compliance within the LAN-to- WAN and WAN domains with an appropriate framework. As auditors, we presume that no data produced on a computer is 100% secure regardless of whether it’s a standalone device or connected to a local area network (LAN) or a wide area network (WAN). Organizations implement controls, which are developed and implemented based on regulations and best security practices. Security is implemented throughout an organizations enterprise – from the host the user sits and throughout the devices data traverses or is stored. Here’s an example of a basic enterprise and the security controls that may be implemented. Remember, controls can be physical or logical devices, software or encryption. Host – A host is a computer, tablet or other device that a user interfaces with to perform a function. The device you’re reading this on is a host. The security controls that could be implemented onto a host include a Host Based Intrusion Detection Systems (HIDS), Host Based Intrusion Prevention System (HIPS), a software Firewall, and Antivirus protection. Policy controls implemented on a host include Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Login requirements, lockout settings and others that restrict what a user can and can’t do while logged into a host and software to manage (allow and deny) policies electronically (ePo). Local Area Network – Think of a LAN as an internal network
  • 2. used by an organization that allows user to execute functions using various applications and storage while also having the ability to connect to other organizations using the Internet or Virtual Private Networks (VPN’s). A host connects to a switch and data is routed to a router where it either access systems on the LAN or to a router where it’s going to exchange data with another LAN or WAN. The devices that comprise a LAN and WAN are similar with a difference in that a WAN is built to a much larger scale. As stated, in a network, there are many devices, servers, switches, routers, storage, Call Managers (for VoIP communications), firewalls, web content filters, security appliances that manage Network Intrusion Detection Systems (NIDS), Network Intrusion Prevention Systems (NIPS) and other organization unique systems. Often as a cost savings measure, services such as security, web content filtering, storage, IP telephony, Software licensing (SaaS) and others can be outsourced to a third party vendor. An agreement is made between the organization and the vendor on the expected requirements and documented in the contract. These requirements are known as Service Level Agreements (SLA).At no point does an organization relieve itself of regulatory requirements for data protection by contracting it out to a third party or organization external to itself. Regulatory controls must be incorporated into the SLA’s and audited by the company contracting services out to ensure compliance. Repercussions for not meeting SLA requirements should also be included in the SLA. Read the scenario below and complete the associated worksheet. Tidewater LLC is an organization that produces and sells apparel for men, women and children online. The company has grown 70% over the past 2 years and is building a new facility to support the continued growth. All current services with the exception of managing their website are hosted by various third party vendors. Because of the growth, the leadership within the organization has not been able to validate compliance of the SLA’s and feel that the vendors do not have the best interest of
  • 3. Tidewater LLC in mind. Currently, there is a CIO and web developer acting as the IT staff. Tidewater LLC is in the process of recovering all IT services into the server facility being housed in their new facility. Tidewater LLC wishes establish and staff an IT department with a system administrator, network administrator, two general technicians, cyber security specialist and a full time system auditor. The new office is a 2000sqft open office with the server room located in an adjacent room. Hardware supporting the organizations IT services include 100 desktop computers supporting the staff, network switches, routers, a firewall, Maciffy Security Appliance to provide intrusion detection, prevention and antivirus protection, Network Attached Storage (NAS) for users to have a home drive as well as a shared networked drive for collaboration and sharing, an IIS server for website management and a call manager for VoIP. Wi-Fi access points will be added as the network installation progresses. Email will be managed by an exchange server. The only service outsourced is a100mbps connection for Internet and VPN’s between the organization and its suppliers. Current employees are assigned desk with computer. There are no prerequisite requirements such as training for users to have accounts created. All data is stored by a third party vendor in a shared environment. No controls are implemented to prevent any user from accessing any other user’s files or folders. You’ve been retained as an organizations auditor and your first task is to determine what controls need to be implemented so that the organization achieves a high level of sustained security and compliance. Utilizing the NIST 800-53A, develop a control sheet that the organization should implement and will not impede with the organization’s mission. This control sheet should encompass controls that apply to the users and systems within the organization. You will brief these controls to the CEO and CIO and explain why you choose these controls and any impact it will have to the organization.
  • 4. From the Access Control (AC) family of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Security Awareness and Training Policy and Procedures (AT) of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen From the Audit and Control (AU) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
  • 5. From the Configuration Management (CM) section of the NIST 800-53A, select four controls you would recommend be implemented. Control Definition Why Chosen From the Security Assessment and Authorization (CA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen
  • 6. From the Contingency Planning (CP) section of the NIST 800- 53A, select two controls you would recommend be implemented. Control Definition Why Chosen From the Identification and Authentication Policy and Procedures (IA) section of the NIST 800-53A, select three controls you would recommend be implemented. Control Definition Why Chosen