IS 471 Policy Development and Security Issues
Lab 4 (Due October 22, 2014)
In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one.
Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation.
In ...view middle of the document...
1. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps.
2. Review the seven domains of a typical IT infrastructure (see Figure 1)
3. On your local computer, open a new Internet browser window.
4. In the address box of your Internet browser, type the URLhttp://www.continuitycompliance.org/security-policy-components-of-a-good-policy/ and press Enter to open the Web site.
5. Review the information to determine the components of an information systems security policy.
6. In your Lab Document, identify the major components of an information systems security policy.
7. Review the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure-servicing patients with life threatening situations and determine the IT Domain it best corresponds to:
Risks, Threats, and Vulnerabilities | Domain |
Unauthorized access from public Internet | |
Hacker penetrates IT infrastructure | |
Communication Circuit Outages | |
Workstation operating system (OS) has known software vulnerability | |
Unauthorized access to organization-owned data | |
Denial of service attack on an Organizations E-mail | |
Remote communications from home office | |
Workstation browser has a Software Vulnerability | |
Weak ingress/egress traffic filtering degrades performance | |
Wireless Local Area Network (WLAN) access points are needed for local area network (LAN) connectivity within a warehouse | |
User destroys data in application, deletes all files, and gains access to internal network | |
Fire destroys primary data center | |
Intraoffice employee romance gone bad | |
Loss of production data | |
Need to prevent rogue users from unauthorized WLAN access | |
LAN server OS has a known software vulnerability | |
User downloads an unkown email attachment | |
Service provider has a major network outage | |
Users inserts CD’s and USB drives with personal photos, music, and videos on organization-owned computers | |
Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router | |
7. Review the following table of risks, threats, and vulnerabilities that were found in a health care IT infrastructure-servicing patients with life threatening situations:
8. In the address box of your Internet browser, type the URLhttp://www.sans.org/security-resources/policies/Policy_Primer.pdf and press Enter to open the Web site.
9. Read the SANS Institute’s document, “A Short Primer for Developing Security Policies.”
10. In your Lab Document, define what a policy is according to the SANS Institute.
Note: It is important to understand how and why a policy differs from a standard, a procedure, and a guideline. From the top down, the policy should not change or need modification unless a major shift in corporate values or...