Unit 5 Assignment 1: Testing and Monitoring Security Controls Learning Objectives and Outcomes ?You will learn to recognize security events and baseline anomalies that might indicate suspicious activity. ?You will learn to identify policy violations and security breaches and to appropriately monitor threats and control activity across the network. Assignment Requirements Refer to the handout Testing and Monitoring Security Controls. It contains information on security events or breaches and baseline anomalies. After studying the handout, answer the following questions: Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. ?Given a list of policy violations and security breaches, select three breaches, and consider the best options for controlling and monitoring each incident. Identify the methods to mitigate risk and minimize exposure to threats or vulnerabilities. Required Resources Worksheet: Testing and Monitoring Security Controls Submission Requirements ?Format: Microsoft Word ?Font: Arial, Size 12, Double-Space ?Length: 1–2 pages ?Due By: Unit 6 Self-Assessment Checklist I have identified at least two security events and baseline anomalies. ?I have indicated the best options for controlling and monitoring three of the policy violations and security breaches from the list. ?I have identified the methods to mitigate risk and to minimize exposure to threats or vulnerabilities. Unit 5 Assignment 2: Define an Acceptable Use Policy (AUP) Learning Objectives and Outcomes ?You will learn to successfully identify inappropriate activity on a network and to develop a basic AUP that describes the handling of such incidents.
Assignment Requirements Richman Investments requires the enforcement of strict ingress-egress filtering policies for network traffic. Certain traffic is expressly forbidden: ? No peer-to-peer file sharing or externally reachable file transfer protocol (FTP) servers ? No downloading executables from known software sites ?No unauthorized redistribution of licensed or copyrighted material ? No exporting internal software or technical material in violation of export control laws ? No introduction of malicious programs into networks or onto systems ?
No accessing unauthorized internal resources or information from external sources ? No port scanning or data interception on the network ?No denying service or circumventing authentication to legitimate users ? No using programs, scripts, or commands to interfere with other network users ? No sending unsolicited e-mail messages or junk mail to company recipients ? No accessing adult content from company resources ?No remote connections from systems failing to meet minimum security requirements
Define a LAN-to-WAN, Internet, and Web surfing AUP that restricts usage of the company’s Internet connection and permits the company to monitor usage of the corporate Internet connection. Carefully evaluate the implications of each policy and how implementations might impact the IT infrastructure, both positively and negatively. Weigh the benefits and the disadvantages of each method. Consider whether or not a proposed solution causes an interruption to the legitimate users and how it might bring security at the expense of preventing a perfectly legitimate activity.
Required Resources ?None Submission Requirements ?Format: Microsoft Word ?Font: Arial, Size 12, Double-Space ?Citation Style: Chicago Manual of Style ?Length: 1–2 pages ?Due By: Unit 6 Self-Assessment Checklist ?I have defined an effective LAN-to-WAN, Internet, and Web surfing AUP. ?I have evaluated the implications of each policy. ?I have carefully considered the benefits and disadvantages of each policy enforcement control. ?I have proposed strong ideas for acceptable and unacceptable resource usage.
0 comments