Conduct a partial as-is audit of the healthy body wellness

Assignment Help Computer Network Security
Reference no: EM131202615

Task Sheet

TASK SCENARIO:

An information security management system (ISMS) represents a systematic approach to designing, implementing, maintaining, and auditing an organization's information system security objectives. As with any process, if an ISMS is not continually monitored, its effectiveness will tend to deteriorate.

Most organizations perform important information security activities, but the majority of firms do not do so as part of an organization-wide initiative. When organizations place a strategic emphasis on a culture of securing their information assets, they increase the likelihood of maintaining control of their information assets, and they lower their risk of losing customers, market share, or other resources due to a breach in confidentiality, integrity, or availability of key business assets.

For this task you will be using the attached "Healthy Body Wellness Center Risk Assessment" case study. You will be required to conduct a partial as-is audit of the Healthy Body Wellness Center organization.

The idea behind using an as-is question set is to determine the current compliance levels and awareness of the organization's security posture. If you answer yes to a main category question, the questions that follow help outline the quality and detail of that question. The three key aspects of the question set are to determine if x has appropriate policies, procedures, and practices in place to adhere to ISO 27002 for the ISMS.

TASK:

A. Complete the attached "As-Is Question Set."

B. Develop two additional question categories for the "As-Is Question Set."

Note: You may consider your own industry, organization, or situation when developing your additional question categories.

1. Justify the inclusion of each additional question.

C. When you use sources, include all in-text citations and references in APA format.

Course Mentor Tips

For Part A -

- Complete the table. If the policy, procedure, or practice does not exist, provide justification as to why it is needed or why it should exist. If it does exist, give evidence (i.e., page number, brief description) where it is found in the risk assessment. Relate your justifications to the ISO 27002 standard.

NOTE: The idea behind using an as-is question set is to determine the current compliance levels and awareness of the organization's security posture. If you answer yes to a main category question, the questions that follow help outline the quality and detail of that question. The three key aspects of the question set are to determine if x has appropriate policies, procedures, and practices in place to adhere to ISO 27002 for the ISMS. Make sure to relate your justifications to the scenario.

For Part B -

- Create two additional question sets (The category and questions). Tip: Use two of the ISO 27002 controls. Create a policy, procedure and practice section for each question set. Include 2-3 questions under each section. Provide justification as to why the control is needed. Relate your justifications to ISO 27002. Also identify the category of your additional questions. For example, Access Control, Asset Management, etc.

As-Is Question Set

Question

If yes, page number

If no, justification

Policy

Does a policy that addresses the need for risk management exist?

Yes. Page 7 under the Purpose Section

 

Is the acceptable risk posture for the organization included in the policy?

No

The organization did not have a SSP for the SHGTS system. So they are not showing they are prepared to accept the risk of this application not being secure. An organization should be familiar with its risk posture in order to reduce risk from it achieving its business objectives. The risk posture helps an organization identify risk, and manage risk effectively. This helps to ensure the organization reduce the threats that can prevent it from achieving its business objectives.

Does the policy include details about a risk assessment?

Yes. Page 7 under the Background, Purpose, & Scope sections. These sections state that a risk assessment is limited to the SHGTS system so the other organization systems have already had risk assessment conducted.

 

Is there a section in the policy that includes multi-perspectives on risk including the following:

  • Threat
  • Asset
  • Vulnerability space
  • Business impact assessment

 

 

Is there a section in the policy that includes reporting results of risk assessments?

 

 

Is there a section in the policy that includes a remediation analysis report based on risk assessments (i.e., how to reduce risk or increase security posture)?

 

 

Procedures

Is there a procedure in existence that describes how to implement and enforce risk management policies?

 

 

Does the procedure include a breadth of scope? Does the breadth of scope include the following:

  • Threat
  • Asset
  • Vulnerability space
  • Business impact assessment

 

 

Does the procedure include depth of scope? Does the depth of scope include the following:

  • Interviews (asking)
  • Verification (seeing)
  • Validation (hands-on)

 

 

Practice

Does the organization practice the procedures described above?

 

 

Attachment:- Healthy Body Wellness Center Risk Assessment.pdf

Reference no: EM131202615

Questions Cloud

Estimate the energy needed to compress water isothermally : estimate the energy needed to compress the water isothermally. Answer: 29.4 J
Produces various chemical compounds for industrial use : Becton Labs, Inc., produces various chemical compounds for industrial use. One compound, called Fludex, is prepared using an elaborate distilling process. The company has developed standard costs for one unit of Fludex, as follows: Standard Quantity ..
What impact do polls have on elections today : What impact do polls have on elections today? - If you were a pollster and you had to survey 1,500 people in 24-hours, how might you do that in a way that would ensure maximum accuracy in your data?
What role does the crime control perspective play : How do you balance the ideals and principles set forth in the Constitution with the realities discussed in the articles presented to you? What role does the crime control perspective play in your thinking regarding the application of the Constituti..
Conduct a partial as-is audit of the healthy body wellness : You will be required to conduct a partial as-is audit of the Healthy Body Wellness Center organization - Create two additional question sets (The category and questions). Tip: Use two of the ISO 27002 controls. Create a policy, procedure and practi..
Determine the energy transfer by heat ke and pe : Two kg of refrigerant 134A undergoes a polytropic process in a piston-cylinder assembly from an initial state of saturated vapor at 2 bar to a final state of 12 bar, 80 C. Determine the work for the process. Also, determine the energy transfer by ..
No change in total variable costs or units sold : Yams Company reports the following operating results for the month of August: sales $350,000 (units 5,000), variable costs $248,000, and fixed costs $97,000. Management is considering the following independent courses of action to increase net income..
Describe a lawsuit the issues involved in the trial : As a law enforcement officer, what would your reaction be to being sued by a suspect in a case? How do you think that lawsuit would impact your personal life? How would you handle the pressure of being accused of violating the Constitution?
Write the given writing assignment : What were you identify as the key changes that new lighting brought to streets and shopping in the 19th century?

Reviews

Write a Review

 

Computer Network Security Questions & Answers

  Malicious attacks and / or threats that you identified

For each of the three (3) or more malicious attacks and / or threats that you identified in Assignment 1, choose a strategy for addressing the associated risk (i.e., risk mitigation, risk assignment, risk acceptance, or risk avoidance). Explain your ..

  Describe the new method in details and theoretical basis

Analyze advantages and weaknesses of the new protection method (e. g. implementation cost, runtime, reliability, stability and etc.)

  What is the definition of information security what

1.what is the definition of information security? what essential protections must be in place to protect information

  Research commercial data repositories be sure to understand

in this writing assignment you will create a brochure advertising your services as a data repository.research

  Discuss the role they play in computer crime

Discussing the role they play in computer crime. Be sure to research and document cases to support each law and your discussion

  Create a security policy for the company

Create a security policy for the following company explaining network security, physical security and access control systems:

  Cryptography assignment

cryptography assignment:  Consider the following problems: (P1) computing the output p from an input n; (P2) computing the output phi(n) from an input n. Which one of the following statements is true?

  Calculate the crc or fcs for the sender

The pattern or generator is P 1001. Calculate the CRC or FCS for the sender. You must give the details of this calculation.

  Discuss specific malware and social engineer attacks

Discuss specific malware, social engineer, or any other type of attacks you would deploy to achieve your desired goals

  Explain the use of file transfer protocol

Explain the use of File Transfer Protocol

  Describe how and why mandatory access control will be used

Describe how and why mandatory access control will be used. Describe how and why role-based access control will be used. How and why privileged and special account access are used?

  What is the rationale or justification offered by hackers

What is the rationale or justification offered by hackers such as Anonymous or Wikileaks? How can the activities of such groups be considered "cybercrime"?

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd