Reference no: EM131372680 , Length: 5
Assignment : Business Security Posture
Company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs. The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company's current security posture. You are called upon as a 3rd party penetration tester, based on your industry reputation of being both careful and thorough to report on company XYZ's security posture. The only information available about the company is the generalized information found on its company Website which includes a contact page, home page, customer login portal, copyright and acceptable use page, and disclaimers page.
As an experienced penetration tester, you already have a collection of typical tools you use to conduct your tests (at minimum, all the tools available in CEH labs for this course.) The end goal here is to report on company XYZ's current security posture through performing penetration tests.
Write a four to five (4-5) page paper in which you outline all steps you would take to provide company XYZ's request. Include but do not limit yourself to the following:
Determine the communications and questions that you need to ask the Manager of Security before beginning your work assignment.
Determine the type of documents you would bring to your first meeting with the Manager of Security (i.e. documents to sign, to review, to consider).
Explain chronologically when things happen.
Predict what results are expected based on tools and techniques you use. For example, if a goal is to collect recon data, one might use the Nmap tool to perform a subnet scan. A similar scan can be conducted in your iLabs environment and the resulting data used as support in the form of screenshots when explaining your theories.
Evaluate the importance of the Nondisclosure Agreement (NDA) and other legal agreements to both parties.
Propose the main pre-penetration test steps that the penetration tester should perform before beginning the initial phases of the XYZ penetration test. Provide a rationale to support your proposal.
Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
Include a cover page containing the title of the assignment, the student's name, the professor's name, the course title, and the date.
The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
Discuss the need for security analysis.
Discuss the techniques and apply the tools to perform penetration tests.
Discuss and design a Demilitarized Zone (DMZ).
Use technology and information resources to research issues in penetration testing tools and techniques.
Write clearly and concisely about Network Penetration Testing topics, using proper writing mechanics and technical style conventions.
Identify the beliefs and behaviors
: Research and present a case study (not addressed in the textbook) in which a major IS project succeeded specifically because the IS analysts understood and avoided pervasive but unacknowledged beliefs or behaviors.
|
It is possible as a response to change the sample size
: While designing a hypothesis test for population proportion, the cost of a type I error is found to be substantially greater than originally thought.- It is possible, as a response, to change the sample size and/or α.
|
Create a new starting state for the simulation
: Is an identical simulation run this time? If not, do you see broadly similar patterns emerging anyway?
|
Explain why other statements are not precise or are false
: The p-value obtained in a hypothesis test for population mean is 8%. Select the most precise statement about what it implies. Explain why the other statements are not precise, or are false.
|
Explain chronologically when things happen
: Company XYZ, a mid-sized corporation, is in the middle of satisfying their regulatory compliance needs. The manager of security at the company has been tasked by the CIO (Chief Information Officer) to report on the company's current security post..
|
Consumer by subsidizing education
: a. Write her budget constraint and draw the budget line in a diagram with education as the horizontal axis and money as the vertical axis. Suppose the government would like to increase the "welfare" of this consumer by subsidizing education.
|
How regional metamorphism is related to plate boundaries
: Briefly outline how regional metamorphism is related to plate boundaries? Are certain types of metamorphic rocks indicative of particular plate boundaries or tectonic settings?
|
Why is it useful to know the power of a test
: Why is it useful to know the power of a test?- Explain the difference between the p-value and the significance level α.
|
Can you pinpoint any reasons why that might be occurring
: Do you feel that omitting gender as an attribute in the Rabbit class is likely to lead to an inaccurate simulation? Write down the arguments for and against including it.
|