User Account

All Pages

Explain the two auditing frameworks

Assignment Help Computer Network Security
Reference no: EM133993374

Assignment:

IT Security Assessment & Auditing

Business units in the Department of Defense (DoD) have auditing frameworks that provide baseline requirements and hardening guidelines to business units that a government network must meet. The primary benefit of utilizing an audit framework is having a standardized and structured way to base security policy. An audit then helps the organization determine how well it is adhering to its security policies. When an audit is combined with a risk assessment, the organization is equipped to identify present gaps. The organization can take steps to narrow or eliminate those gaps, mitigating its IT risk. identify the requirements and hardening guides that provide a frame to which a government network and business should adhere, you will assess the available sites under the Department of Defense (DoD) and identify agencies in charge of providing security guidelines, and you will review the hardening and best practice guidelines provided by the DoD's Defense Information Systems Agency (DISA), National Institute of Standards and Technology (NIST), and Information Assurance Support Environment (IASE).

Align Auditing Frameworks for a Business Unit within the DoD

•Identify the minimum baseline requirements and hardening guides that provide a framework to which a government network and business unit should adhere

•Assess all the available sites under the Department of Defense, and identify the agencies in charge of providing security guidelines and best practices for federal entities

•Review all the hardening and best practice guides provided by DISA and Information Assurance Support Environment of the DoD (IASE)

•Find the guidelines published by NIST that can assist in securing information assets

• identify and explain the two auditing frameworks or hardening guidelines/security checklists used by DoD

Scenario:

You work for a governmental unit of the DoD, and a manager has asked a brief paper outlining the importance of having the proper DoD-approved frameworks in place when an organization may want to conduct business with a governmental unit. the task is to evaluate all the available DoD, IASE, and NIST hardening guides on the Internet and to find a brief analysis of the technical controls and hardening guides that should be implemented as a minimum guideline for divisions of government agencies such as Frameworks as a Guide Frameworks are, in general, a set of ideas or rules to guide you, whether the rules apply to how to administer IT equipment, how to manage your daily work, or how to drive a car. The framework does not detail the manner in which you conduct yourself hour by hour, but only the general rules you should avoid breaking. The DoD-approved frameworks you research will provide these rules in the form of controls.

Controls can either describe or prescribe "best practices" to secure your IT environment. It is also these controls that grant auditors the ability to measure whether the IT environment following that framework is staying compliant, that is, keeping within these rules of Registered Websites and point out a few of the Information Assurance websites available (i.e., IASE, DISA, etc.)

This is an archived list of sites that had been registered to the Department of Defense the DoD list of registered websites, and then use the keyword search box to identify sites discussing information assurance and review the content of some of the resulting sites.

Do not merely search "information assurance," but use terms such as information, security, and Assurance Each office, agency, and department might showcase its own range of products, toolkits, standards, etc. Do not be overwhelmed with searching and surfing links. The object of this lab step is to gain a general appreciation of the available Web sites as well as identify some of those providing security guidelines and best practices for federal entities.

Review the Defense Information Systems Agency (DISA) website focus on reviewing the Services and Capabilities of DISA and evaluate which are relevant to their task of formulating a framework for secure government operations.

Review DISA's Information Assurance Support Environment. Pay special attention to the Security Technical Implementation Guides (STIGs)

Review the STIGs available with special focus on the following topics:

a. Network Hardening Guides

b. Secure Remote Computing

c.Windows Operating Systems

d. Application Security

the pages from the DISA website, you might be prompted for a DoD-approved public key infrastructure (PKI) client certicate to access the linked page. Without the certicate, the browsing will end there. A DoD-approved PKI client certicate is not required to complete

Review the NIST list of Special Publications (800 Series), and review the contents of the guides related to Security Controls for Federal Information Systems and Organizations (800-53 and 800-53 A titles).

1. three of the DoD-registered websites that provide guidelines and documents related to information assurance

2. Identify and explain two common auditing frameworks used for DoD

3. Identifying and explaining the two auditing frameworks or hardening guidelines/security checklists used by DoD

Reference no: EM133993374

Questions Cloud

Discuss the concept of a user home directory : Demonstrating how a user is automatically placed within their home directory by default when they log on to a Linux system.
How do we create a culture of accountablity : Should Culture Change Be On the Table? How Do We Create a Culture of Accountablity? Who should be accountable - IT or the organization?
How do the dynamics of the leader-follower relationship : How do the dynamics of the leader-follower relationship contribute to team success? What strategies would you use in this role to support team collaboration?
Describe common steps in program implementation : Describe common steps in program implementation. Describe common problems with the implementation of public programs.
Explain the two auditing frameworks : Identify and explain the two auditing frameworks or hardening guidelines/security checklists used by DoD.
What element do you think are most important to include : How can a well crafted job posting influence a candidates perception of an organization, and what element do you think are most important to include or avoid?
What research steps need to take place before you can reach : For this problem, imagine you've taken on the role of manager at an engineering company. What research steps need to take place before you can reach a decision?
What would your forecast be for this month : What would your forecast be for this month if the exponentially smoothed forecast for three months ago was 450 units and the smoothing constant was 0.20?
Develop and clearly define an ethical framework : Develop and clearly define an ethical framework that outlines the organization's values, principles, and expected behaviors, tailored to context of corrections.

Reviews

Write a Review

Computer Network Security Questions & Answers

  An overview of wireless lan security - term paper

Computer Science or Information Technology deals with Wireless LAN Security. Wireless LAN Security is gaining importance in the recent times. This report talks about how vulnerable are wireless LAN networks without any security measures and also talk..

  Computer networks and security against hackers

This case study about a company named Magna International, a Canada based global supplier of automotive components, modules and systems. Along with the company analysis have been made in this assignment.

  New attack models

The Internet evolution is and is very fast and the Internet exposes the connected computers to attacks and the subsequent losses are in rise.

  Islamic Calligraphy

Islamic calligraphy or Arabic calligraphy is a primary form of art for Islamic visual expression and creativity.

  A comprehensive study about web-based email implementation

Conduct a comprehensive study about web-based email implementation in gmail. Optionally, you may use sniffer like wireshark or your choice to analyze the communication traffic.

  Retention policy and litigation hold notices

The purpose of this project is to provide you with an opportunity to create a document retention policy. You will also learn how to serve a litigation hold notice for an educational institute.

  Tools to enhance password protection

A report on Tools to enhance Password Protection.

  Analyse security procedures

Analyse security procedures

  Write a report on denial of service

Write a report on DENIAL OF SERVICE (DoS).

  Phising email

Phising email It is multipart, what are the two parts? The HTML part, is it inviting the recepient to click somewhere? What is the email proporting to do when the link is clicked?

  Express the shannon-hartley capacity theorem

Express the Shannon-Hartley capacity theorem in terms of where is the Energy/bit and is the psd of white noise.

  Modern symmetric encryption schemes

Pseudo-random generators, pseudo-random functions and pseudo-random permutations

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +91-977-207-8620

Phone: +91-977-207-8620

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd