Need Help With This Assignment?

Let Our Team of Professional Writers Write a PLAGIARISM-FREE Paper for You!

Lab- Aligning an IT Security Assessment to Achieve Compliance

Lab- Aligning an IT Security Assessment to Achieve Compliance

Lab 4.1a

The vulnerability life cycle refers to finding, disclosing, and addressing vulnerabilities in software or systems. It is crucial to comprehend this process to manage and reduce risks efficiently.

Nondisclosure, full disclosure, and limited disclosure are only a few of the several kinds of disclosure. Full disclosure refers to the practice of disclosing all information about a vulnerability. Nondisclosure is the practice of not providing any information about exposure. The term “limited disclosure” describes revealing specific details about a vulnerability.

Responsible disclosure is sharing information about a vulnerability while considering the organization’s needs. It involves giving the company enough time to address the vulnerability before making it public (Huang et al., 2019). There are many policies and suggestions for responsible disclosure, ranging from industry-wide norms to specific corporate policies. Companies should grasp the many policies and proposals already in place to make refined judgments about tackling vulnerabilities.

Lab 4.1b

Threat activity trends describe patterns and variations in the types and frequency of cyber threats over time. Information on which threat categories were most common, which industries were most impacted, and which geographical areas experienced the most significant activity may be some of the section’s important findings.

Vulnerability trends describe historical patterns and shifts in the types and frequency of software vulnerabilities. The most important conclusions in this section may include details on the most often exploited vulnerabilities, the most affected industries, and the goods of the most vulnerable suppliers.

Spam and fraud activity trends describe patterns and changes in spam and fraud frequency and type over time. The essential findings include details on the most common spam and scam kinds, industries impacted negatively, and the geographical areas with the highest activity.

Lab 4.1c

A typical IT infrastructure has seven different areas: the network, the host, the application, the data, access control, the operations, and physical security (Chandramouli, (2022). Organizations may ensure that their systems and procedures are current and completely compliant with all applicable security standards and requirements by routinely evaluating each of these domains. Security audits can help organizations identify and address security gaps and vulnerabilities. A security audit can discover an incorrectly set firewall or unsecured wireless access points on the network. Organizations can aid in preventing unwanted access to their systems and data by addressing these challenges.

Security assessments can help companies ensure that their systems are configured and used in a way that complies with all applicable security standards and requirements. For instance, a security evaluation of the host domain can show that systems are not running the most recent security updates or that software applications are not set up securely. Organizations can ensure the security and integrity of their data and systems by routinely evaluating their systems and processes. Organizations can achieve compliance with all relevant rules and regulations by conducting assessments throughout the seven domains of a typical IT infrastructure.

Lab 4.2

An efficient security assessment program is crucial for enterprises trying to achieve compliance and reduce risks and threats throughout their IT infrastructure. The National Institute of Standards and Technology (NIST) states that to provide a thorough security program, each of the following seven domains of a typical IT infrastructure must be evaluated: Network security, endpoint security, access control, data protection, incident response, compliance, and physical security are the top seven security concerns.

Organizations can identify and address potential threats and vulnerabilities by conducting security assessments across seven domains. For example, network security assessments can identify network vulnerabilities and potential areas for improvement. Endpoint security scans can identify security holes in mobile devices such as laptops and smartphones (Chandramouli, 2022). Additionally, organizations may lower risks and threats by completing security evaluations throughout the seven domains of a typical IT system. Physical security audits might spot weaknesses in the physical environment, including unlocked doors or exposed servers. Incident response assessments can determine the necessary actions to take in the event of a data breach or cyber-attack (Scarfone et al., 2008).

References

Chandramouli, R. (2022). Guide to a Secure Enterprise Network Landscape (No. NIST Special Publication (SP) 800-215 (Draft)). National Institute of Standards and Technology. https://doi.org/10.6028/NIST.SP.800-215.

Huang, Y., Debnath, J., Iorga, M., Kumar, A., & Xie, B. (2019). CSAT: a user-interactive cyber security architecture tool based on NIST-compliance security controls for risk management. In 2019 IEEE 10th Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON) (pp. 0697–0707). IEEE. https://doi.org/10.1109/UEMCON47517.2019.8993090.

Scarfone, K., Jansen, W., & Tracy, M. (2008). Guide to General Server Security: A Comprehensive Resource for IT Professionals. CSRC. Retrieved January 16, 2023, from https://csrc.nist.gov/publications/detail/sp/800-123/final.

ORDER A PLAGIARISM-FREE PAPER HERE

We’ll write everything from scratch

Question 


risks caused by the Zero Day Initiative, HTTP Client versus Server Side attacks, Malicious JavaScript, PHP Remote File Include, botnets, and PDF attacks on organizations.

Lab- Aligning an IT Security Assessment to Achieve Compliance

Lab- Aligning an IT Security Assessment to Achieve Compliance

You will also look at the practices of vulnerability management to prevent threats from old or previously performed attacks on known vulnerabilities within the seven domains of a typical IT infrastructure.