Expert answer:Security Assessment Report
Solved by verified expert:Introduction Discuss what is SAR, state how it is used in an organization, in what way does it help the organization and why SAR is important. Security Analysis Baseline (Step 1) Explain what this is and explain that you have been given a data flow diagram (DFD) (insert the given DFD in this section and explain what it shows, then go on to answer the assigned questions. Determine a Network Defense Strategy (Step 2) In this section you should address the phases necessary to respond to an incident—preparation, identification, containment, eradication, recovery and lessons learned. Define what each of these mean and explain how each of these should be performed. Also answer the remaining questions in this step. Step 4 is the hands on lab. Please review my comments in the discussion thread “Guidance on Project 1 Lab” with some guidelines to navigate some issues with the lab. Step 5 Using the links provided prepare the cost benefit analysis. Focus on doing an accurate comparison between the costs of security measures & controls, versus the annual loss expectancy from unmitigated risks. Finally prepare a conclusion where you briefly summarize what you are presenting (the previous steps) and finally conclude with the references in APA format.
project_1_sar_outline_template.docx
security_assessment_report.docx
Unformatted Attachment Preview
Running head: SECURITY ASSESSMENT REPORT
Security Assessment Report
First Name Last Name
University of Maryland University College
1
SECURITY ASSESSMENT REPORT
2
Security Assessment Report
Give a very brief introduction to an organization of your choice and then describe the
purpose of this SAR as a need to assess its security posture. This SAR will identify the
organization’s network infrastructure, the network threats and vulnerabilities, a network defense
strategy, testing techniques, procedures, and results. It will also discuss risk, mitigation costs,
and recommendations for improving the security posture of the organization.
Security Analysis Baseline (this section should be about 3 pages long…)
Discuss security requirements and goals for the preliminary security baseline activity.
Typical Attacks to Enterprise Networks
Discuss and describe typical attacks to enterprise networks. Include Trojans, viruses,
worms, denial of service, session hijacking, and social engineering. Include the impacts these
attacks have on an organization. Review online provided material to include description of
several network attacks.
Network Infrastructure
Use the data-flow / network diagram provided and discuss this diagram with intent to
describe the network infrastructure (LAN, MAN, WAN, enterprise, etc.) of your company to
include configuration and connections and security employed.
Per Step 1 you can use some of the following questions to help guide your development
of this SAR section: What are the security risks and concerns?; What are ways to get real-time
understanding of the security posture at any time?; How regularly should the security of the
enterprise network be tested, and what type of tests should be used?; What are the processes in
play, or to be established to respond to an incident?; Workforce skill is a critical success factor in
any security program, and any security assessment must also review this component. Lack of a
SECURITY ASSESSMENT REPORT
3
skilled workforce could also be a security vulnerability. Does the security workforce have the
requisite technical skills and command of the necessary toolsets to do the job required?; Is there
an adequate professional development roadmap in place to maintain and/or improve the skill set
as needed?; Describe the ways to detect these malicious code and what tactics bad actors use for
evading detection.
Public and Private Access Areas, web access points
Still referencing the data-flow / network diagram, discuss the delineation of open and
closed networks, where they co-exist, and how they connect to the Internet.
Physical Hardware Components
Still referencing the data-flow / network diagram, discuss the network routers and
switches. What security weaknesses or vulnerabilities are within these devices?
Operating systems, servers, network management systems
Discuss data transit vulnerabilities to include those of endpoint access; external storage;
virtual private network; media access control; and Ethernet.
Mobile and Future Applications
Introduce the subject of BYOD (bring your own device) as your company will be doing
this in the near future. The IT auditing team and leadership need to understand current mobile
applications and possible future applications and other wireless integrations. You will use some
of this information in Project 2 and also in Project 5.
Network Defense Strategy (this section should be about 2 pages long…)
Identify how you will assess the effectiveness of controls for your network and write
about different test techniques. Write them in a manner to allow a future ISSO to use them in
preparing for an IT security audit or IT certification and accreditation. Review online provided
SECURITY ASSESSMENT REPORT
4
material to include description of several test techniques such as Black Box; Grey Box; White
Box.
Penetration Testing Process (this section should be about 2 pages long…)
Define your penetration testing process and include all involved processes, people, and
timeframe. Also include some formal rules of engagement (ROE). The process and any
documents can be notional or can refer to actual use cases. If actual use cases are included, cite
them using APA format. Review online provided material to include description of seven (7)
main sections related to a penetration test.
Penetration Test Results (this section should be about 4 pages long…)
After finding the security issues within the network, define which control families from
the NIST 800-53 are violated by these issues. Explain here why each is a violation, support your
arguments with evidence (add figures of lab results in the Appendix area and then reference your
figures here in this area), and then provide suggestions on improving the security posture of these
violations.
Risk Management Cost Benefit Analysis (this section should be 1 page long…)
Calculate and discuss costs associated with each violation if you do not add the controls.
Then add in the cost for implementing your controls. Keep in mind the reason for this
quantitative risk analysis is for an organization to consider the amount of financial loss that may
occur if a vulnerability is exploited by a threat.
Review online provided material to include description of equation for calculating cybersecurity
risk and mitigations costs in financial terms: threat x consequence x vulnerability – risk
transferred = net financial risk
SECURITY ASSESSMENT REPORT
5
Conclusion
This SAR identified the organization’s network infrastructure, the network threats and
vulnerabilities, a network defense strategy, testing techniques, procedures, and results. It also
discussed risk, mitigation costs, and recommendations for improving the security posture of the
organization. From here discuss your conclusions and recommendations…
SECURITY ASSESSMENT REPORT
6
References
Aleisa, N. (2015). A comparison of the 3DES and AES encryption standards. International
Journal of Security and Its Applications 9(7). doi: 10.14257/ijsia.2015.9.7.21
Defense Human Resource Activity. (n.d.). Common Access Card (CAC) Security. Retrieved from
http://cac.mil/common-access-card/cac-security
Kent, K., Chevalier, S., Grance, T., & Dang, H. (2006). Computer Security: Guide to integrating
forensic techniques into incident response: Recommendations of the National Institute of
Standards and Technology (Special Publication 800-86). Retrieved from
http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-86.pdf
Reith, M., Carr, C., & Gunsch, G. (2002). An examination of digital forensic models.
International Journal of Digital Evidence, 1(3), 1-12. Retrieved from
http://www.just.edu.jo/~Tawalbeh/nyit/incs712/digital_forensic.pdf
SECURITY ASSESSMENT REPORT
7
Tables
Table 1
Demographic Data on All 178 Respondents
Population Description
Male
Female
Total
Age ≤ 29 Years
(N = 23) 20.7%
(N = 10) 14.9%
(N = 33) 18.5%
Age 30-45 Years
(N = 34) 30.6%
(N = 29) 43.3%
(N = 63) 35.3%
Age 46-59 Years
(N = 44) 39.6%
(N = 24) 35.8%
(N = 68) 38.2%
Age 60 Years or older
(N = 10) 09.0%
(N = 04) 06.0%
(N = 14) 07.9%
Experience 05 Years Exact
(N = 15) 13.5%
(N = 10) 14.9%
(N = 25) 14.0%
Experience 06-10 Years
(N = 30) 27.0%
(N = 21) 31.3%
(N = 51) 28.6%
Experience 11-19 Years
(N = 38) 34.2%
(N = 26) 38.8%
(N = 64) 35.9%
Experience ≥ 20 Years
(N = 28) 25.2%
(N = 10) 14.9%
(N = 38) 21.3%
SECURITY ASSESSMENT REPORT
8
Table 2
Measures of Central Tendency and Variation
N
Statistic
R
M
Statistic Statistic
SD
Variance
Skewness Skewness
Statistic
Statistic
Statistic
Std. Error
Gender
178
1
1.38
.486
.236
.515
.182
Age
178
3
2.35
.872
.761
-.034
.182
Experience
178
3
2.65
.970
.942
-.176
.182
Valid N
178
SECURITY ASSESSMENT REPORT
9
Figures
Figure 1. Hospital Information Support System.
1.
Introduction
a. Discuss what is SAR, state how it is used in an organization, in what way does it help the
organization and why SAR is important.
2. Security Analysis Baseline (Step 1)
a. Explain what this is and explain that you have been given a data flow diagram (DFD)
(insert the given DFD in this section and explain what it shows, then go on to answer the
assigned questions.
3. Determine a Network Defense Strategy (Step 2)
a. In this section you should address the phases necessary to respond to an incident—
preparation, identification, containment, eradication, recovery and lessons learned.
Define what each of these mean and explain how each of these should be performed.
Also answer the remaining questions in this step.
4. Step 4 is the hands on lab. Please review my comments in the discussion thread “Guidance on
Project 1 Lab” with some guidelines to navigate some issues with the lab.
5. Step 5 Using the links provided prepare the cost benefit analysis. Focus on doing an accurate
comparison between the costs of security measures & controls, versus the annual loss
expectancy from unmitigated risks.
6. Finally prepare a conclusion where you briefly summarize what you are presenting (the previous
steps) and finally conclude with the references in APA format.
…
Purchase answer to see full
attachment
How it works
- Paste your instructions in the instructions box. You can also attach an instructions file
- Select the writer category, deadline, education level and review the instructions
- Make a payment for the order to be assignment to a writer
- Download the paper after the writer uploads it
Will the writer plagiarize my essay?
You will get a plagiarism-free paper and you can get an originality report upon request.
Is this service safe?
All the personal information is confidential and we have 100% safe payment methods. We also guarantee good grades