Assignment: Client Security Architecture

Hi, Todd, how do you do? I hope my message finds you well. Regarding your request, we - GI_SSC_OM_S1 and GI_SSC_MFGPTS_S1 squads - only will be able to answer the Security and Risk questionnaire after we access the environment of our clients, that only will occur when Chris Maurer validates the data we sent to him from application owners and he informs us how we must to procede to start the access procedures without violate the export regulations rules from IBM. As we only receive part of the list that we sent to application owners (AO) yet, we have two situations right now: some data still under verification by AO and others under validation of Chris, as the graph bellow: Our PO and SLL are aware of this situation.

Username: Administrator Password: Hunter2 Security Considerations There are many security concerns that are apparent when looking at this lab and all of the settings that are being pushed out to machines. Some of the most apparent considerations that are touched upon in this lab

The current (Windows 2003) version is IIS 6.0 and includes servers for FTP (a software standard for transferring computer files between machines with widely different operating systems), SMTP (Simple Mail Transfer Protocol, is the de facto standard for email transmission across the Internet) and HTTP/HTTPS (is the protected version of HTTP,the communication protocol of the World Wide Web) [6].

Single Sign-On (SAML) Connection: It is also possible to integrate policyIQ with the BHE network log-ins for a true single sign-on, where users will not be prompted to log into policyIQ directly, but instead will be validated

Access Issues 2. Mitigating risk 3. Messaging security 4. Corrupt Data 5.

37. Are all our email servers configured to check all incoming and outgoing emails for viruses, spam and other threats? 38. Are only authorised staff can access operating system utilities and perform software upgrade and administration to network components? 39.

Assignment-7 Group Policies Group Policies: Group policies specifies settings for users and computers which includes security settings, software installation, computer startup and shut down, registry based policy settings and folder redirection. Group policies are responsible for controlling the working environment of users and computers accounts. It provides the configuration and management of the user’s settings, operating system and applications in a working environment. It is responsible for the user’s actions in a computer like what a user can and cannot do on the computer for example enforce users to have a complex password to prevent the network from being accessed by unidentified users. Group policies when properly planned and implemented

1. List and explain the top 5 factors that are required, at a bare minimum, to make an application secure. Security architecture, authentication, session management, access control, and input validation are the top five factors that make an application secure. Security architecture: OWASP verification requirements in security architecture verify all the application components and libraries that are present in the application are identified. A high level architecture of an application must be designed.

The monitoring application will be configured to use SNMP v3 whenever possible to secure management traffic [62]. c) Secure File Transfer: Network devices will need to send and receive files in a secure manner. Devices will need to send their current configuration file to a central location as part of backup and change management process, and need to receive firmware and software updates. A specific device should be configured to act as the central storage location for these files. Network devices will be configured to

These are (Virtual Private Network) VPN Policy, Password Policy and Acceptable Use Policy. Acceptable Use Policy is a policy that outlines the acceptable use of computer equipment. This policy is in place to protect employees in regards to inappropriate use. Any case of inappropriate use can expose the network to several risks, including viruses. Passwords are the frontline of protection of user accounts.

Marques Underwood INSS 391 Security and the Future With the transition of companies leaning towards advancing through the usage of big data, cybersecurity and the trends in technology are creating an increase in threats. The goal is to protect the databases and devices used at these companies before they are hacked and compromised for unwanted reasons. We’ll see the general concerns with security in the IT field, and steps that specific companies are taking to prevent and adopt to the landscape of the future in security. Devices are increasing at a rapid pace these days, meaning the more data is being expanding.

Week 2: Aligning Risks, Threats, and Vulnerabilities to COBIT P09 Risk Management Controls Lab #2 Lab Report File: Risk Management – IS355 Sherry Best Nicole Goodyear January 23, 2018 Describe the primary goal of the COBIT v4.1 framework. Define COBIT. The purpose of COBIT is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT with understanding and managing the risks associated with IT. COBIT also bridges the gaps between control requirements, business risk, and technical issues.

1. Viruses Can destroy all of the data and erase all of the file or misused by the attacker. Have the anti-virus downloaded in your computer and make sure your computer is completely updated. 2. Phishing Attacker will be able to get the private information of the person and will gain access on computer Be able to recognize the fake emails from the attacker and avoid opening them up.

Description New sub-section 5.1.0.2.01 – Application Services Future Statement Unknown services run within UnitedHealth Group workstations will be evaluated using the Information Risk Management risk

3-How is infrastructure protection (assuring the security of utility services) related to information security? The organization has to set regulation and have clear parameters when to protect itself. Transparent goals and objectives will lead to a better protection regarding to the information security. 5-What are