Technical Assessment Questions Essay

Custom Student Mr. Teacher ENG 1001-04 31 May 2016

Technical Assessment Questions

1. Why is risk mitigation and filling in critical security gaps an important next step after the security assessment is performed?

During your security assessment you probably found some gaps, some of them may be critical gaps, so naturally the next step should be to fix those gaps. Once you know you are exposed you want to fix those gaps ASAP before they get exploited.

2. How do you align the results of the qualitative risk assessment to risk mitigation?

You align the results by how likely each risk is to be exploited. The critical security gaps should be taken care of before the low level risks.

3. What were the major elements of your risk mitigation project plan?

Risks, Priority, Impact (short/long term), Mitigation Costs, and the Timeline

4. What tasks and deliverables are needed to implement your risk mitigation recommendations? Pick one of the seven domains of a typical IT infrastructure and answer uniquely.

For the Sys/App domain:

System Planning and Acceptance

Function Test to exercise the processing logic of the system to expose errors in data base updates, calculations and edits and to ensure that the system delivers all functionality described in the Preliminary Design Schedule a non-production test to verify system is work correctly before going live and monitor system log and errors for problems Security Test to ensure that the system meets the specifications Schedule a non-production test to verify system meet the minim specifications Human Interface Test to ensure that human interface is function. Like keyboards, mouse’s and CAC Card readers are working. Schedule a test to verify the peripheral are tested to ensure the correct peripheral devices is being plug in and ensure usb drive/cd rom are disable.

System Acceptance

Function Test to exercise the processing logic of the system to expose errors in data base updates, calculations and edits and to ensure that the system delivers all functionality described in the Preliminary Design Schedule a non-production test to verify system is work correctly before going live and monitor system log and errors for problems Security Test to ensure that the system meets the specifications Schedule a non-production test to verify system meet the minim specifications Human Interface Test to ensure that human interface is function. Like keyboards, mouse’s and CAC Card readers are working. Schedule a test to verify the peripheral are tested to ensure the correct peripheral devices is being plug in and ensure usb drive/cd rom are disable

Application Control

Input Controls Verify that integrity of data entered into a business application, whether the data is entered directly by staff, remotely by a business partner, or through a Web-enabled application or interface. Data input is checked to ensure that is remains within specified parameters Ensure whitelist and blacklist input filter are in place. Conduct a Fuzz test on software. Update software and antivirus. Test web-enable application for security gap and valuable

Processing Controls Verify processing is complete, accurate, and authorized. Conduct test on infrastructure processes

Output Controls Verify data is compare output results with the intended result by checking the output against the input Schedule control test on input and output data. Verify the correct result was process. Example (input a * (wildcard) L see if filter out is L. Wildcard should be drop. Integrity Controls Verify monitors of data that being processed and in storage to ensure it remains consistent and correct. Schedule a non-production Test on Access control, Authentication, Encryption, backups, and Application security to ensure infrastructure is working within minim specifications Verify communication closet are locked

Random check communication closet for integrity
Verify End -point device are properly security
Schedule test for integrity check on End-point
Verify Firewall filers are working and all un-needed port is close Monitor log, ports and traffic to for problems.
Review of User Access Rights
Verify Acceptable Use Policy (AUP) in place and correct.
Review (AUP) for gaps and conduct training for users.
Verify user access has principle of least privilege
Conduct a test on random system. Use Group Policy Management Console (GPMC) to ensure policy is in place.

Operating System Access Control
Verify authentication control is in placement and working properly
Use Group Policy Management Console (GPMC) to ensure policy is in place. Verify GPO and being implemented and working
Use Group Policy Management Console (GPMC) to ensure policy is in place. Verify patch management is be done and documented
Check logs and monitoring software for error
Verify Work station after patch management to ensure system is working correctly Run patches on non-productive workstation. Conduct a stress test to verify patches working correctly and no security gaps are created.

Password Management System

Verify GPO is set to policy
Random check users, computers, and objects. Conduct a test on GPMC for policies compliance.
Event Logging
Verify security event are being log
Purchase software to conduction the monitoring, Set scope to alert SysAdmin is there is a problem.
Conduct random check on logs. Verify software updates are being log
Purchase software to conduction the monitoring, Set scope to alert SysAdmin is there is a problem.
Conduct random check on logs. Ensure someone is reviewing log
Conduct random check on log to verify the software is configure and working correctly.

5. For the tasks and deliverables needed to mitigate the risk elements identified in #4 above, estimate the man-hours needed to perform the tasks and deliverables identified for the risk mitigation recommendations.

Free Technical Assessment Questions Essay Sample

A

  • Subject:

  • University/College: University of California

  • Type of paper: Thesis/Dissertation Chapter

  • Date: 31 May 2016

  • Words:

  • Pages:

Let us write you a custom essay sample on Technical Assessment Questions

for only $16.38 $13.9/page

your testimonials