Saturday, May 18, 2019
Define an SLA and state why it is required in a risk adverse organization Essay
1. This is a closed-book, closed-notes quiz. No reference material (including assignments and labs) will be permitted for use during the quiz session. 2. The quiz considers the following types of questions* Short essay type3. Place your answers in the aloofness immediately following each question.Quiz Questions1. Define an SLA and state why it is required in a bump adverse organization. A SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of business and formulation of disaster recovery.2. Using the user field of operations, define gambles associated with users and explain what can be done to mitigate them. The user domain has several risks involved, as people argon involved and there is no way employee s can be monitored without the use of CCTV. Social engineering a person trying to obtain information through malicious means. The greatest tool in mitigating risk in the user domain is preparation and reminders for users to be aw ar of their surroundings. No acceptable users policy, AUP, or neediness of training employees on the correct usage of the network. User accounts left active, if the employee is terminated, and another employee has the put down on credentials. Mitigation would to be disabling all user accounts upon termination. .3. Using the workstation domain, define risks associated within that domain and explain what can be done to reduce risks in that domain.The use of USBs or disk, the files could contain viruses and infect other files or applications on the network. No acceptable users policy, AUP, orlack of training employees on the correct usage of the network. The users staying signed into their accounts when leaving their desk. Session timeout would help with thi s risk, but training and follow up with need to be done as well.4. List four compliance laws or regulations or mandates, and explain them. HIPAA- covers all healthcare industries and states all patient information must be encrypted in storage, transmissions, and restrictions on access to the information.SOX- cover all publically traded companies and require auditing of the accounting procedures of the business. The reports required by SOX are reported to the SEC. Access to the financial information is restricted and based on need to know.FISMA- covers government agencies and is to warrant all assets of the government are protected. Assets like information, operations and actual machinery are protected from hackers or upcountry threats. Guidelines to develop a security guideline for government agencies, requires regular audits.CIPA-Child Internet Protection Act- covers federally funded entities than leave behind internet services to individuals, schools and libraries. The Act requ ires content filters to be use to prevent children from being exposed to hurtful content, pornography and illicit sites on the internet.5. Define risk with a formula. Explain what each variable means. stake= Threat x Vulnerability- Threat is any compromise in the network that can be used for malicious behavior, an example worm, or Trojan horse. Vulnerability- is a weakness in the software or OS of a network that can be exploited for malicious intent. The two multiplied equals a risk to the information, assets or intellectual property of a business.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.