Homework 4 | Computer Science homework help

Hands-On Steps

 

 

 

1. From your computer workstation, create a new text document called Compliance Lab #4.

 

2. Review the following scenario:

 

 

 

Your organization is a governmental agency that serves a vital role in homeland security functions.

 

In fact, your hiring took longer than you would have liked because it seemed as though the organization’s

 

managers wanted to know a lot about you before they gave you clearance to work. After a year

 

at the job, your manager feels your progress has come a long way, so she is giving you more responsibility

 

and has asked you to analyze the benefits of reporting risks, threats, and vulnerabilities in an IT

 

assessment that is under way. Your manager would like for you to conduct research and report your

 

findings about the type of vulnerabilities that require disclosure and when it is lawful or unlawful to

 

conceal information produced by vulnerability assessments. She would also like for you to include

 

some trends on current security threats and the types of responsible disclosure being performed by

 

other organizations.

 

 

3. Launch your Web browser and type in the Web address http://www.sans.org. In the Custom Search box

 

on the Web page’s upper right corner, search for “How do we define Responsible Disclosure?” On the

 

search results page, click on the top link labeled “How do we define Responsible Disclosure?” to open

 

the pdf article. Read about the following topics:

 

 

 

a. Vulnerability Life Cycle

 

b. Types of Disclosure

 

c. Nondisclosure

 

d. Full Disclosure

 

e. Limited Disclosure

 

f. Responsible Disclosure

 

g. Existing Policies and Proposals

 

 

In your text document, note one relevant point about each section.

 

4. In your Web browser, open the document “Symantec Global Internet Security Threat Report” provided

 

by Symantec Corporation at http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_

 

internet_security_threat_report_xv_04-2010.en-us.pdf. Review the Highlights section of the document

 

that discusses the main concepts in each section. Then, review the following topics in the document:

 

 

 

a. Threat Activity Trends

 

b. Vulnerability Trends

 

c. Malicious Code Trends

 

d. Phishing, Underground Economy Servers, and Spam Trends

 

 

In your text document, note one relevant point about each section.

 

5. In your Web browser, type the Web address http://www.zerodayinitiative.com/

 

advisories/published/. Review some of the links on the page provided by the respected security experts

 

 

 

at TippingPoint DVLabs and others.

 

 

6. Research other available resources (Internet resources, your textbook, and so on) to validate how

 

 

 

performing periodic security assessments throughout the seven domains of a typical IT infrastructure

 

 

can help an organization achieve compliance. In your text document, explain how performing periodic

 

 

 

security assessments throughout the seven domains of a typical IT infrastructure can help an organization

 

achieve compliance.

 

 

7. In your text document, write an executive summary describing how security assessments throughout

 

 

 

the seven domains of a typical IT infrastructure can help organizations achieve compliance by

 

mitigating risks and threats.

 

 

8. Submit the text document to your instructor as a deliverable for this lab.