Homework 4 | Computer Science homework help
Hands-On Steps
1. From your computer workstation, create a new text document called Compliance Lab #4.
2. Review the following scenario:
Your organization is a governmental agency that serves a vital role in homeland security functions.
In fact, your hiring took longer than you would have liked because it seemed as though the organization’s
managers wanted to know a lot about you before they gave you clearance to work. After a year
at the job, your manager feels your progress has come a long way, so she is giving you more responsibility
and has asked you to analyze the benefits of reporting risks, threats, and vulnerabilities in an IT
assessment that is under way. Your manager would like for you to conduct research and report your
findings about the type of vulnerabilities that require disclosure and when it is lawful or unlawful to
conceal information produced by vulnerability assessments. She would also like for you to include
some trends on current security threats and the types of responsible disclosure being performed by
other organizations.
3. Launch your Web browser and type in the Web address http://www.sans.org. In the Custom Search box
on the Web page’s upper right corner, search for “How do we define Responsible Disclosure?” On the
search results page, click on the top link labeled “How do we define Responsible Disclosure?” to open
the pdf article. Read about the following topics:
a. Vulnerability Life Cycle
b. Types of Disclosure
c. Nondisclosure
d. Full Disclosure
e. Limited Disclosure
f. Responsible Disclosure
g. Existing Policies and Proposals
In your text document, note one relevant point about each section.
4. In your Web browser, open the document “Symantec Global Internet Security Threat Report” provided
by Symantec Corporation at http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_
internet_security_threat_report_xv_04-2010.en-us.pdf. Review the Highlights section of the document
that discusses the main concepts in each section. Then, review the following topics in the document:
a. Threat Activity Trends
b. Vulnerability Trends
c. Malicious Code Trends
d. Phishing, Underground Economy Servers, and Spam Trends
In your text document, note one relevant point about each section.
5. In your Web browser, type the Web address http://www.zerodayinitiative.com/
advisories/published/. Review some of the links on the page provided by the respected security experts
at TippingPoint DVLabs and others.
6. Research other available resources (Internet resources, your textbook, and so on) to validate how
performing periodic security assessments throughout the seven domains of a typical IT infrastructure
can help an organization achieve compliance. In your text document, explain how performing periodic
security assessments throughout the seven domains of a typical IT infrastructure can help an organization
achieve compliance.
7. In your text document, write an executive summary describing how security assessments throughout
the seven domains of a typical IT infrastructure can help organizations achieve compliance by
mitigating risks and threats.
8. Submit the text document to your instructor as a deliverable for this lab.