Course Hero Logo

SAR Project 1.docx - Running head: SECURITY ASSESSMENT...

Course Hero uses AI to attempt to automatically extract content from documents to surface to you and others so you can study better, e.g., in search results, to enrich docs, and more. This preview shows page 1 - 4 out of 14 pages.

Running head: SECURITY ASSESSMENT REPORT1Security Assessment ReportThomas MitchellUMGC CST 630
SECURITY ASSESSMENT REPORT2Security Assessment ReportThe general and main purpose of the security assessment report is to make sure that the organization performs an audit on the systems. Also, its used for personnel to communicate the different outcomes of the security assessment of the overall infrastructure that would include people, processes, and polices. The overall document would help create a verdict of the systems to conclude if the organization should continue its operations. The SAR also delivers the complete state of security that would allow the organization to meet the different security levels when protecting the data that is being stored, transmitted, or processed throughout the network. The document also captures in real time, the view of the security state of the overall network. The SAR should be clarified with altered versions for each time something has been changed. These changes would be written within the report itself, allowing for accountability to the changes that employees perform. [ CITATION And18 \l 1033 ]A security assessment was performed on the systems on the networks website, and the various sub-domains that come with creating a website. Implementations of policy and followingcompliance with the FISMA (Federal Information Security Management Act) guidelines. The purpose of writing the Security Assessment Report, is to perform an evaluation on the systems that are installed on the network; thus, making sure that the baseline controls are included in maintaining compliance. Setting up and maintaining the BaselineOur organization includes multiple networks that are deployed via physically that would allow the employees to access internal and external resources. The network would be allowing the employees who live far from headquarters to be able to join the overall network by using a VPN connection. The reason the audit occurs is because the organization needs to identify the
SECURITY ASSESSMENT REPORT3systems that is accessible from the internet. That is what is most important, about making sure that the vulnerabilities and the different weaknesses are mitigated. There are many different attacks that would be considered as vectors that would allow a malicious actor access to an enterprise network. Those that are common within the cybersecurity field, are social engineering, session hijacking, viruses, worms, trojans and denial of service attacks. A social engineering attack would use the weaknesses of the human interaction between the malicious actor and an employee at the organization. [ CITATION App18 \l 1033 ] The malicious actor can send over an email that might be considered spoofed, would be a way for them to attach a trojan or virus program that would compromise the overall network at the organization. A session hijacking attack would allow the malicious actor the right to be able to

Upload your study docs or become a

Course Hero member to access this document

Upload your study docs or become a

Course Hero member to access this document

End of preview. Want to read all 14 pages?

Upload your study docs or become a

Course Hero member to access this document

Term
Spring
Professor
N/A

Newly uploaded documents

Show More

Newly uploaded documents

Show More

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture