Monday, April 8, 2019
Define an SLA and state why it is required in a risk adverse organization Essay Example for Free
Define an SLA and state why it is required in a risk indecent organization Essay1. This is a closed-book, closed-notes quiz. No reference material (including assignments and labs) will be permitted for use during the quiz session. 2. The quiz contains the spare-time activity types of questions* Short essay type3. Place your answers in the space immediately following each question.Quiz Questions1. Define an SLA and state why it is required in a risk unbecoming organization. A SLA is a service level agreement, which is a contract between the ISP and the company. A SLA gives the company an nous of how much time they will be without serve, should something happen with the ISP. A SLA is important to a company in making recovery plans, knowing what critical systems need to be available for a continuance of product line and formulation of disaster recovery.2. Using the user domain, define risks associated with users and rationalise what put up be done to extenuate them. The user domain has several risks involved, as people are involved and at that place is no way employees can be monitored without the use of CCTV. Social engineering a person move to obtain information through malicious means. The greatest tool in mitigating risk in the user domain is training and reminders for users to be aware of their surroundings. No acceptable users policy, AUP, or need of training employees on the correct usage of the meshing. User accounts left active, if the employee is terminated, and anformer(a) employee has the log on credentials. moderation would to be disabling all user accounts upon termination. .3. Using the workstation domain, define risks associated within that domain and explain what can be done to reduce risks in that domain.The use of USBs or disk, the files could contain viruses and infect other files or applications on the network. No acceptable users policy, AUP, orlack of training employees on the correct usage of the network. The users stay ing signed into their accounts when leaving their desk. Session timeout would help with this risk, but training and follow up with need to be done as well.4. List four compliance laws or regulations or mandates, and explain them. HIPAA- covers all healthcare industries and states all patient information must be encrypted in storage, transmissions, and restrictions on get to to the information.SOX- cover all publically traded companies and require auditing of the accounting procedures of the business. The reports required by SOX are reported to the SEC. bother to the financial information is restricted and based on need to know.FISMA- covers authorities agencies and is to ensure all assets of the government are protected. Assets like information, operations and actual machinery are protected from hackers or internal threats. Guidelines to develop a security guideline for government agencies, requires regular audits.CIPA-Child Internet Protection Act- covers federally funded entiti es than provide internet services to individuals, schools and libraries. The Act requires content filters to be used to prevent children from being exposed to harmful content, pornography and adulterous sites on the internet.5. Define risk with a formula. Explain what each variable means. Risk= Threat x Vulnerability- Threat is any compromise in the network that can be used for malicious behavior, an face worm, or Trojan horse. Vulnerability- is a weakness in the software or OS of a network that can be exploited for malicious intent. The two multiplied equals a risk to the information, assets or dexterous property of a business.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment