You have been hired as an auditor for a local university, which is preparing to undergo an accreditation inspection to confirm that security controls

You have been hired as an auditor for a local university, which is preparing to undergo an accreditation inspection to confirm that security controls

You have been hired as an auditor for a local university, which is preparing to undergo an accreditation inspection to confirm that security controls are in place and adhered to and that data is protected from unauthorized access internally and externally. As the auditor, you play a key role in ensuring compliance. As the organization prepares for its three-year accreditation, you are tasked with gathering the artifacts that will be used to build the accreditation package. The accreditation package will be submitted under the Risk Management Framework (RMF) and will use the controls found in NIST SP 800-53 and NIST SP 800-53A. The controls to be audited are provided in the worksheet. Your university has an IT staff consisting of the following personnel: CIO: in charge of overall network operations and cybersecurity. Information Security Officer: implements and manages cybersecurity policies. System Analysts: monitor security features implemented on hosts (laptops, desktops) and server-side security (NIPS, NIDS).Auditors: validate baseline compliance of systems in accordance with Security Technical Information Guide (STIG), NIST, and federal, state and local policies, regulations, and laws. System Administrators: manage data and applications on servers. Network Administrators: manage all switches, routers, firewalls, and sensors. Desktop Administrators: administer hardware and software to users and manage day-to-day troubleshooting calls from users. Help Desk: acts as the liaison between the customer and administrators through the use of a Ticket Management System (TMS).To ensure separation of duties, all employees are provided a written list detailing their roles and responsibilities. Terminated employees are debriefed, and physical and logical access controls are removed to prevent further access. Users are defined as those staff without elevated privileges that can affect the configuration of a computer or networked device. Advanced users have the rights and credentials to physically make a configuration change to a networked device or direct a configuration change through positional authority. All advanced users complete the same initial user agreement as standard users as well as a nondisclosure agreement (NDA). There is no required training for standard and advanced users. For automated account management, the university uses Active Directory (AD).Onboarding new users and managing access follows this process: When a user arrives, they visit the help desk in person and submit a request to have an account created. All users must read and sign a user agreement outlining the rules and terms of use before they are given network access. These forms are reviewed annually by the ISO and stored digitally on the network for three years from the date of termination. The organization defines a time period for each type of account after which the information system terminates temporary and emergency accounts (14 days); all accounts that have not been accessed for 45 days are suspended and, after 90 days, removed from Active Directory. The help desk creates a ticket that includes the signed user agreement and assigns the ticket to the system administrators. The system administrator (SA) creates the account and assigns the user access based on their role. Users are assigned least privilege when an account is created. Discretionary access control is created for university departments to allow internal users to share information among defined users. These processes aren’t audited and Active Directory has become a massive database containing accounts of users who are no longer employed by the organization as well as their files. No negative impact has been observed by this. System admins track when users log in and log out so security and software patches can be pushed to the users\’ machines. This tracking mechanism also contributes to nonrepudiation in the event of a cybersecurity incident. Additionally, the machine is configured to log the user out if there is no activity on the user’s computer for two minutes. After three failed login attempts, the account will be locked and will require the user to visit the help desk in person to validate their credentials and unlock the account.

Answer preview to you have been hired as an auditor for a local university, which is preparing to undergo an accreditation inspection to confirm that security controls

You have been hired as an auditor for a local university which is preparing to undergo an accreditation inspection to confirm that security controlsAPA

2031 words

Get instant access to the full solution from yourhomeworksolutions by clicking the purchase button below

The post You have been hired as an auditor for a local university, which is preparing to undergo an accreditation inspection to confirm that security controls appeared first on Yourhomeworksolutions.



Logo
.
CLICK HERE TO ORDER 100% ORIGINAL PAPERS AT PrimeWritersBay.com

Comments

Post a Comment

Popular posts from this blog

Analyze Beefsteak’s company profile and business model.

Image
Analyze Beefsteak’s company profile and business model. Review Chapters 1, 11, 12 and 13 in your Applied Psychology in Talent Management text. Watch the Week 4 Assignment video above with Brenda Forde, Program Chair of MBA. Review the articles listed for the Contemporary Human Capital Topics discussion: The Big Disconnect in Your Talent Strategy and How to Fix It Reimagining Time Off HR Then and Now: 6 Trends That Have Shaped the Workplace—and HR—Over the Past Decade Diversity & Innovation: Meet Five Leaders Who Have Invented New Approaches to D & I Review the articles listed for the Current Human Capital Management: Predictive Analysis discussion: Data Science and Predictive Analytics Enabling Better Hiring Mechanisms for Enterprises An Algorithm for Success: People Analytics Are Becoming as Important as People Skills in Making Insightful workforce Decisions. Visit the Beefsteak Case Study page to explore the Company Background Information Packet and review the Company Backg
Read more

Outline the four “Key Messages” that structure the IOM Report recommendations.

Image
Outline the four “Key Messages” that structure the IOM Report recommendations. Review the IOM report, “The Future of Nursing: Leading Change, Advancing Health,” and explore the “Campaign for Action: State Action Coalition” website. In a 1,000-1,250 word paper, discuss the influence the IOM report and state-based action coalitions have had on nursing practice , nursing education, and nursing workforce development, and how they continue to advance the goals for the nursing profession. Include the following: Describe the work of the Robert Wood Foundation Committee Initiative that led to the IOM report, “Future of Nursing: Leading Change, Advancing Health.” Outline the four “Key Messages” that structure the IOM Report recommendations. Explain how these have transformed or influenced nursing practice, nursing education and training, nursing leadership, and nursing workforce development. Provide examples. Discuss the role of state-based action coalitions. Explain how these coalitions h
Read more

Poetry Analysis Essay (3G) that defends a thesis you developed through a close critical reading

Image
Poetry Analysis Essay (3G) that defends a thesis you developed through a close critical reading Poetry Analysis Essay Poetry Analysis Essay (3G) that defends a thesis you developed through a close critical reading/analysis of three (or more) works of poetry listed on the syllabus. Your analysis relies mainly on textual support from the primary text, but can also include at secondary sources that support/sustain your argument. Do not confuse “critical analysis” with “plot summary;” the goal is to develop, sustain, and advance a thesis based on a critique of the primary text that clearly demonstrates the presence of a major themes in the chosen collection of works. a_3f Answer preview to Poetry Analysis Essay (3G) that defends a thesis you developed through a close critical reading APA 2180 words Get instant access to the full solution from yourhomeworksolutions by clicking the purchase button below  The post Poetry Analysis Essay (3G) that defends a thesis you developed th
Read more