Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

1 . [ 1 0 points ] Describe why the Sarbanes - Oxley Act ( SOX ) was passed and provide a detailed description of

1.[10 points] Describe why the Sarbanes-Oxley Act (SOX) was passed and provide a detailed description of the Act. How did SOX change IT auditing?
2.[10 points] List and describe 4 HIPAA Security Rules. For each security rule, describe one (1) internal control for each security rule.
3.[10 points] You are conducting an IT audit. You review the Windows firewall rules and determine that ports 22,53,80, and 443 are open and listening on a Windows server. Logging into this server is permitted by policy by anyone. Answer the following questions.
a. What services are running?
b. Do you have any concerns about the security of the server?
c. If you have concerns from (b), what suggestions do you have to improve the security of the Windows server? Describe your solution and what you would have to do to implement your solution (you do not need to provide the exact commands).
4.[10 points] Describe what a firewall does and explain how a firewall can be used to protect against a ICMP ping flood denial-of-service (DoS) attack. Describe a firewalls functionality and this type of attack (ICMP ping flood) in detail. Describe a rule to detect this type of attack and block it.
5.[10 points] List and provide a one sentence description of each of the 5 pillars of Information Assurance. For each pillar, provide one example of a vulnerability or threat to the pillar.
6.[20 points] Describe in detail SaaS, PaaS, and IaaS Cloud computing models. Describe three considerations when auditing Cloud technologies.
7.[15 points] A company discovers that there is no offsite or backup storage for a financial application. The application leaves port 80 open for web requests. There is a known vulnerability that can be exploited by sending a specifically formatted message to the application on port 80. There is no policy to remove user accounts for the application when employees change jobs or leave the company. Answer the following questions.
a. What are the threats?
b. What are the risks?
c. How would you mitigate the risks?
8.[15 points] A companys IT policy states that passwords should contain 16 characters with a mix of letters, numbers, and special characters. After reviewing the implemented policy within the IT system, it is noted that the current security settings stated that passwords only need to be 4 character long and no multi-factor authentication is required. Answer the following questions.
a. What are the threats?
b. What are the risks?
c. How would you mitigate the risks?

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Datacasting How To Stream Databases Over The Internet

Authors: Jessica Keyes

1st Edition

007034678X, 978-0070346789

More Books

Students also viewed these Databases questions