A key responsibility for security professionals is representing organizations during audits, either internal or external Since our case study involves cyber security for a chemical facility, we'll be practicing this skill by responding to questions that might be generated by an inspector with the Department of Homeland Security (DHS) Consult the attached document to get your assigned audit question and post to the Wiki your question and answer so that we can share the learning experience Pure Land Wastewater Compliance Audit Objective This assignment requires the students to answer questions as might be encountered while undergoing a compliance audit regarding Department of Homeland Security Chemical Facility Anti Terrorism Standards (CFATS) regulations The students will play the role of a Cyber Security consultant being audited by a DHS compliance inspector Instructions for assignment Find your assigned question from the table below Student Assigned Question 1 Adapa, Naga Venkata Prudhvi 2 1 2 Akunuru, Venkata Krishana Rao 2 2 3 Bermudez, Brandon Michael 2 3 4 Chapala, Rahul 2 4 5 Chittajallu, Sesidhar 2 5 6 Danda, Rakshitha 2 6 7 Dundra, Madhusudhan 2 7 8 Gattla, Swetha 2 8 9 Kattika, Venkatanagasravani 2 9 10 Kundur, Aishwarya 2 1 11 Naredla, Ashish 2 11 12 Patel, Apexa Pramodbhai 2 12 13 Patel, Bijalkumar Jagdishbhai 2 13 14 Polureddy, Raj Mohan Reddy 2 14 15 Yelisetti, Sandeep 2 15 Using the Risk Based Performance Standards Guidance Chemical Facility Anti Terrorism Standards document for reference, research and write an answer for one of the following questions (assigned to you based on a random draw) from a DHS inspector conducting a site inspection Consult your team members if you need help After the team has compiled all their answers, get ready to be audited by the instructor Youll have 20 minutes to research and write your answer What systems listed on your PureLand Network Diagram do you consider to be the most critical systems Why did you pick these systems as most critical What do you feel are the most important elements of a successful change management process How will you ensure that changes made to the Cyber systems at PureLand Wastewater wont lead to Cyber Security Incidents Is there currently any segregation of systems at PureLand based on criticality of the systems If yes, please explain the segregation strategy If not, please explain what plans are being developed to segregate assets on the network based on risk What methods are used or planned for implementation to manage passwords Is there any differentiation in how end user and privileged (e g , system administrator) accounts are managed Is there currently any Cyber Security awareness and training program in place at PureLand If yes, please explain the frequency and method of documenting completion If not, please explain what topics will be included in your awareness program and how you plan to document and track compliance What kinds of technical controls are being used at PureLand to prevent malware attacks What additional controls are planned for implementation within the next 24 months If PureLand was aware of a Cyber Security incident taking place at their facility, what is the protocol for responding to and reporting the incident What measures does PureLand take (or plan to take) to secure Safety Instrumented Systems to prevent Cyber Security incidents from causing a catastrophic event Does PureLand have an up to date inventory of hardware connected to their network What is included in the inventory Is PureLand aware of new devices being added to the network What technology is used to gain awareness of what devices are connected to the network What do you feel is the greater risk driver for PureLand Chemical theft or diversion or release of the Chemical of Interest and why Provide some examples of areas you feel have physical security concerns related to cyber assets along with brief explanations of why they have higher risk What are the requirements you will have for the person who will manage your cyber security program Does PureLand use shared accounts for accessing computer systems What are the risks associated with use of shared accounts and how might you mitigate these risks Does PureLand use separation of duties as a security practice What duties are separated or planned to be separated and why What kinds of controls are in place to ensure access to devices or information is managed appropriately What processes are used or planned to manage changes to the workforce

Answered step by step

Verified Expert Solution

Link Copied!

Question

1 Approved Answer

Posted on Jun 21, 2022

A key responsibility for security professionals is representing organizations during audits, either internal or external. Since our case study involves cyber security for a chemical

A key responsibility for security professionals is representing organizations during audits, either internal or external. Since our case study involves cyber security for a chemical facility, we'll be practicing this skill by responding to questions that might be generated by an inspector with the Department of Homeland Security (DHS). Consult the attached document to get your assigned audit question and post to the Wiki your question and answer so that we can share the learning experience.

Pure Land Wastewater Compliance Audit

Objective

This assignment requires the students to answer questions as might be encountered while undergoing a compliance audit regarding Department of Homeland Security Chemical Facility Anti-Terrorism Standards (CFATS) regulations. The students will play the role of a Cyber Security consultant being audited by a DHS compliance inspector.

Instructions for assignment

Find your assigned question from the table below

Student	Assigned Question
1. Adapa, Naga Venkata Prudhvi	2.1
2. Akunuru, Venkata Krishana Rao	2.2
3. Bermudez, Brandon Michael	2.3
4. Chapala, Rahul	2.4
5. Chittajallu, Sesidhar	2.5
6. Danda, Rakshitha	2.6
7. Dundra, Madhusudhan	2.7
8. Gattla, Swetha	2.8
9. Kattika, Venkatanagasravani	2.9
10. Kundur, Aishwarya	2.1
11. Naredla, Ashish	2.11
12. Patel, Apexa Pramodbhai	2.12
13. Patel, Bijalkumar Jagdishbhai	2.13
14. Polureddy, Raj Mohan Reddy	2.14
15. Yelisetti, Sandeep	2.15

Using the Risk-Based Performance Standards Guidance Chemical Facility Anti-Terrorism Standards document for reference, research and write an answer for one of the following questions (assigned to you based on a random draw) from a DHS inspector conducting a site inspection. Consult your team members if you need help. After the team has compiled all their answers, get ready to be audited by the instructor. You’ll have 20 minutes to research and write your answer.
1. What systems listed on your PureLand Network Diagram do you consider to be the most critical systems? Why did you pick these systems as most critical?
2. What do you feel are the most important elements of a successful change management process? How will you ensure that changes made to the Cyber systems at PureLand Wastewater won’t lead to Cyber Security Incidents?
3. Is there currently any segregation of systems at PureLand based on criticality of the systems? If yes, please explain the segregation strategy. If not, please explain what plans are being developed to segregate assets on the network based on risk.
4. What methods are used or planned for implementation to manage passwords? Is there any differentiation in how end user and privileged (e.g., system administrator) accounts are managed?
5. Is there currently any Cyber Security awareness and training program in place at PureLand? If yes, please explain the frequency and method of documenting completion. If not, please explain what topics will be included in your awareness program and how you plan to document and track compliance.
6. What kinds of technical controls are being used at PureLand to prevent malware attacks? What additional controls are planned for implementation within the next 24 months?
7. If PureLand was aware of a Cyber Security incident taking place at their facility, what is the protocol for responding to and reporting the incident?
8. What measures does PureLand take (or plan to take) to secure Safety Instrumented Systems to prevent Cyber Security incidents from causing a catastrophic event?
9. Does PureLand have an up to date inventory of hardware connected to their network? What is included in the inventory? Is PureLand aware of new devices being added to the network? What technology is used to gain awareness of what devices are connected to the network?
10. What do you feel is the greater risk driver for PureLand Chemical theft or diversion or release of the Chemical of Interest and why?
11. Provide some examples of areas you feel have physical security concerns related to cyber assets along with brief explanations of why they have higher risk.
12. What are the requirements you will have for the person who will manage your cyber security program?
13. Does PureLand use shared accounts for accessing computer systems? What are the risks associated with use of shared accounts and how might you mitigate these risks?
14. Does PureLand use separation of duties as a security practice? What duties are separated or planned to be separated and why?
15. What kinds of controls are in place to ensure access to devices or information is managed appropriately? What processes are used or planned to manage changes to the workforce?

Step by Step Solution

★★★★★

3.55 Rating (155 Votes )

There are 3 Steps involved in it

Step: 1

In the area of critical systems the systems covered by the PureLand Network Diagram are listed on Appendix B as The Generator The Control Panel and System Configurations for each sizecapacity unit Our ... blur-text-image