Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

The following sample findings and mitigation plans illustrate how each plan should be listed and described: Finding: Finding: All internet links are serviced by

image text in transcribedimage text in transcribed

The following sample findings and mitigation plans illustrate how each plan should be listed and described: Finding: Finding: All internet links are serviced by a single ISP Risk Exposure: High Mitigation Plan: Contract with at least two different service providers in order to maintain availability in the case of a major ISP failure. Responsible Party(ies): IT Department Record your mitigation plans target dates and responsible parties in the space provided below. Reference the finding numbers and your assessments from Assignment 3: Finding 2: Finding: Network connections from the offshore developers' workstations to the code repository server are not encrypted. Risk Exposure: Target Date: End of Q2 2012 Finding: Finding: Not all backup copies of sensitive data are encrypted Risk Exposure: High Mitigation Plan: All stored sensitive data should be encrypted, including backups on-site and off-site. Responsible Party(ies): IT Department Target Date: Within 30 Days Finding: Finding: Updates to the file server are not tested before implementation Risk Exposure: Moderate Mitigation Plan: Establish a small test environment to verify any new updates before installing them in production. This test environment should mimic the production file server configuration as closely as possible. Establish a roll-back plan for each update made to the production system. Target Date: Within 90 Days Responsible Party(ies): QA Testing Team and System Administrators Mitigation Plan: Target Date: Risk Exposure: Mitigation Plan: Finding: Finding: Router brands and software versions are listed on job postings Risk Exposure: Low Mitigation Plan: In job postings, try to limit infrastructure details and desired competencies to generic platform references or specific industry certifications like CCNA. Include this in security guidelines and employee security awareness training. Target Date: End of Q4 2012 Responsible Party(ies): HR Department and Security Team Responsible Party(ies): Finding 4: Finding: Client data is copied from production servers to this server regularly for QA testing. Target Date: Responsible Party(ies): Finding 6: Finding: No one notifies the Help Desk of terminations for support personnel in order to ensure that their access is disabled. Risk Exposure: Mitigation Plan: Target Date: Responsible Party(ies):

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Project management the managerial process

Authors: Eric W Larson, Clifford F. Gray

5th edition

73403342, 978-0073403342

More Books

Students also viewed these General Management questions

Question

What is earnings per share and how can it be diluted?

Answered: 1 week ago