The review will continue with the hypothetical (but real-world) scenario of Ken 7 Windows Limited which we utilized in earlier Real-World Exercises. Ken 7 Windows Limited's new enterprise resource planning (ERP) software expands the size and scope of their computing environment, and this expanded infrastructure means more computers and more users. This larger, more complex environment requires a more formal approach, so you will utilize the Plan-Do-Check-Act cycle to help organize your efforts. In this activity, you will consider a list of security administration tasks, then identify which phase of the Plan-Do-Check-Act cycle it belongs to. As part of this process, you will explore why the task belongs to the phase you chose and determine how each task makes your environment more secure.

Scenario Information:

For this real-world exercise, we are continuing with the hypothetical scenario from Ken 7 Windows Limited. The Ken 7 Windows Limited new enterprise resource planning (ERP) software expands the size and scope of the Ken 7 Windows Limited computing environment. The new infrastructure means more computers and more users. You know that the process of administering a larger, more complex environment requires a more formal approach. You have decided to implement the Plan-Do-Check-Act cycle to help organize your efforts.

To prepare for this activity, consider the list of security administration tasks below:

1. Write password policy to enforce complex passwords.
2. Identify settings that have changed for a specific computer by analyzing the output of a baseline comparison, then list settings that should be changed.
3. Use Microsoft baseline security analyzer (MBSA) to scan for current software versions.
4. Lock the door to the data center.
5. Use a packet sniffer to see if network traffic is encrypted.
6. Develop daily server backup procedures.
7. Apply software security patches.
8. Update antivirus signature databases.
9. Monitor log files.

Instructions

1. Using MS Word, develop a report in which you consider the list of security administration tasks provided and evaluate them in light of the Plan-Do-Check-Act cycle. Consider the list of security administration tasks outlined in the Background Information section. Then do the following:
   1. After each task, tell which phase of the Plan-Do-Check-Act cycle it belongs to.
   2. Briefly describe why the task belongs to the phase you chose and how each task makes your environment more secure.
•