USING A METHODOLOGY TO SECURE INFRASTRUCTURE Worksheet: Infrastructure Security A methodology is a known set of steps you can take to achieve some objective. You use methodologies all day, perhaps without realizing it. Every time you make eggs for breakfast, drive your car, or create an online account, you are using a methodology. In this assignment you will use proven, industry-sanctioned methodology to analyze infrastructure security. This area of cybersecurity relates to how critical systems remain safe by regulating access to facilities, assets, installations, and deployments. WHAT TO DO Here's a checklist to help you complete this worksheet. Study The Background. Please read chapters 1 through 5 of your textbook Cybersecurity Essentials including APPENDIX C (the NIST Cybersecurity Framework on page 715). You'll need to be comfortable navigating the NIST framework taxonomy. Review The Summary Points. On page 97 of your book there is a summary of jargon, processes, and concepts that will help you with worksheet questions. Feel Free To Google-Fu. Some questions may require online research. This is fine, but don't paste in material you find online; write with your own words. Answer The Worksheet Questions Below. Please complete the questions in this worksheet (not the ones in the book). Remember that spelling, grammar, and sentence structure all matter. If English is not your first language feel free to take advantage of online grammar support tools. Submit Your Work. Please use the Bright Answers online form to collect your work. WORKSHEET QUESTIONS Course Code: CYESN Worksheet Code: ASSIGNMENT1 Q1. What are the recognized NIST functions used to complete a risk assessment for infrastructure security? a) Detect, Prevent, Ensure, Recover, Repeat b) Recover, Detect, Protect, Identify, Respond c) Protect, Reverse, Identify, Lockdown, Ensure d) Respond, Detect, Recover, Identify, Document e) Investigate, Report, Repeat, Document Q2. To which function does the category "Data Security" belong in the NIST framework? a) Data Security is not a NIST category b) Document c) Identify d) Protect Q3. Which of the following describes the NIST subcategory RS.AN-1? a) Analysis is conducted to ensure adequate response and support recovery activities. b) The impact of the incident is understood. c) Notifications from detection systems are investigated. d) Threats, both internal and external, are identified and documented. Q4. What are two major concerns associated with storing video surveillance information from a large private-sector enterprise? a) It can be expensive to store large volumes of surveillance data. b) Employees have a right to privacy in their workplace. c) The enterprise will need a retention policy for video surveillance data. d) Facial recognition software is not always legal. Q5. If you had to design lighting for a server farm that was 20 x 40 meters and you wanted a 500 lux illuminance level, how many 2000 lumen bulbs would you need? You can assume all the light from the bulbs reaches the floor. a) 500 b) 400000 c) 1334 d) 200 Q6. A person is moving in the normal field of view of a PIR sensor. Which of the following barriers will prevent the sensor from detecting the person's motion? a) Glass b) Metal c) Plexiglass (acrylic sheet) d) All of the above Q7. Which of the following is NOT a biometric authentication method suitable to authenticate users at a facility entry point? a) DNA swabber b) Facial recognition scanner c) Fingerprint reader d) Retina scanner Q8. Why do security controllers require a fixed resistor (typically 2000 ohms) wired across normally open zone switches? a) To prevent false alarms b) To prevent missed alarms c) To reduce power consumption d) To allow easier programming Q9. [use "text" answer] In the floorplan above, the southwest corner office contains a server that holds sensitive engineering information about the company's designs. Writing clearly, please identify at least one threat to which this server is vulnerable. Q10. [use "text" answer] If you only had budget for four security cameras, where would you place them in/around the office layout above? Assuming the DVR was with the server in the southwest corner office, would you choose wireless or wired cameras? HOW TO GET TOP MARKS Read questions carefully; do online research as necessary; write clearly where required; avoid submitting incomplete or superficial work; don't plagiarize; follow submission guidelines properly and submit on time!