Security Analysis And Policy Development
The purpose of this assignment is to implement vulnerability and risk assessment techniques to justify implementation and enforcement of security policies.
For this assignment you will need to install the Belarc Advisor by going to the Belarc website and following the instructions provided in the “Belarc Installation, Saving, and Uploading Instructions” resource. Instructions for saving and uploading the assignment files are also included in this document. In step 10 you will complete a local system scan of your computer.
Note: If your computer utilizes an operating system other than Windows 7, Vista, or XP Pro, you will need to use the “Summary” file to complete the topic assignment rather than the local system scan outlined in step 10 of the “Belarc Installation, Saving, and Uploading Instructions.”
Use the results of the local system scan to compose a 300-word paper that discusses each section’s role in securing or protecting the scanned system. Expand each section to identify how the system passed or failed the various policies. For each section, address the following:
Identify the section and explain why the system passed or failed.
Explain the risks identified from the results.
Discuss how a threat could exploit the risks and impact the system.
Explain how the failed policies can be solved.
Using the “Risk Assessment Template,” list 20 risks in the “Risk” column. The risks should be failed items from the Belarc Advisor results. Complete the remaining spreadsheet columns for each identified risk. The spreadsheet must include the following:
Risk Title: Obtained from the Belarc Advisor report.
Description: Summarize the information obtained from the Belarc Advisor report hyperlink (pop-up window).
Vulnerability: Explain the vulnerability associated with this risk.
Threat: Identify potential threats that can exploit this vulnerability.
Current Safeguards: Identify if any policies or best practices are in place to reduce the likelihood the threat will be successful.
Impact: Describe the impact if threat is successful.
Severity: Measure the overall severity of the exploitation or impact.
Likelihood: Measure the likelihood a threat will be successful.
Risk Value: Measure the overall value of the risk (low = no real value is exploited; medium = dangerous if exploited; high = extremely grave if exploited).
Submit the 300-word paper, Belarc Advisor results (.xps or .pdf), and completed “Risk Assessment Template.”
Prepare this assignment according to the guidelines found in the APA Style Guide, located in the Student Success Center. An abstract is not required.
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are not required to submit this assignment to LopesWrite.
This benchmark assignment assesses the following programmatic competencies:
MS Information Technology Management
1.5: Evaluate system risks, threats, and vulnerabilities and practices and processes to ensure the safety and security of business information systems.
MS Information Assurance and Cybersecurity
3.2: Evaluate system risks, threats, and vulnerabilities and practices and processes to ensure the safety and security of business information systems.