Fill in Order Details

  • Submit paper details for free using our simple order form

Make Payment Securely

  • Add funds to your account. There are no upfront payments. The writer will only be paid once you have approved your paper

Writing Process

  • The best qualified expert writer is assigned to work on your order
  • Your paper is written to standard and delivered as per your instructions

Download your paper

  • Download the completed paper from your online account or your email
  • You can request a plagiarism and quality report along with your paper

worksheet 4 lan wan compliance and auditing 3

Week 7

Worksheet 4: LAN/WAN Compliance and Auditing

Course Learning Outcome(s)

  • Analyze information security systems compliance requirements within the Workstation and LAN Domains.
  • Design and implement ISS compliance within the LAN-to-WAN and WAN domains with an appropriate framework.

As auditors, we presume that no data produced on a computer is 100% secure regardless of whether it’s a standalone device or connected to a local area network (LAN) or a wide area network (WAN). Organizations implement controls, which are developed and implemented based on regulations and best security practices. Security is implemented throughout an organizations enterprise – from the host the user sits and throughout the devices data traverses or is stored. Here’s an example of a basic enterprise and the security controls that may be implemented. Remember, controls can be physical or logical devices, software or encryption.

Host – A host is a computer, tablet or other device that a user interfaces with to perform a function. The device you’re reading this on is a host. The security controls that could be implemented onto a host include a Host Based Intrusion Detection Systems (HIDS), Host Based Intrusion Prevention System (HIPS), a software Firewall, and Antivirus protection. Policy controls implemented on a host include Role Based Access Control (RBAC), Discretionary Access Control (DAC), Mandatory Access Control (MAC), Login requirements, lockout settings and others that restrict what a user can and can’t do while logged into a host and software to manage (allow and deny) policies electronically (ePo).

Local Area Network – Think of a LAN as an internal network used by an organization that allows user to execute functions using various applications and storage while also having the ability to connect to other organizations using the Internet or Virtual Private Networks (VPN’s). A host connects to a switch and data is routed to a router where it either access systems on the LAN or to a router where it’s going to exchange data with another LAN or WAN. The devices that comprise a LAN and WAN are similar with a difference in that a WAN is built to a much larger scale. As stated, in a network, there are many devices, servers, switches, routers, storage, Call Managers (for VoIP communications), firewalls, web content filters, security appliances that manage Network Intrusion Detection Systems (NIDS), Network Intrusion Prevention Systems (NIPS) and other organization unique systems.

Often as a cost savings measure, services such as security, web content filtering, storage, IP telephony, Software licensing (SaaS) and others can be outsourced to a third party vendor. An agreement is made between the organization and the vendor on the expected requirements and documented in the contract. These requirements are known as Service Level Agreements (SLA).At no point does an organization relieve itself of regulatory requirements for data protection by contracting it out to a third party or organization external to itself. Regulatory controls must be incorporated into the SLA’s and audited by the company contracting services out to ensure compliance. Repercussions for not meeting SLA requirements should also be included in the SLA.

Read the scenario below and complete the associated worksheet.

Tidewater LLC is an organization that produces and sells apparel for men, women and children online. The company has grown 70% over the past 2 years and is building a new facility to support the continued growth. All current services with the exception of managing their website are hosted by various third party vendors. Because of the growth, the leadership within the organization has not been able to validate compliance of the SLA’s and feel that the vendors do not have the best interest of Tidewater LLC in mind. Currently, there is a CIO and web developer acting as the IT staff.

Tidewater LLC is in the process of recovering all IT services into the server facility being housed in their new facility. Tidewater LLC wishes establish and staff an IT department with a system administrator, network administrator, two general technicians, cyber security specialist and a full time system auditor.

The new office is a 2000sqft open office with the server room located in an adjacent room. Hardware supporting the organizations IT services include 100 desktop computers supporting the staff, network switches, routers, a firewall, Maciffy Security Appliance to provide intrusion detection, prevention and antivirus protection, Network Attached Storage (NAS) for users to have a home drive as well as a shared networked drive for collaboration and sharing, an IIS server for website management and a call manager for VoIP. Wi-Fi access points will be added as the network installation progresses. Email will be managed by an exchange server. The only service outsourced is a100mbps connection for Internet and VPN’s between the organization and its suppliers.

Current employees are assigned desk with computer. There are no prerequisite requirements such as training for users to have accounts created. All data is stored by a third party vendor in a shared environment. No controls are implemented to prevent any user from accessing any other user’s files or folders.

You’ve been retained as an organizations auditor and your first task is to determine what controls need to be implemented so that the organization achieves a high level of sustained security and compliance. Utilizing the NIST 800-53A, develop a control sheet that the organization should implement and will not impede with the organization’s mission. This control sheet should encompass controls that apply to the users and systems within the organization. You will brief these controls to the CEO and CIO and explain why you choose these controls and any impact it will have to the organization.

From the Access Control (AC) family of the NIST 800-53A, select three controls you would recommend be implemented.

Control

Definition

Why Chosen

From the Security Awareness and Training Policy and Procedures (AT) of the NIST 800-53A, select three controls you would recommend be implemented.

Control

Definition

Why Chosen

From the Audit and Control (AU) section of the NIST 800-53A, select three controls you would recommend be implemented.

Control

Definition

Why Chosen

From the Configuration Management (CM) section of the NIST 800-53A, select four controls you would recommend be implemented.

Control

Definition

Why Chosen

From the Security Assessment and Authorization (CA) section of the NIST 800-53A, select three controls you would recommend be implemented.

Control

Definition

Why Chosen

From the Contingency Planning (CP) section of the NIST 800-53A, select two controls you would recommend be implemented.

Control

Definition

Why Chosen

From the Identification and Authentication Policy and Procedures (IA) section of the NIST 800-53A, select three controls you would recommend be implemented.

Control

Definition

Why Chosen

WHAT OUR CURRENT CUSTOMERS SAY

  • Google Rating
  • Sitejabber
  • Trustpilot
Zahraa S
Zahraa S
Absolutely spot on. I have had the best experience with Elite Academic Research and all my work have scored highly. Thank you for your professionalism and using expert writers with vast and outstanding knowledge in their fields. I highly recommend any day and time.
Stuart L
Stuart L
Thanks for keeping me sane for getting everything out of the way, I’ve been stuck working more than full time and balancing the rest but I’m glad you’ve been ensuring my school work is taken care of. I'll recommend Elite Academic Research to anyone who seeks quality academic help, thank you so much!
Mindi D
Mindi D
Brilliant writers and awesome support team. You can tell by the depth of research and the quality of work delivered that the writers care deeply about delivering that perfect grade.
Samuel Y
Samuel Y
I really appreciate the work all your amazing writers do to ensure that my papers are always delivered on time and always of the highest quality. I was at a crossroads last semester and I almost dropped out of school because of the many issues that were bombarding but I am glad a friend referred me to you guys. You came up big for me and continue to do so. I just wish I knew about your services earlier.
Cindy L
Cindy L
You can't fault the paper quality and speed of delivery. I have been using these guys for the past 3 years and I not even once have they ever failed me. They deliver properly researched papers way ahead of time. Each time I think I have had the best their professional writers surprise me with even better quality work. Elite Academic Research is a true Gem among essay writing companies.
Got an A and plagiarism percent was less than 10%! Thanks!

ORDER NOW

Consider Your Assignments Done

“All my friends and I are getting help from eliteacademicresearch. It’s every college student’s best kept secret!”

Jermaine Byrant
BSN

“I was apprehensive at first. But I must say it was a great experience and well worth the price. I got an A!”

Nicole Johnson
Finance & Economics

Our Top Experts

————-

See Why Our Clients Hire Us Again And Again!


OVER
10.3k
Reviews

RATING
4.89/5
Avg Rating

YEARS
12
Experience

Elite Academic Research Promises You:


Always on Time

If we are a minute late, the work is on us – it’s free!

Plagiarism-free

If the work we produce contains plagiarism we’ll pay out a £5,000 guarantee.

Quality

Providing quality work is core to our beliefs, which is why we will strive to give you exactly that, and more!

Written to Standard

All of our assignments go through a stringent quality checking process from start to finish.

Success Guarantee

When you order form the best, some of your greatest problems as a student are solved!

Reliable

Professional

Affordable

Quick

Using this writing service is legal and is not prohibited by any law, university or college policies. Services of Elite Academic Research are provided for research and study purposes only with the intent to help students improve their writing and academic experience. We do not condone or encourage cheating, academic dishonesty, or any form of plagiarism. Our original, plagiarism-free, zero-AI expert samples should only be used as references. It is your responsibility to cite any outside sources appropriately. This service will be useful for students looking for quick, reliable, and efficient online class-help on a variety of topics.