Complete a risk assessment and a threat vulnerability profile for an internet an

Question

Complete a risk assessment and a threat vulnerability profile for an internet and intranet web site. Complete a threat-vulnerability-asset worksheet. This is a small business firm that uses open source and Windows 7/8/10 and Windows Server 2012. Windows is used for the desktops and server. The firewall and network use PFsense as the vendor. Assume 1 windows server, 1 PFsense router, and 1 PFsense firewall. And 3 desktops for the staff.

RE: Risk IT Framework for Management of IT Related Business Risk: http://www.isaca.org/Knowledge-Center/Risk-IT-IT-Risk-Management/Pages/default.aspx

IT Asset Management: http://searchcio.techtarget.com/definition/IT-asset-management-information-technology-asset-management

Microsoft: https://technet.microsoft.com/en-us/library/cc958343.aspx

Explanation / Answer

vulnerbility analysis :

-> Check whether Antivirus for Windows 7/8/10/2012 is updated or old.

-> The virus definitions and updates should be centrally deployed and distributed to individual machines.

-> Each machine Network analysis should close any ports/services that are not required by business.

-> The Firwall should also be checked for any un-required ports/services and port-forwards.

-> Do complete system scan to check for root-kits on each machine.

-> Linux machines should have their logs rotated and analysed for any threats and un-required services shut down.

-> The router should be configured to stop SYN acttacks and detect DoS DDoS.

-> The Intranet website should be password protected and not accessible from public internet outside the gateway.

-> New destops should be added to network after complete virus scans and threat removal.

-> Access to various vulnerable sites should be blocked at the individual as well as router        level.

Related Questions

Navigate

• Browse (All)
• Browse C
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.