choose appropriate security controls from the SAN’s 20 critical security controls and choose the remainder of controls
For the scenario below, choose appropriate security controls from the SAN’s 20 critical security controls and choose the remainder of controls that are needed to secure this system from the listing of controls provided from NIST 800-53 rev 4 (see webliography). You will select a total of 10 security controls. List the control by type, mapping them as best as you can to the NIST Control Families (i.e. PE-3, etc. and provide a one sentence description of the function of this control). NOTE: You will address each control in the 20 critical security controls document and determine whether or not the control is appropriate to security the system in the scenario. You will provide a sentence or two on why or why not it should be selected. The 20 critical security controls must be addressed for the scenario but not necessarily selected for the scenario. The rest of the 10 controls you will select can be chosen from the NIST SP 800-53, Rev. 4 controls, from the Access Controls Family (I’ve provided a list, below, however you will review each of the controls in the document provided in Course Content). For example, if you choose two of the twenty SANS controls, you will select eight of the Access controls for a total of ten controls. Scenario: The following illustration shows an example of a public, unsecured Windows Communication Foundation (WCF) client and server. The system is not secure. This is a small business. It is a client/server system. The system is located in an unlocked room within the main building of the business. The business only has two buildings. One building houses all the computer equipment plus the data about their customers. How would you secure this system?
Assessment Matrix
Name:
| SANS Critical Controls | Explain selection rationale | Enter Y for selected and N for not selected |
| Inventory of Authorized and Unauthorized Devices | Y | |
| Inventory of Authorized and Unauthorized Software | ||
| Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers | Y | |
| Continuous Vulnerability Assessment and Remediation | Y | |
| Malware Defenses | Y | |
| Application Software Security | ||
| Wireless Access Control | ||
| Data Recovery Capability | ||
| Security Skills Assessment and Appropriate Training to Fill Gaps | ||
| Secure Configurations for Network Devices such as Firewalls, Routers, and Switches | ||
| Limitation and Control of Network Ports, Protocols, and Services | ||
| Controlled Use of Administrative Privileges | ||
| Boundary Defense | ||
| Maintenance, Monitoring, and Analysis of Audit Logs | ||
| Controlled Access Based on the Need to Know | ||
| Account Monitoring and Control | ||
| Data Protection | Y | |
| Incident Response and Management | Y | |
| Secure Network Engineering | ||
| Penetration Tests and Red Team Exercises |
Security Control Assessment
| Name of Control | Purpose |
| Access Control Policy and Procedure | |
| Account Management | |
| Least Privilege | |
| Data Protection | |
| Inventory of authorized and unauthorized devices | |
| Continuous Vulnerability Assessment and Remediation | |
| Incident Response and Management | |
| Secure Configurations for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers | |
| Malware Defense | |
LOOKING FOR THIS ASSIGNMENT OR A SIMILAR ONE? WE HAVE HAD A GOOD SUCCESS RATE ON THIS PAPER! ORDER WITH US TODAY FOR QUALITY WORK AND GET A DISCOUNT!
Disclaimer:
All types of paper that Discount Writers provides is only for the purpose of assistance! No text, paper, assignment, discussion would be similar with another student therefore guaranteeing Uniqueness and can be used with proper references only!
More tools: Better Grades: Choose your Homework Help:
Assignment Help: We would write your papers according to the instructions provided and guarantee you timely work
Entire Online Class Help: We are here for you and we would do your entire Class work from discussions, assignments, Replies, Exams and Quizzes at a Cost
Exam/ Quiz Help: We have a team of writers who specialize on exams from any specific field and we would give you an A+ Grade!
