Information Security Assessment: EZTechMovie
Prior to beginning work on this assignment, read Security Risk Assessment Methodology: How to Conduct a Risk Assessment (Links to an external site.), How to Conduct a Security Assessment (Links to an external site.), The 20 CIS Controls & Resources (Links to an external site.), and Chapter 4: Planning for Security from the course text
Mr. Martin, your esteemed CISO, was extremely happy with the information security gap analysis that you completed in Week 1. In Week 2, you are going to devise a security assessment based upon the controls that you identified in the information security gap analysis.
For this assignment, you will use the Information Security Gap Analysis assignment from Week 1 to list the controls and explain how you will verify each control is working as designed and as required. Be sure to include any vendor recommendations, industry best practices, and so forth. Any format can be used, such as the format used in Assessing Security and Privacy Controls in Federal Information Systems and Organizations: Building Effective Assessment Plans (Links to an external site.), if the criteria listed below is provided.
In your paper,
Devise a security assessment by completing the following:
Summarize how each control from the Week 1 Information Security Gap Analysis assignment should be verified to be sure it is functioning properly and as required.
Attach any documentation that would assist in testing the control.
The Security Assessment paper
Must be three to five double-spaced pages in length (not including title and references pages) and formatted according to APA Style (Links to an external site.) as outlined in the Writing Center’s APA Formatting for Microsoft Word (Links to an external site.) resource.
Must include a separate title page with the following:
Title of paper in bold font
Space should be between title and the rest of the information on the title page.
Student’s name
Name of institution (UAGC)
Course name and number
Instructor’s name
Due date
Must utilize academic voice. See the Academic Voice (Links to an external site.) resource for additional guidance.
Must include an introduction and conclusion paragraph. Your introduction paragraph needs to end with a clear thesis statement that indicates the purpose of your paper.
For assistance on writing Introductions & Conclusions (Links to an external site.) as well as Writing a Thesis Statement (Links to an external site.), refer to the Writing Center resources.
Must use at least five scholarly, peer-reviewed, or credible sources in addition to the course text.
The Scholarly, Peer-Reviewed, and Other Credible Sources (Links to an external site.) table offers additional guidance on appropriate source types. If you have questions about whether a specific source is appropriate for this assignment, please contact your instructor. Your instructor has the final say about the appropriateness of a specific source for this assignment.
To assist you in completing the research required for this assignment, view this Quick and Easy Library Research (Links to an external site.) tutorial, which introduces the UAGC Library and the research process, and provides some library search tips.
Must document any information used from sources in APA Style as outlined in the Writing Center’s APA: Citing Within Your Paper (Links to an external site.) guide.
Must include a separate references page that is formatted according to APA Style as outlined in the Writing Center. See the APA: Formatting Your References List (Links to an external site.) resource in the Writing Center for specifications.
Security Assessment: EZTechMovie
Student’s name
Name of institutions (UAGC)
Course name and number
Instructor’s name
Due data
Security Assessment: EZTechMovie
Introduction
Designing effective security policies, standards, and practices for critical infrastructure involves the identification of three levels of controls that underlie different frameworks, including the PCI-DSS v.3.2. A qualified security assessor (QSA) is to check if an organization complies with these controls, including the management controls, operational controls, and technical controls (Covey, 2015). Furthermore, with verification of controls and security assessment, organizations can be assured that they are compliant with the standards specified in PCI-DSS v.3.2 for handling, storing, and transmitting cardholder data. The PCI Security Standards Council (2018) notes that compliance with PCI DSS is a continuous process and that companies must meet all the requirements, regardless of the sequence in which these controls are implemented. Using the PCI-DSS v.3.2, EZTechMovie’s gap analysis identifies 12 different controls that serve as requirements for verification of proper functionality and meeting expectations. These requirements are critical for securing cardholder data which is stored, processed, and transmitted from EZTechMovie to other organizations and merchants. Ranging from management controls to operational and technical controls, the 12 requirements need to be assessed to ensure that they are functioning as required. PCI Security Standards Council (SSC) has specified six milestones that cybersecurity professionals should consider in ensuring that the controls are functioning properly and as required (PCI SSC, 2016). The first milestone is the removal of sensitive authentication data and the limitation of chances of data retention. The next milestone is to protect networks and systems and ensure that the company is capable of responding to system breaches. Third, EZTechMovie must secure payment card applications, and by doing so, the business will target controls for applications and associated processes, and servers. It is in these areas that hackers exploit vulnerabilities to gain access to cardholder data. The fourth milestone is the monitoring and controlling access to the company systems t control for network access and the security of the cardholder data environment. The fifth milestone is to protect the data that is stored in EZTechMovie’s data center and the last milestone is to finalize the remaining compliance efforts and ensure that all the controls have been implemented as required (PCI SSC, 2016). Verification of these controls specified during the gap analysis requires the security assessment of an organization’s information infrastructure.
Controls that need to be assessed are based on various requirements such as requirements 1 and 2 of installing and maintaining firewall configurations and avoiding the use of vendor-supplied defaults for passwords or other system security parameters (PCI Security Standards Council, 2018). These requirements cover the goal of building and maintaining secure systems and networks. In assessing the security, cybersecurity professionals should ensure that t...
π Other Visitors are Viewing These APA Case Study Samples:
- Report to the COO. Challenges in the Current System4 pages/β1100 words | 4 Sources | APA | IT & Computer Science | Case Study |
- The Pessimistic and Optimistic Currency and the Explicit and Implicit Transactions1 page/β275 words | APA | IT & Computer Science | Case Study |
- IT Science Case Assignment: Data Visualization With Tableau1 page/β275 words | 1 Source | APA | IT & Computer Science | Case Study |
- Nonidentifying and Identifying Relationships Within Databases1 page/β275 words | APA | IT & Computer Science | Case Study |
- The Best Way to Utilize a Stored Procedure in a Relational Database1 page/β275 words | APA | IT & Computer Science | Case Study |
- Why is lopeswrite a valuable tool for students2 pages/β550 words | APA | IT & Computer Science | Case Study |
- Database Management System of Kacynest Testing Agency 10 pages/β2750 words | APA | IT & Computer Science | Case Study |