Al ASAAS’s chief technology officer (CTO) established a plan to mitigate risks,

Question

Al ASAAS’s chief technology officer (CTO) established a plan to mitigate risks, threats, and vulnerabilities. As part of the mitigation plan, you and your team members will configure baseline security controls on all workstations (harden the systems), which run either Windows 7 or Windows 10. For this effort, you will ensure that the antivirus software is running properly and implement a control related to password-hacking attempts.

In addition, Al ASAAS’s CTO has asked your team to pay special consideration to continuously monitoring, testing, and improving countermeasures. The CTO points out that within the first 24 hours of configuring baseline security, you may sometimes receive alerts that malware has been quarantined within an antivirus program or notice a failed logon attempt captured by the Windows audit log. In response, you make a note to check the security of the workstation for which you will configure baseline security.

The CTO also requests a report on the work you performed, part of which will be incorporated into the company's IT security policy procedures. The report should also include the purposes of system hardening and auditing, and an additional area of concern or emerging trend related to information systems security that's relevant to Al ASAAS.

1-Explain the purposes of system hardening and auditing in terms of the company’s goal of maintaining information systems security. Also describe an additional area of concern or an emerging trend related to information systems security that you think warrants the company’s attention in the immediate future.

Explanation / Answer

To Maintain the company Information Security There should be strict Policy and Procedure need to implement . the main goal or Purpose of System Hardening is to eliminate As many Security Risks as possible and Make the company System Robust.In Modern Computer Most of the computer Offers Network Security feature using that One can limit the outside Access to the system.

Coming to the point , CTO Request the Work you Performed

We have already Implemented the Antivirus Software Service So that Software can block the Access of malicious Software ,this is the work has been Performed But Still Computer Systems are vulnerable To outside Access for That We Need to do System Hardening that can help to Minimize the Security vulnerabilities.So for System hardening And Auditing that can be achieved by Removing all the not used Software or those Software which Require Permission to Senstive data . In Some Case System hardening Can Cause Removal of Those Software which offers various Feature that are Useful in Activities But These Software may Harm . So while Creating the Policy for Information Security Goal Company Should Block access of these harmful Software.So Basic System Hardening can be acheived by Removing Non essential Software or those Software which are Having Access to Senstive data or Location . But Advance System hardening can be achived by Reformatting the Hard Disk and Memory Sourses and Reinstall only Those Software Which are required to make system Functional.

So A Comapny Should Preapre a Strict policy which Should be followed , Policy Should be Given details of Those Software which may Cause Information Loss and Should Block the access of Those SOftware . Should Have Timely System hardening and Auditing of Sytem.

I Have desribed the Purpose Of System hardening And Auditing, Company Approach to Secure Information and Area of Concern.

In case of any query and Doubt Regarding problem Please let Me know in comments i will be happy to help you thanks.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.