For this final paper, I am to assemble the executive reports for which I have completed over the last 5 weeks and combine them into one final report. These reports will consist of:
- The two auditing frameworks or hardening guidelines / security checklists used by the DoD.
- How a security assessment addressing modern day risks, threats, and vulnerabilities throughout the 7-domains of a typical IT infrastructure can help an organization achieve compliance.
- How to gather and obtain needed information to perform a GLBA Financial Privacy & Safeguards Rules compliance audit and what must be covered.
- The top workstation domain risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to prevent these issues from happening.
- The top LAN – to – WAN risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to how we can prevent these issues from happening.
- The top Remote Access Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues.
- The top Systems / Application Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues.
The purpose of part 1 for this lab is to develop an executive summary in regards to either the two auditing frameworks or hardening guidelines/security checklists used by the DoD. For this, I have chosen to discuss the two auditing frameworks.
A little background about the AF (Auditing Framework) for the DoD is that it provides a foundation for developing and representing descriptions that ensure a common denominator for understanding, comparing, and integration across organizational, joint, and multinational boundaries. All U.S. DoD weapons and information technology system acquisitions are required to develop and document an…...