Purchase Solution

Security evaluation

Not what you're looking for?

Ask Custom Question

I need to fill out a site security evaluation on an existing business. I can't find a sample to work off of. Our instructor said we can find case studies online, but I have not been able to find any.
I have attached the evaluation form and would appreciate any guidance.

Attachments
Purchase this Solution
Solution Summary

Steps in the security evaluation process

Solution Preview

i HOPE THIS WILL GUIDE YOU AS YOU FILL OUT YOUR TEMPLATE
{BrieExecutive Summary
Briefly describe the activities of the assessment.
Talk about the importance of information security at the client organization.
Discuss security efforts that the organization has under taken.
Highlight three major security issues discovered that could significantly impact the operations of the organization.
Top-Ten List
A top-ten list is used to highlight the ten most urgent issues discovered during an assessment. Clients unfamiliar with security may be overwhelmed by a long list of problems. Putting the major issues together may allow the client to easily focus efforts on these problems first.
The list below contains the "top ten" findings, weaknesses, or vulnerabilities discovered during the site security assessment. Some of the issues listed here are coalesced from more than one section of the assessment report findings. Additional information about each is provided elsewhere in the report.
It is recommended that these be evaluated and addressed as soon as possible. These should be considered significant and may impact the operations of the {CLIENT ORGANIZATION}.
1. Information Security Policy
An information security policy is the primary guide for the implementation of all security measures. There is no formal policy specific to the {CLIENT ORGANIZATION}.
Recommendation: Develop an information security policy that specifically addresses the needs of the {CLIENT ORGANIZATION} and its mission. Use that policy as a basis for an effective security program.
2. {Security Issue #2}
{Brif description of Security Issue #8}
Recommendation: {Brief list of recommendations for Security Issue #8}
9. {Security Issue #9}
{Brief description of Security Issue #9}
Recommendation: {Brief list of recommendations for Security Issue #9}
10. {Security Issue #10}
{Brief description of Security Issue #10}
Recommendation: {Brief list of recommendations for Security Issue #10}

Introduction
Provide an overview of the report.
Scope
The scope is the boundaries of the project. It is used to describe the on-site activities.
Project Scope
In Scope
The following activities are within the scope of this project:
? Interviews with key staff members in charge of policy, administration, day-to-day operations, system administration, network management, and facilities management.
? A Visual Walk Through of the facilities with administrative and facilities personnel to assess physical security.
? A series of Network Scans to enumerate addressable devices and to assess each systems available network services. (These Scans will be conducted from within each center's network and from the outside.)
? A configuration and security assessment of at most ten key systems at each center.
Out of Scope
The following activities are NOT part of this security assessment:
? Penetration Testing of systems, networks, buildings, laboratories or facilities.
? Social Engineering to acquire sensitive information from staff members.
? Testing Disaster Recovery Plans, Business Continuity Plans, or Emergency Response Plans.
Site Activities Schedule
List the site activities.
First Day
Second Day
Third Day

Background Information
Use this section to talk about any relevant background information.
{CLIENT ORGANIZATION}
Describe the client organization.

Asset Identification
Describe the process of asset identification.
Assets of the {CLIENT ORGANIZATION}
The following lists document some of the {CLIENT ORGANIZATION} tangible and intangible assets. It should not be considered a complete and detailed list but should be used as a basis for further thought and discussion to identify assets.

Tangible Assets
? {List tangible assets.}

Intangible Assets
? {List intangible assets.}

Each item on these lists also has value associated with it. Each item's relative value changes over time. In order to determine the current value, it is often best to think in terms of recovery costs. What would it cost to restore or replace this asset in terms of time, effort, and money?
Threat Assessment
Describe the process of threat assessment.
Threats to the {CLIENT ORGANIZATION}
The following lists document some of the known threats to the {CLIENT ORGANIZATION}. It should not be considered a complete and detailed list but should be used to as a basis for further thought and discussion to identify threats.

Natural Threats
? {List Natural Threats.}

Intentional Threats
? {List Intentional Threats.}

Unintentional Threats
? {List Unintentional Threats.}

Laws, Regulations and Policy
Talk about the role of laws, regulation, and policy on the client organization.
Federal Law and Regulation
Outline federal laws and regulation that impact the client organization.
{CLIENT ORGANIZATION} Policy
Talk about the current policy at the ...

Purchase this Solution
Free BrainMass Quizzes
Understanding the Accounting Equation

These 10 questions help a new student of accounting to understand the basic premise of accounting and how it is applied to the business world.

Accounting: Statement of Cash flows

This quiz tests your knowledge of the components of the statements of cash flows and the methods used to determine cash flows.

Paradigms and Frameworks of Management Research

This quiz evaluates your understanding of the paradigm-based and epistimological frameworks of research. It is intended for advanced students.

Organizational Behavior (OB)

The organizational behavior (OB) quiz will help you better understand organizational behavior through the lens of managers including workforce diversity.

Operations Management

This quiz tests a student's knowledge about Operations Management

View More Free Quizzes
Related BrainMass Solutions

  • Trusted Computer Security Evaluation Criteria

    How does the CC differ from the Trusted Computer Security Evaluation Criteria and the Information Technology Security Evaluation Criteria?

  • Importance of Common Criteria for commercial products.

    As per images.com "The Common Criteria, an internationally approved set of security standards, provides a clear and reliable evaluation of the security capabilities of Information Technology products."

  • The Effects of HIPAA Regulations

    However, there is also an Evaluation Standard in the HIPAA Security Regulation, where the Evaluation Program ensures that the covered entity appropriately maintains its security policies, procedures and technical safeguards.

  • Security Evaluation and Implementation Plan

    487926 Security Evaluation and Implementation Plan Prepare an evaluation plan of implemented telehealth security measures for delivery of health care information between patient and provider.

  • Computer security checklist

    Security checklist contains the following terms like review of policy and procedures, diffusion testing from external and internal network, network device evaluation, topology evaluation, application evaluation, and server evaluation (Rahardjo, Triwidada

  • Department of Homeland Security

    The factors for managing infrastructure include risk assessment, evaluation of vulnerabilities, cyber incident response and to promote cyber security awareness, within government and the private business community.

  • information security

    Evaluation of various aspects of the article: The article starts with a layman definition of information security in an organization.

  • bioterrorism, counterfeit, and tamper-evident packaging defenses

    security.

  • Social Security Administration

    606369 Social Security Administration Provide 5-6 pages!

  • A hazard assessment

    In the accreditation of schools, the evaluation area on facilities and infrastructure are in the top list of priorities. In my experience as a school administrator, schools that fail in the area of security and safety, may also fail the evaluation.

View More Related Solutions