-------------------------------------------------
Week 5 Laboratory: Part 1

Part 1: Assess and Audit an Existing IT Security Policy Framework Definition

Learning Objectives and Outcomes
Upon completing this lab, students will be able to complete the following tasks: * Identify risks, threats, and vulnerabilities in the 7 domains of a typical IT infrastructure * Review existing IT security policies as part of a policy framework definition * Align IT security policies throughout the 7 domains of a typical IT infrastructure as part of a layered security strategy * Identify gaps in the IT security policy framework definition * Recommend other IT security policies that can help mitigate all known risks, threats, and vulnerabilities throughout the 7 domains of a typical IT infrastructure

Week 5 Lab Part 1: Assessment Worksheet (PART A)

Sample IT Security Policy Framework Definition

Overview

Given the following IT security policy framework definition, specify which policy probably can cover the identified risk, threat, or vulnerability. If there is none, then identify that as a gap. Insert your recommendation for an IT security policy that can eliminate the gap.

Risk – Threat – Vulnerability | IT Security Policy Definition | Unauthorized access from pubic Internet | Acceptable use policy | User destroys data in application and deletes all files | Backup Recovery Policy | Hacker penetrates your IT infrastructure and gains access to your internal network | Threat Assessment & Management Policy | Intra-office employee romance gone bad | Acceptable use Policy | Fire destroys primary data center | Disaster Recovery Policy | Communication circuit outages | Asset management Policy | Workstation OS has a known software vulnerability | Threat Assessment & Management Policy | Unauthorized access to