Mgs 101 It And Management:Disa Assessment Answers

Questions:

Using your own words, please complete ALL of the following questions:

1. From the DISA training and Cyber Protect simulation, please share what you learned from the experience. In your opinion, what does this simulation tool teach people with respect to budget, technology, and our goals for information security? Please share what your strategies were and what your best scores were.

2. From the AO training, what did you learn about the importance of the role and its responsibilities?

3. In Chapter 8, we reviewed 3 forms of Access Control mechanisms. What are those three types and how are each one different?

4. In many chapters, we discussed the Risk Management Framework (RMF). List each phase and describe what happens in each phase. With its cyclical design, what does the RMF hope to reinforce with information security officers?

5. In Chapter 9, we discussed baseline and benchmarking. Describe both and compare how they are similar and how they are different.

6. We discussed the BIA in Contingency Planning and Risk Assessments. What is the BIA and what is its importance in the planning process?

7. In Chapter 10, we reviewed both Business Continuity and Disaster Recovery planning. Are these synonymous or are they different? Describe and compare these two and highlight their differences (if any).

8. In Chapter 12, we discussed two forms of Intrusion Detection. What are two forms and how are they different? Are they competing or complimentary technologies?

9. In Chapter 12, we discussed different firewall architectures. Compare two (2) architectures to demonstrate your understanding.

10. In Chapter 12, we discussed different physical firewall devices. Compare two (2) different types to demonstrate your understanding.

Answers:

1.

The DISA training and the simulation tool which helps in understanding the securities associated with the information systems. The risks associated with the information systems are discussed in the training sessions. Budget is a huge issue for maintaining the security of the information systems as there is a need of huge initial financial investment. The functional and technical training helped in understanding the technologies associated with Joint deployment training center (Whitman & Mattord, 2013). The training session helped in understanding the importance of the joint deployment, situational awareness. The different aspects of administration in terms of the security measures was discussed in the training. The strategies that were selected for the training was to understand the different constraints associated with the simulation tool so that the understandings can be applied in real situations.

2.

The role and responsibilities of the authorizing official is very much important for the operations of the information systems. The different risks associated with the information systems are properly managed with the help of the authorizing officials. The assets associated with the information systems are managed with the help of the authorizing officials, the stakeholders associated with the information systems also falls under the category of the authorizing officials. The AO training was important to understand the importance of the strategic risk management, the policies associated with the information systems was understood with the help of this training session. The different types of risks and risk management tool was understood with the help of this training. The core competencies of the system and application security was also an important aspect of the training.

3.

The different types of Access Control Mechanism are as followings:

Discretionary Access Control: It is defined as the type of access control which helps in restricting the objects considering the true identity of the subject. Permissions are required in every stage of the mechanism; the controls are fully discretionary in this type of access mechanism.
Mandatory Access Control: It is defined as the type of access control where the Operating System plays a huge role, it helps in controlling the ability of the subjects according to the target. The main targets of this kind of access control are the files, directories, IO devices, and the TCP/UDP ports. This category of MAC has multi-level security, unlike the other categories.
Role-Based Access Control Technology: It is defined as the type of access control which helps in restricting the entry of unauthorized users in the system. This type of access control technology is generally used in the bigger organization unlike the above-discussed categories of access control. This category of access model is more flexible than the other access controls.

4.

There are different phases present in the Risk Management Framework such as the followings:

Categorize: The essential information about the system can be transmitted, processed and stored which will help in categorizing the risks involved with the systems.
Select: Baseline security control must be selected based on the first step. Assessments of the risks is done with the help of this step of the framework.
Implement: The security protocols must be properly implemented in the system.
Access: The access of the security controls should be restricted only to selected admins of the organization.
Authorize: Different types of operations of the systems should be professionally authorized so that the future probable risks associated with the organization can be minimized.
Monitor: The security controls of the system should be properly monitored so that the effectiveness of the framework is maintained.

The discussed cyclical design helps in understanding the information security officers can understand the amount of threat which still persists in the system even after all the preventive measures, amount of vulnerability which is reduced by the safeguards, risks which are not covered by the framework and value of the assets of the system considering the security threats.

5.

Baseline is defined as the type of measurement at a given point of time and Benchmarking is defined as the type of measurement which compares the entity with the industrial standards.

	Baseline	Benchmarking
Similarity	It is a type of strategic planning. Known configurations is used in this category.	It is also a type of strategic planning. Unknown category are used in the benchmarking.
Difference	It only considers the entity which is selected for planning.	It considers the industry standards which is more useful as compared with the baseline.

Table 1: Difference and similarity of bench making and baseline

(Source: Created by the author)

6.

It is defined as the type of analysis technique used in the business processes for the identification of the critical aspects of the business. The nature and impact of the critical aspects are analyzed with the help of the Business Impact Analysis. The recovery strategies are identified with the help of BIA.

In planning process BIA is very much useful to understand the potentials risks associated with the business (Whitman & Mattord, 2011). The risks and the challenges of the business can be identified with the help of the involvement of BIA in planning process.

7.

Based on the discussion in chapter 10, it can be said that the business continuity and disaster recovery planning are not different from each other.

Business Continuity	Disaster Recovery planning
It is defined as the ability of an organization to maintain their normal procedures during and after a disaster.	It is defined as the type of documented process which is useful in the protection of the assets of an organization from potential disasters.
Any kind of emergency threats such as fire can be tackled effectively with the help of the business continuity.	Bigger hazards are considered to find the effectiveness of this type of planning.
It deals with the non-technical aspects of the organization.	It deals with the technical aspects of the organization such as physical assets.

Table 2: Comparison between Business Continuity and Disaster Recovery planning

(Source: Created by the author)

8.

Based on the discussions it can be found that the two forms of intrusion detection such as the followings:

Signature-based IDPS
Anomaly-based IDPS

Signature-based IDPS	Anomaly-based IDPS
Specific patterns are considered in this technique such as byte sequences.	Both computer and network can be secured with the help of this system.
Identifies the presence of malware with matching bytecode of the software with the signature of the malicious program.	It monitors the system activities and classifies them as anomalous or not.

Table 3: Difference between Signature based IDPS and Anomaly-based IDPS

(Source: Created by the author)

Both the discussed technologies are competing technologies and are very much useful for the detection of the malicious activities.

9.

Based on the discussions in chapter 12 the comparison between the two physical firewall architectures are as followings:

Single Bastion Host Architecture	Dual homed Host Firewall
Single device is configured with the filtered packets which serves as a security point for two networks.	It blocks the entry of the external data packets with the help of the external filtering router which is connected with the firewall providing the service of NAT.
Only one network interfaces are involved in this architecture.	Two network interfaces are involved in this architecture.

Table 4: Comparison of two types of firewall architecture

(Source: Created by the author)

10.

Based on the discussions in chapter 12 the comparison between the two physical firewall devices are as followings:

Packet filtering Firewalls	Unified Threat Management devices
It filters every outgoing and incoming data.	It plays the role of a middleman between the cache server and the requestor of the information.
It can selectively packet filters as needed.	It provides the proxy services in the network as well as the firewall services.

Table 5: Comparison of two types of firewall devices

(Source: Created by the author)

Reference

Whitman, M. E., & Mattord, H. J. (2011). Principles of information security. Cengage Learning.

Whitman, M., & Mattord, H. (2013). Management of information security. Nelson Education.

Buy Mgs 101 It And Management:Disa Assessment Answers Online

Talk to our expert to get the help with Mgs 101 It And Management:Disa Assessment Answers to complete your assessment on time and boost your grades now

The main aim/motive of the management assignment help services is to get connect with a greater number of students, and effectively help, and support them in getting completing their assignments the students also get find this a wonderful opportunity where they could effectively learn more about their topics, as the experts also have the best team members with them in which all the members effectively support each other to get complete their diploma assignments. They complete the assessments of the students in an appropriate manner and deliver them back to the students before the due date of the assignment so that the students could timely submit this, and can score higher marks.Â The experts of the assignment help services at urgenthomework.com are so much skilled, capable, talented, and experienced in their field of programming homework help writing assignments, so, for this, they can effectively write the best economics assignment help services.

Get Online Support for Mgs 101 It And Management:Disa Assessment Answers Assignment Help Online

); }

Not the Exact Question you were looking for ? Post your question for assignment help and get instant help on your homework and assignment questions from our experts