Question 1
Module 6: Assignment
Security assessment and vulnerability management
MCY 630 Security Architecture
Assignment Submission Instructions
Submission requirements: assignment
File format: MSWord or pdf (preferred)
Report requirements
• Include your name and assignment title at the top of the document.
• Number the questions and answers and answer each question in your submission in sequence.
• For each response, include the required text as well as any necessary images and diagrams.
• Use black font color for texts
• If uploading an MSWord format file, view the uploaded file from Canvas to make sure that the layout of images and texts are not
overlapping in the report. If the contents seem to have moved around, upload a pdf instead of an MSWord file.
1. (20 points) Exploring CSET
• Download and install the CSET standalone application
o URL: https://cset-download.inl.gov/
o Requires: Windows OS, Download information (Org Type: State, Sector: IT, Industry: Other, NAISC Code: 611310)
• Note: The CSET tool is updated regularly, and the interface may change with each version.
o Read all the instructions below and choose the options accordingly to fulfil the requirements as necessary.
• Start a new assessment – “My MCY630 Assessment” (fill other fields as necessary).
• Assessment option: Maturity Model and Network Diagram
• Fill necessary demographics fields with reasonable assumptions
• Maturity Models: Select Ransomware Readiness Assessment (RRA)
• Security Assurance Level (SAL): Methodology: Simple, Overall SAL: Low, Confidentiality/Integrity/Availability: Low
• Select “Create a Network Diagram” – You will be provided with some standard network architecture options. Select DCS
(which stands for Distributed Control System). Make any changes if you need (not necessary) and select “Return to CSET”
• Complete all Ransomware Readiness Assessment questions with reasonable assumptions.
• Complete all Diagram Component Questions with reasonable assumptions.
• Study the results of your assessment.
• Fill in the High-Level Assessment Description, Executive Summary and Comments text-boxes for documentation.
• In the final “Results > Reports” tab, go through the documentation generated from your assessment.
• Use the “print to PDF” option to generate the PDF for the following:
o (Document 1) Standard and Diagram – Executive Summary and
o (Document 2) Ransomware Readiness Assessment – RRA Report
2. (20 points) Exploring Microsoft TMT
• Download and install the Microsoft TMT standalone application
o URL: https://www.microsoft.com/en-us/securityengineering/sdl/threatmodeling
• Follow the “Getting Started” online guide to build a sample model (optional: feel free to add items to your DFD)
• Follow the “Feature Overview” online guide explore Element Properties, Messages, and Analysis View options.
• Finally, use the report generation option to export the threat modeling report (Document 3)
3. (5 + 5 points) Task Report
Create a task report to summarize your actions for the above two tasks. Include a reflection on the application usage, how
you feel these tools could be beneficial, the type of information you could extract from the reports, and your overall
experience with the activity.
Submit Documents 1, 2, and 3 along with the task report.
Question 2
Prompt:
Try to search and read published articles on interesting finds from security audits in the industry. Provide a short comment on the aspects of technical and/or administrative security control audits which took place in during the assessment.
How, in your opinion, does the security for document management systems handling documentation of enterprise security posture effect the overall security of the enterprise?
The post Question 1 Module 6: Assignment Security assessment and vulnerability management MCY 630 appeared first on essayfab.