Lab #1 Creating an IT Infrastructure Asset List and. Identifying Where Privacy Data Resides

Similar documents
Lab #3 Defining the Scope and Structure for an IT

Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure

ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

A: Administering System Center Configuration Manager

Administering System Center 2012 Configuration Manager

Administering System Center Configuration Manager ( A)

Administrering System Center 2012 Configuration Manager vd

Data Inventory and Classification, Physical Devices and Systems ID.AM-1, Software Platforms and Applications ID.AM-2 Inventory

Administering System Center Configuration Manager

ITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS

Administering System Center Configuration Manager

Questions Submitted Barry County Michigan Network Security Audit and Vulnerability Assessment RFP

WorldExtend Environment Preparation Guide

10747D: ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

IS305 Managing Risk in Information Systems [Onsite and Online]

Evaluating the Security of Your IT Network. Vulnerability Scanning & Network Map

Administering System Center 2012 Configuration Manager

Information System Security. Nguyen Ho Minh Duc, M.Sc

10747D: Administering System Center 2012 Configuration Manager

Information Security Risk Strategies. By

MANAGED CLOUD SERVICES

Vulnerability Management

OUTLINE OF THE AREAS COVERED IN THE UCTIT EXAM

Designing and Building a Cybersecurity Program

ADMINISTERING SYSTEM CENTER CONFIGURATION MANAGER

System Center Course Administering System Center Configuration Manager. Length. Audience. 5 days

Administering System Center Configuration Manager

Student Lab Manual. Student Lab Manual. Network Communications Infrastructure IS3120

Client Computing Security Standard (CCSS)

Belarc Product Description

Course 10747D: Administering System Center 2012 Configuration Manager Exam Code:

"Charting the Course to Your Success!" MOC D Administering System Center 2012 Configuration Manager. Course Summary

ITT Technical Institute. IS3445 Security for Web Applications and Social Networking Onsite Course SYLLABUS

Microsoft Administering System Center Configuration Manager

Qualys Cloud Platform

10 Things Every Auditor Should Do Before Performing a Security Audit

DETAILED POLICY STATEMENT

HIPAA Compliance Checklist

Building a Case for Mainframe Security

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

"Charting the Course... MOC A: Administering System Center Configuration Manager. Course Summary

HIPAA Compliance Assessment Module

CCNA Semester 2 - Skills Based Final Exam - Student Training Instructor Guidelines - Exam Overview and Administration

Course A: Administering System Center Configuration Manager

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

Course Outline. CISSP - Certified Information Systems Security Professional

Business Risk Management

Glossary of Technology Terms

Case Study. Routing. Cisco Networking Academy Program CCNA 2: Routers and Routing Basics v3.0

Vulnerability Management Policy

IT SECURITY RISK ANALYSIS FOR MEANINGFUL USE STAGE I

01.0 Policy Responsibilities and Oversight

CoreMax Consulting s Cyber Security Roadmap

MS 50547: Microsoft SharePoint 2010 Site Collection and Site Administration Duration: 5 Days Method: Instructor-Led

Transforming Security Part 2: From the Device to the Data Center

Village Software. Security Assessment Report

How to Choose a CDN. Improve Website Performance and User Experience. Imperva, Inc All Rights Reserved

A: Administering System Center Configuration Manager

Administering System Center Configuration Manager

Implementing and Maintaining Microsoft SQL Server 2005 Analysis Services

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Electrical and Telecommunications Engineering Technology_TCET3142/TC570 NEW YORK CITY COLLEGE OF TECHNOLOGY THE CITY UNIVERSITY OF NEW YORK

Information Security Data Classification Procedure

BCS Level 4 Award in Risk Assessment QAN 603/0830/8

MOC ADMINISTERING SYSTEM CENTER 2012 CONFIGURATION MANAGER

The Threaded Case Study

Microsoft End to End Business Intelligence Boot Camp

Duration Level Technology Delivery Method Training Credits. System Center Configuration Manager

Secure Network Design Document

Changing face of endpoint security

IMPROVING NETWORK SECURITY

EHR Privacy Risk Assessment Using Qualitative Methods. Maria Madsen CQUniversity, Gladstone, Queensland

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

"Charting the Course to Your Success!" MOC Microsoft SharePoint 2010 Site Collection and Site Administration Course Summary

IT Foundations Networking Specialist Certification with Exam

Monitoring and Operating a Private Cloud with System Center 2012

Exam : Title : ASAM Advanced Security for Account Managers Exam. Version : Demo

MS-55045: Microsoft End to End Business Intelligence Boot Camp

Administering System Center Configuration Manager ( )

IT 204 Final Project Guidelines and Rubric Database Proposal and Implementation Plan Report

Balancing Compliance and Operational Security Demands. Nov 2015 Steve Winterfeld

The simplified guide to. HIPAA compliance

Checklist: Credit Union Information Security and Privacy Policies

Altius IT Policy Collection Compliance and Standards Matrix

Altius IT Policy Collection

Checklist for Applying ISO 27000, PCI DSS v2 & NIST to Address HIPAA & HITECH Mandates. Ali Pabrai, MSEE, CISSP (ISSAP, ISSMP)

TestBraindump. Latest test braindump, braindump actual test

DFARS Compliance. SLAIT Consulting SECURITY SERVICES. Mike D Arezzo Director of Security Services. SLAITCONSULTING.com

SharePoint SP380: SharePoint Training for Power Users (Site Owners and Site Collection Administrators)

Question Yes No Business requirements documentation

CYSE 411/AIT 681 Secure Software Engineering Topic #3. Risk Management

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

Security Principles for Stratos. Part no. 667/UE/31701/004

Elders Estates Privacy Notice

Altitude Software. Data Protection Heading 2018

Lab Student Lab Orientation

Virtualization Security & Audit. John Tannahill, CA, CISM, CGEIT, CRISC

Altius IT Policy Collection Compliance and Standards Matrix

Chapter 10: Security. 2. What are the two types of general threats to computer security? Give examples of each.

Tracking and Reporting

Transcription:

Lab #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Resides Introduction Privacy is of growing concern, especially that of individual personal information. Between businesses seeking more effective use of their marketing budgets and governments targeting potential hostiles, the individual struggles to keep any information private. The purpose of an IT asset identification and asset classification exercise is to protect privacy data and implement security controls. Identifying where privacy data is accessed throughout an IT infrastructure or outside of its protected environment is important. In this lab, you will create an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure, Jones & you Bartlett will perform Learning, an asset LLC identification and classification Jones exercise, & Bartlett Learning, LL you will explain NOT how FOR a data SALE classification OR DISTRIBUTION standard is linked to customer privacy NOT data FOR and SALE OR DISTRIBUT security controls, and you will identify where privacy data resides and what security controls are needed to maintain compliance. Learning Jones & Objectives Bartlett Learning, LLC Upon completing this lab, you will be able to: Create an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure. Jones & Bartlett Perform Learning, an asset LLC identification and asset Jones classification & Bartlett exercise Learning, for a typical LLC IT NOT FOR SALE OR infrastructure. DISTRIBUTION Explain how a data classification standard is linked to customer privacy data protection and proper security controls. Identify where privacy data can reside or traverse throughout the seven domains of a typical IT infrastructure. Jones & Bartlett Learning, LLC Identify NOT where FOR privacy SALE data OR protection DISTRIBUTION and proper security controls are NOT needed FOR to SALE assist OR DISTRIBUT organizations with maintaining compliance. 1..

2 LAB #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Jones & Bartlett Resides Learning, LLC Deliverables Upon completion of Jones this lab, & Bartlett you are required Learning, to provide LLC the following deliverables Jones to & your Bartlett Learning, LL instructor: 1. Lab Report file; 2. Lab Assessments file. Instructor NOT FOR SALE Demo OR DISTRIBUTION The Instructor will present the instructions for this lab. This will start with a general discussion of asset identification and asset classification from a risk management perspective. The Jones & Bartlett Instructor Learning, will then present LLC an overview of the risks, Jones threats, & Bartlett and vulnerabilities Learning, LLC commonly found NOT FOR SALE within OR the DISTRIBUTION seven domains of a typical IT infrastructure...

3 Hands-On Steps Note: This is a paper-based NOT lab. FOR To successfully SALE OR complete DISTRIBUTION the deliverables for this lab, you will need NOT access FOR to Microsoft SALE OR DISTRIBUT Word or another compatible word processor. For some labs, you may also need access to a graphics line drawing application, such as Visio or PowerPoint. Refer to the Preface of this manual for information on creating the lab deliverable files. 1. On your local computer, create the lab deliverable files. 2. Review the Lab Assessment Worksheet. You will find answers to these questions as you proceed through the lab steps. NOT FOR SALE 3. OR Review DISTRIBUTION the seven domains of a typical NOT IT infrastructure. FOR SALE OR DISTRIBUTION Figure 1 Seven domains of a typical IT infrastructure An Asset s Finer NOT Points FOR SALE OR DISTRIBUTION A domain is not the same as an asset. And a piece of hardware does not always equate to one asset. Many assets can be in one domain, such as the System/Application Domain. A single hardware firewall might present itself as two assets, one in two different domains, for example, a Local Area Network-to-Wide Area Network (LANto-WAN) firewall and a Wide Area Network (WAN) firewall. In your own environments, ask yourself, What function does this perform? Copyright 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual..

4 LAB #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Jones & Bartlett Resides Learning, LLC 4. Review Figure 2, which is a Mock IT infrastructure with a Cisco core backbone network. Jones Figure 2 & Mock Bartlett IT infrastructure Learning, with LLC Cisco core backbone network 5. Refer to Figure 2 and note the following information, which describes the details of the Workstation Domain and System/Application Domain at a health care provider under the Health Insurance Portability and Accountability Act (HIPAA) compliance law: Jones & Workstation Bartlett Learning, Domain: Indicated LLC by the B in Figure Jones 2, the Workstation & Bartlett Learning, Domain LLC NOT FOR consists SALE of OR Microsoft DISTRIBUTION XP 2003, SP2 workstations NOT (50), FOR laptops SALE (50), OR and DISTRIBUTION desktop computers (50). System/Application Domain: Indicated by the G in Figure 2, the System/Application Domain consists of the following servers and applications: Jones & Bartlett Learning, o Linux LLC Server #1 (Domain Name Jones Server & Bartlett [DNS], Learning, File Transfer LLC Protocol [FTP], and Trivial File Transfer Protocol NOT FOR [TFTP]) SALE OR DISTRIBUTION o Linux Server #2 (Web Server) o Microsoft Server #1 (e-commerce Server and Customer Database Subset) o Microsoft Server #2 (Master Structured Query Language [SQL] Customer Jones Database & and Bartlett Intellectual Learning, Property LLCAssets) o NOT Microsoft FOR SALE Server OR #3 DISTRIBUTION (Office Automation, Dynamic Host NOT Configuration FOR SALE OR DISTRIBUT Protocol [DHCP] Server, and Customer Database Subset) o Microsoft Server #4 (E-mail Server)..

5 NOT FOR SALE 6. OR In DISTRIBUTION your Lab Report file, use the following NOT table FOR to SALE identify OR three DISTRIBUTION to five IT assets and insert them into the table. Indicate in which of the seven domains of an IT infrastructure the asset resides. Indicate if the asset accesses customer privacy data or contains customer privacy data. Finally, classify the IT asset as Critical, Major, or Minor, where the following defines Jones each: & Bartlett Learning, LLC Critical: Generates revenues or represents intellectual property asset of organization Major: Contains customer privacy data Minor: Required for normal business functions and operations Jones IT Asset & Bartlett Learning, Seven Domains LLC Description of Typical IT Privacy Data Jones & Bartlett Assessment Learning, LLC Impact [Critical-Major-Minor] Note: Pay attention to the descriptions of the various System/Application assets. Individual assets may fall into different assessment categories. The same certainly holds true for real-world environments you will assess. The guiding question should always be What does this asset do? or What sort of data does it hold? 7. In your Lab Report file, explain how a data classification standard is related to customer privacy data protection and security controls. Note: This completes the lab. Close the Web browser, if you have not already done so. Copyright 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Student Lab Manual..

6 LAB #1 Creating an IT Infrastructure Asset List and Identifying Where Privacy Data Jones & Bartlett Resides Learning, LLC Evaluation Criteria and Rubrics The following are NOT the FOR evaluation SALE criteria OR DISTRIBUTION for this lab that students must perform: 1. Create an IT asset/inventory checklist organized within the seven domains of a typical IT infrastructure. [20%] Jones 2. Perform & Bartlett an asset Learning, identification LLCand asset classification exercise Jones & for Bartlett a typical Learning, IT LLC NOT FOR infrastructure. SALE OR [20%] DISTRIBUTION 3. Explain how a data classification standard is linked to customer privacy data protection and proper security controls. [20%] 4. Identify where privacy data can reside or traverse throughout the seven domains of a typical IT infrastructure. [20%] 5. Identify where privacy data protection and proper security controls are needed to assist organizations with maintaining compliance. [20%]..

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback