Discuss the purpose of the security development life cycle and how it is used for testing security systems.
“Implementing Network Access Control”
Companies face stronger regulations, such as HIPAA, SEC/SOX, and PCI DSS, which makes Network Access Control more critical.
- Using the Google search engine, search for the following term: Security Controls Implementation Plan and research different methods for security control implementations. Then Click here to open the pdf from SANS.org called “Implementing and Auditing the Critical Security Control“. Summarize the process to implement the CIS critical Security Controls. Out of the list of twenty controls, pick the top two pertinent controls that every company should implement. Explain your reasoning. Explain the best approach to determining which controls should be implemented first.
More companies are allowing users to work from home, which extends a company’s network and introduces new security concerns.
- Your company has decided to allow employees to work from home two days a week. Your CISO has requested a high-level comparison between RADIUS, TACACS and VPN. How does each of these services leverage Kerberos and the AAA framework? Make a recommendation and justify your answer based on your findings. Make sure to outline any limitations associated with each service
“Testing Access Control”
- Discuss the purpose of the security development life cycle and how it is used for testing security systems. Using the Internet, find two to three tools that could be used to conduct a vulnerability assessment. Please include the web URL and share with your classmates. Are paid tools more effective than open-source tools? How does someone determine the best tool to use for an assessment? Justify your answers.