1. Describe the controls contained within the three Access Control categories that can be integrated within a defense-in-depth model and give an example of one that you have read about or have knowledge of from your own experience.

/in /by

DISCUSSION1

After reading this week’s materials, please respond to one or more of the following questions.

 

1. Describe the controls contained within the three Access Control categories that can be integrated within a defense-in-depth model and give an example of one that you have read about or have knowledge of from your own experience.

2. Describe three threats to Access Control from what were covered within the reading and give an example of each.

3. Describe three of the intrusion detection system types used in access control monitoring covered within the reading. What is a honeypot and what are the legal concerns with using them?

4. What are the challenges that an Identity and Access Management system helps overcome? What benefits does it provide?

5. Describe the process of Identification, Authentication, Authorization, and Accountability. What is a race condition?

6. Discuss the single sign-on technologies Kerberos, security domains, directory services and thin clients. What does federation provide?

You must start a thread before you can read and reply to other threads

 

DISCUSSION2

 

After reading this week’s materials, please respond to one or more of the following questions.

1. Describe the steps in the information system security audit process.

2. Describe the differences between Black box, White box, and Gray box forms of vulnerability and penetration testing.

3. What are the five steps a team goes through when conducting a penetration test? What are the three degrees of knowledge that a penetration team can have about the target?

4. Discuss any three of the commonly exploited vulnerabilities targeted in penetration tests and the appropriate countermeasures to mitigate them.

5. Discuss the various test types that Operations and Security Departments should carry out to monitor the environment’s vulnerability to attack.

6. Define the following KPI terms: factor, measurement, baseline, metric, and indicator. What is the difference between a KPI and KRI?

7. What are the key elements that should be included in a good technical audit report? What should be included to provide senior management a brief overview of the report highlights