SlideShare une entreprise Scribd logo

Part 1 Major Events DocumentationScenario You visit a retail.docx

Télécharger en tant que DOCX, PDF
A
alisondakintxt

Part 1: Major Events Documentation Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals distributed openly around the store. You produce a credit card, the salesclerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and checks the contents of the store bag. Document each of the major events just described and explain them in terms of the PCI compliance standard. Include this report in your assignment. Part 2: PCI Compliance This part of the assignment will cover PCI. Please refer to the attached file in your responses. Respond to and address the following in essay style: 1. Suppose HGA’s mainframe, depicted in Figure B-1, stored cardholder data in the private databases. What steps should be taken to protect that data in order to be PCI compliant? 2. HGA’s mainframe has network connectivity. Assuming that cardholder data is transmitted across these networks, describe how data should be protected in transmission. 3. Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data. 4. The PCI specification notes that all systems and network devices connected to a system that stores, transmits, or processes cardholder data is in scope and must comply with PCI specifications. To avoid having the whole network subject to PCI specifications, how would you segment the network to reduce the scope of compliance? Assignment Requirements: Submit your assignment in the usual double-spaced APA-styled report. At least four pages of material are expected beyond the title page, table of contents, abstract, and references page. · Answers contain sufficient information to adequately answer the questions · No spelling errors · No grammar errors CRSS Network Diagram Copyright Rasmussen, Inc. 2013. Proprietary and Confidential. 1 1 image3.png image5.png FedRAMP Security Assessment Plan (SAP) Third Party Assessment Prepared by <Your Name> for Country Roads Space Systems & NASA CRSS Information Systems. Administration and Classified Networks Version #.# <DATE> MOCK Plan CRSS Information Systems. Administration and Classified Networks | Version #.# Date Controlled Unclassified Information Page | 10 System Assessment Plan Prepared by Identification of Organization that Prepared this Document Student NameEnter Your Name Rasmussen Email AddressEnter Rasmussen Email Address ClassEnter Class Name Course and SemesterEnter Section Number and Semester Prepared for Identification of Cloud Service Provider Organization NameNASA Street Address300 E St. SW Suite/Room/BuildingIA Office Floor 2 City, State ZipWashington DC 20546 Revision History Date Description Version of SSP Author<Date><Revision Description><Version><Author><Date><Revision Description><Versi.

Formation
1  sur  20
Part 1: Major Events Documentation Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals distributed openly around the store. You produce a credit card, the salesclerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and checks the contents of the store bag. Document each of the major events just described and explain them in terms of the PCI compliance standard. Include this report in your assignment. Part 2: PCI Compliance This part of the assignment will cover PCI. Please refer to the attached file in your responses. Respond to and address the following in essay style: 1. Suppose HGA’s mainframe, depicted in Figure B-1, stored cardholder data in the private databases. What steps should be taken to protect that data in order to be PCI compliant? 2. HGA’s mainframe has network connectivity. Assuming that cardholder data is transmitted across these networks, describe how data should be protected in transmission. 3. Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data. 4. The PCI specification notes that all systems and network devices connected to a system that stores, transmits, or processes cardholder data is in scope and must comply with PCI specifications. To avoid having the whole network subject to PCI specifications, how would you segment the network to reduce the scope of compliance? Assignment Requirements: Submit your assignment in the usual double-spaced APA-styled report. At least four pages of material are expected beyond the title page, table of contents, abstract, and references page.
· Answers contain sufficient information to adequately answer the questions · No spelling errors · No grammar errors CRSS Network Diagram Copyright Rasmussen, Inc. 2013. Proprietary and Confidential. 1 1 image3.png image5.png FedRAMP Security Assessment Plan (SAP) Third Party Assessment Prepared by <Your Name> for Country Roads Space Systems & NASA CRSS Information Systems. Administration and Classified Networks Version #.# <DATE> MOCK Plan
CRSS Information Systems. Administration and Classified Networks | Version #.# Date Controlled Unclassified Information Page | 10 System Assessment Plan Prepared by Identification of Organization that Prepared this Document Student NameEnter Your Name Rasmussen Email AddressEnter Rasmussen Email Address ClassEnter Class Name Course and SemesterEnter Section Number and Semester Prepared for Identification of Cloud Service Provider Organization NameNASA Street Address300 E St. SW Suite/Room/BuildingIA Office Floor 2 City, State ZipWashington DC 20546 Revision History Date Description Version of SSP Author<Date><Revision Description><Version><Author><Date><Revision Description><Version><Author>
Table of Contents 1Introduction1 1.1Laws, Regulations, Standards, and Guidance1 1.2Purpose1 2Scope2 2.1Information System Name/Title2 2.2Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing2 2.3Roles Slated for Testing2 3Assumptions2 4Methodology3 5Test Plan4 5.1Security Assessment Team4 5.2NASA /CRSS Provider Testing Points of Contact5 5.3Testing Performed Using Automated Tools5 5.4Testing Performed Through Manual Methods6 6Rules of Engagement7 6.1Security Testing7 6.2End of Testing8 6.3Communication of Test Results8 6.4 Limitation of Liabilities…………………………………………………………… …………………………………….…………..8 6.5 Signatures 10 7Acronyms10 AAppendix A – Attachments11 List of Tables Table 21 Information System Name and Title2 Table 26 Role Based Testing2 Table 51 Security Testing Team4 Table 52 NASA /CRSS Service Provider Points of Contact5 Table 53 Tools Used for Security Testing5 Table 54 Testing Performed through Manual Methods6 Table 61 Individuals at NASA /CRSS Receiving Test Results8
CRSS Information Systems. Administration and Classified Networks FedRAMP SAP Template Version #.# Date MOCK Plan – Academic Purposes Only Page | ii Introduction Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Country Roads Space Systems. Testing security controls is an integral part of the FedRAMP security authorization requirements. Providing a plan for security control ensures that the process runs smoothly. The CRSS Information Systems. Administration and Classified Networks (CRSS ITS) will be assessed by an Independent Assessor (IA) <Your Name>. The use of an independent assessment team reduces the potential for conflicts of interest that could occur in verifying the implementation status and effectiveness of the security controls. National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 39, Managing Information Security Risk states: Assessor independence is an important factor in: (i) preserving the impartial and unbiased nature of the assessment process; (ii) determining the credibility of the security assessment results; and (iii) ensuring that the authorizing official receives the most objective information possible in order to make an informed, risk-based, authorization decision.Laws, Regulations, Standards, and Guidance A summary of the FedRAMP Laws and Regulations and the FedRAMP Standards and Guidance is included in the System Security Plan (SSP) Attachment 12 – FedRAMP Laws and Regulations. SSP Section 12 Laws, Regulations, Standards, and Guidance contains the following two tables that are system specific:
Table 12 1 CRSS Information Systems. Administration and Classified Networks Laws and Regulations includes additional laws and regulations specific to CRSS Information Systems. Administration and Classified Networks. Table 12 2 CRSS Information Systems. Administration and Classified Networks Standards and Guidance includes any additional standards and guidance specific to CRSS Information Systems. Administration and Classified Networks.Purpose This document consists of a test plan to test the security controls for CRSS ITS. It has been completed by <Your Name> for the benefit of Country Roads Space Systems. NIST SP 800- 39, Managing Information Security Risk states: The information system owner and common control provider rely on the security expertise and the technical judgment of the assessor to: (i) assess the security controls employed within and inherited by the information system using assessment procedures specified in the security assessment plan; and (ii) provide specific recommendations on how to correct weaknesses or deficiencies in the controls and address identified vulnerabilities.Scope Information System Name/Title The CRSS ITS is undergoing testing as described in this Security Assessment Plan named in Table 2-1. Table 21 Information System Name and Title Unique Identifier Information System Name Information System Abbreviation487-4587654 CRSS Information Systems. Administration and Classified Networks CRSS ITS Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing
Instruction: If you plan to test any of the systems identified in the CRSS_Network.vsd Diagram, you will need to list them here, with a brief description of the system (extrapolate the function from the name based on other systems of the same type you find online) and list a priority for testing based on your view of the risk and vulnerability. Delete this instruction from your final version of this document. Please list all systems slated for testing. System Name Description Priority for Testing Roles Slated for Testing Role testing will be performed to test the authorizations restrictions for each role. <Your Name> will access the system while logged in as different user types and attempt to perform restricted functions as unprivileged users. Functions and roles that will be tested are noted in Table 26 Role Based Testing. Roles slated for testing correspond to those roles listed in the CRSS ITS SSP. Table 26 Role Based Testing Role Name Test User ID Associated FunctionsEnter Role NameEnter Test User IDEnter Associated FunctionsEnter Role NameEnter Test User IDEnter Associated FunctionsEnter Role NameEnter Test User IDEnter Associated Functions Assumptions
Instruction: The assumptions listed are default assumptions. The Auditor must edit these assumptions as necessary for each unique engagement. Delete this instruction from your final version of this document. The following assumptions were used when developing this SAP: Country Roads Space Systems resources, including documentation and individuals with knowledge of the Country Roads Space Systems and infrastructure and their contact information, will be available to <Your Name> staff during the time necessary to complete assessments. The Country Roads Space Systems will provide login account information/credentials necessary for <Your Name> to use its testing devices to perform authenticated scans of devices and applications. The Country Roads Space Systems will permit <Your Name> to connect its testing laptops to the Country Roads Space Systems networks defined within the scope of this assessment. The Country Roads Space Systems will permit communication from Third Party Assessment Organization testing appliances to an internet hosted vulnerability management service to permit the analysis of vulnerability data. Security controls that have been identified as “Not Applicable” in the SSP will be verified as such and further testing will not be performed on these security controls Significant upgrades or changes to the infrastructure and components of the system undergoing testing will not be performed during the security assessment period. For onsite control assessment, Country Roads Space Systems personnel will be available should the <Your Name> staff determine that either after hours work, or weekend work, is necessary to support the security assessment. <ADD MORE HERE>Methodology Instruction: FedRAMP provides a documented methodology to describe the process for testing the security controls. The IAs
may edit this section to add additional information. Delete this instruction from your final version of this document. <Your Name> will perform an assessment of the CRSS ITS security controls using the methodology described in NIST SP 800-53A. <Your Name> will use FedRAMP test procedures to evaluate the security control(s). Outline below, these test procedures contain the test objectives and associated test cases to determine if a control is effectively implemented and operating as intended. <Your Name> data gathering activities will consist of the following: Request Country Roads Space Systems provide FedRAMP required documentation Request any follow-up documentation, files, or information needed that is not provided in FedRAMP required documentation Travel to the Country Roads Space Systems sites as necessary to inspect systems and meet with Country Roads Space Systems staff Obtain information through the use of security testing tools Security controls will be verified using one or more of the following assessment methods: Examine: the IA will review, analyze, inspect, or observe one or more assessment artifacts as specified in the attached test cases Interview: the IA will conduct discussions with individuals within the organization to facilitate assessor understanding, achieve clarification, or obtain evidence Technical Tests: the IA will perform technical tests, including penetration testing, on system components using automated and manual methods <Your Name> will use sampling when performing this assessment. Control Name Data Gathering Methodology Verification method Details
Test Plan Security Assessment Team Instruction: List the members of the risk assessment team and the role each member will play. Include team members contact information. Enter up to 3 other members after you on the first line. Fill in the role with skills you believe are needed to perform this assessment and fake contact information. Delete this instruction from your final version of this document. The security assessment team consists of the below individuals. Security control assessors play a unique role in testing system security controls. NIST SP 800-39, Managing Information Security Risk states: The security control assessor is an individual, group, or organization responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The members of the IA security testing team are found in Table 51 Security Testing Team. Table 51 Security Testing Team Name Role
Contact InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract Information Country Roads Space Systems Provider Testing Points of Contact Instruction: The IA must obtain at least three points of contact from the CSP to use for testing communications. One of the contacts must be available 24 x 7 and must include an operations center (e.g., NOC, SOC). Delete this instruction from your final version of this document. The Country Roads Space Systems points of contact that the testing team will use are found in Table 52 Country Roads Space Systems Service Provider Points of Contact (POCs). Table 52 Country Roads Space Systems Service Provider Points of Contact Name Role Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact Information Testing Performed Using Automated Tools Instruction: Describe what tools will be used for testing security controls. Include all product names and names of open source tools and include version numbers. If open source tools are used, name the organization (or individuals) who developed the tools. Additionally, describe the function and purpose of the tool (e.g., file integrity checking, web application scanning). For scanners, indicate what the scanner’s capability is, e.g., database scanning, web application scanning, infrastructure
scanning, code scanning/analysis). For more information see the Guide to Understanding FedRAMP. Delete this instruction from your final version of this document. <Your Name> plans to use the following tools noted in Table 53 Tools Used for Security Testing to perform testing of the CRSS ITS. Table 53 Tools Used for Security Testing Tool Name Vendor/Organization Name & Version Purpose of ToolEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool Purpose Testing Performed Through Manual Methods Instruction: Describe what technical tests will be performed through manual methods without the use of automated tools. The results of all manual tests must be recorded in the Security Assessment Report (SAR). Examples are listed in the first four rows. Delete the examples, and put in the real tests. Add additional rows as necessary. Identifiers must be in the format MT-1, MT-2 which would indicate “Manual Test 1” and “Manual Test 2” etc. Example MT-1 Example Forceful Browsing Example Description: We will login as a customer and try to see if we can gain access to the Network Administrator and Database Administrator privileges and authorizations by navigating to different views and manually forcing the browser to various URLs. Example MT-2 Example Structured Query Language (SQL) Injection Example Description: We will perform some manual SQL
injection attacks using fake names and 0 OR '1'='1' statements. Example MT-3 C Example Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) Example Description: We will test the CAPTCHA function on the web form manually. Example MT-4 Example Online Certificate Status Protocol (OCSP) Example Description: We will manually test to see if OCSP is validating certificates. Penetration tests must be included in this section. Delete these instructions from your final version of this document. Table 54 Testing Performed through Manual Methods describes the technical test that were performed through manual methods without automated tools. Table 54 Testing Performed through Manual Methods Test ID Test Name DescriptionTest IDTest NameEnter Test DescriptionTest IDTest NameEnter Test DescriptionTest IDTest NameEnter Test Description Rules of Engagement Security testing Instruction: FedRAMP provides a Rules of Engagement template. The IAs must edit this RoE as necessary. The final version of the RoE must be signed by both the IA and CSP. Delete this instruction from your final version of this document. A Rules of Engagement (RoE) document is designed to describe proper notifications and disclosures between the owner of a tested systems and an independent assessor. In particular, a
RoE includes information about targets of automated scans and IP address origination information of automated scans (and other testing tools). Together with the information provided in preceding sections of this document, this document shall serve as a RoE once signed. Disclosures Instruction: Edit and modify the disclosures as necessary. If testing is to be conducted from an internal location, identify at least one network port with access to all subnets/segments to be tested. The purpose of identifying the IP addresses from where the security testing will be performed is so that when the IAs are performing scans, the CSP will understand that the rapid and high volume network traffic is not an attack and is part of the testing. Edit the below lists as needed. Delete this instruction from your final version of this document. Any testing will be performed according to terms and conditions designed to minimize risk exposure that could occur during security testing. All scans will originate from the following IP address(es): 192.168.1.250 Security Testing May Include Instruction: The IA must edit the bullets in this default list to make it consistent with each unique system tested. Delete this instruction from your final version of this document. Security testing may include the following activities: Port scans and other network service interaction and queries Network sniffing, traffic monitoring, traffic analysis, and host discovery Attempted logins or other use of systems, with any account name/password Attempted structured query language (SQL) injection and other forms of input parameter testing Use of exploit code for leveraging discovered vulnerabilities Password cracking via capture and scanning of authentication databases
Spoofing or deceiving servers regarding network traffic Altering running system configuration except where denial of service would result Adding user accounts Security Testing Will Not Include Instruction: The 3PAO must edit the bullets in this default list to make it consistent with each unique system tested. Delete this instruction from your final version of this document. Security testing will not include any of the following activities: Changes to assigned user passwords Modification of user files or system files Telephone modem probes and scans (active and passive) Intentional viewing of Country Roads Space Systems staff email, Internet caches, and/or personnel cookie files Denial of service attacks Exploits that will introduce new weaknesses to the system Intentional introduction of malicious code (viruses, Trojans, worms, etc.)End of Testing <Your Name> will notify CRSS Project Manager at Country Roads Space Systems when security testing has been completed.Communication of Test Results Email and reports on all security testing will be encrypted according to Country Roads Space Systems requirements. Security testing results will be sent and disclosed to the individuals at Country Roads Space Systems noted in Table 61 Individuals at Country Roads Space Systems Receiving Test Results within 60 days after security testing has been completed. Table 61 Individuals at Country Roads Space Systems Receiving Test Results Name Role
Contact InformationYour ProfessorGradingEnter CSP Contact Information Limitation of Liability Instruction: Insert any Limitations of Liability associated with the security testing below. Edit the provided default Limitation of Liability as needed. Delete this instruction from your final version of this document. <Your Name>, and its stated partners, shall not be held liable to Country Roads Space Systems for any and all liabilities, claims, or damages arising out of or relating to the security vulnerability testing portion of this agreement, howsoever caused and regardless of the legal theory asserted, including breach of contract or warranty, tort, strict liability, statutory liability, or otherwise. Country Roads Space Systems acknowledges that there are limitations inherent in the methodologies implemented, and the assessment of security and vulnerability relating to information technology is an uncertain process based on past experiences, currently available information, and the anticipation of reasonable threats at the time of the analysis. There is no assurance that an analysis of this nature will identify all vulnerabilities or propose exhaustive and operationally viable recommendations to mitigate all exposure.Signatures The following individuals at the IA and Country Roads Space Systems have been identified as having the authority to agree to security testing of CRSS ITS. ACCEPTANCE AND SIGNATURE
I have read the above Security Assessment Plan and Rules of Engagement and I acknowledge and agree to the tests and terms set forth in the plan. <Your Name> Representative:Enter 3PAO Representative Name. (printed) <Your Name> Representative: (signature)Click here to enter a date. (date) Country Roads Space Systems Representative:CRSS Manager (printed) Country Roads Space Systems Representative: NASA PM (signature)Click here to enter a date. (date) Controlled Unclassified Information Page | 12 Acronyms Please add any Acronyms you utilize in this area, in alphabetical order. Delete this instruction from your final version of this document. The master list of FedRAMP acronym and glossary definitions for all FedRAMP templates is available on the FedRAMP
website Documents page under Program Overview Documents. A&A – Assessment and Authorization BCP – Business Continuity Plan BIA – Business Impact Analysis BPR - Business Process Reengineering Plan CEO – Chief Executive Officer COBIT - Control Objectives for Information and Related Technologies CRSS – Country Roads Space Systems DR – Disaster Recovery Plan HOT – Hot review in auditing ISO – International Standards Organization IT – Information Technology LAN – Local Area Network NASA – National Aeronautical Space Agency NIST – National Institute of Standards and Technology POAM – Plan of Action and Milestones RA – Risk Analysis Report SAP – Security Assessment Plan SAR – Security Assessment Report WAN – Wide Area Network Unclassified Confidential Information Page 11A Appendix A – Attachments Instruction: If applicable, attachments must include penetration testing rules of engagement, penetration testing methodology, and the sampling methodology used in testing. Delete this instruction from your final version of this document. List of Attachments: image1.png image2.png
image3.png LAN Server Interagency Wide Area Network (WAN) Other Agency Host or LAN Modem Pool Console Router/ Screener Other Agency Host or LAN Private Databases Modem Pool Internet Local Area Network (LAN) Mainframe
Direct Deposit, IRS, State, etc.

Recommandé

DSS RMF Training.pptx
DSS RMF Training.pptxDSS RMF Training.pptx
DSS RMF Training.pptxMuhammad Mazhar
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 
Data_Systems_Specialist_Role_Description[1]
Data_Systems_Specialist_Role_Description[1]Data_Systems_Specialist_Role_Description[1]
Data_Systems_Specialist_Role_Description[1]Peter Smith
 
Lecture 6 & 7.pdf
Lecture 6 & 7.pdfLecture 6 & 7.pdf
Lecture 6 & 7.pdfRaoShahid10
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This chedavieec5f
 

Recommandé

DSS RMF Training.pptx
DSS RMF Training.pptxDSS RMF Training.pptx
DSS RMF Training.pptxMuhammad Mazhar
 
Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Presentation: To an efficient tool for securing the card data on the Cloud: C...
Presentation: To an efficient tool for securing the card data on the Cloud: C...Hassan EL ALLOUSSI
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 
Data_Systems_Specialist_Role_Description[1]
Data_Systems_Specialist_Role_Description[1]Data_Systems_Specialist_Role_Description[1]
Data_Systems_Specialist_Role_Description[1]Peter Smith
 
Lecture 6 & 7.pdf
Lecture 6 & 7.pdfLecture 6 & 7.pdf
Lecture 6 & 7.pdfRaoShahid10
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This chedavieec5f
 
Database Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxDatabase Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxwhittemorelucilla
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015AFCEA International
 
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET Journal
 
IRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET Journal
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxAssessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxfestockton
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
 
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET Journal
 
IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...IRJET Journal
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber ProgramIgnyte Assurance Platform
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowTerra Verde
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsPriyanka Aash
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 
You will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxYou will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxalisondakintxt
 
Which of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxWhich of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxalisondakintxt
 

Contenu connexe

Similaire à Part 1 Major Events DocumentationScenario You visit a retail.docx

Database Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxDatabase Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxwhittemorelucilla
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxduketjoy27252
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015AFCEA International
 
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET Journal
 
IRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET Journal
 
Trackment
TrackmentTrackment
Trackmentmeaannn
 
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxAssessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxfestockton
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...IJERA Editor
 
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET Journal
 
IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...IRJET Journal
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowTerra Verde
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...akquinet enterprise solutions GmbH
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefEnda Crossan
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsPriyanka Aash
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxhealdkathaleen
 

Similaire à Part 1 Major Events DocumentationScenario You visit a retail.docx (20)

Database Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docxDatabase Security Assessment Transcript You are a contracting office.docx
Database Security Assessment Transcript You are a contracting office.docx
 
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docxDisaster and RecoveryBusiness Impact AnalysisSystem .docx
Disaster and RecoveryBusiness Impact AnalysisSystem .docx
 
Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015Network Security & Assured Networks: TechNet Augusta 2015
Network Security & Assured Networks: TechNet Augusta 2015
 
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding SchemesIRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
IRJET- Privacy Enhancing Routing Algorithm using Backbone Flooding Schemes
 
IRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart GridIRJET- A Review of the Concept of Smart Grid
IRJET- A Review of the Concept of Smart Grid
 
Trackment
TrackmentTrackment
Trackment
 
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docxAssessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
Assessment ArchitectureSecurity Assessment Plan (SAP) System Name.docx
 
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
Extensive Security and Performance Analysis Shows the Proposed Schemes Are Pr...
 
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service ProvidersIRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
IRJET- Extended Cloud Security for Trust-Based Cloud Service Providers
 
IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...IRJET- Insider Interruption Identification and Protection by using Forens...
IRJET- Insider Interruption Identification and Protection by using Forens...
 
Corporate Cyber Program
Corporate Cyber ProgramCorporate Cyber Program
Corporate Cyber Program
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
PCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to KnowPCI 3.0 – What You Need to Know
PCI 3.0 – What You Need to Know
 
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
SAP Security & Compliance Audits. Find your vulnerabilities before you get hu...
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
 
Cyber intrusion analyst occupational brief
Cyber intrusion analyst occupational briefCyber intrusion analyst occupational brief
Cyber intrusion analyst occupational brief
 
Applying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data SetsApplying Auto-Data Classification Techniques for Large Data Sets
Applying Auto-Data Classification Techniques for Large Data Sets
 
Running Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docxRunning Head 2Week #8 MidTerm Assignment .docx
Running Head 2Week #8 MidTerm Assignment .docx
 

Plus de alisondakintxt

You will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxYou will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxalisondakintxt
 
Which of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxWhich of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxalisondakintxt
 
Throughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docxThroughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docxalisondakintxt
 
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docxUnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docxalisondakintxt
 
The Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docxThe Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docxalisondakintxt
 
The leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docxThe leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docxalisondakintxt
 
The Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docxThe Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docxalisondakintxt
 
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docxSTUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docxalisondakintxt
 
the elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docxthe elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docxalisondakintxt
 
TECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docxTECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docxalisondakintxt
 
Step 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docxStep 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docxalisondakintxt
 
The Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docxThe Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docxalisondakintxt
 
Review the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docxReview the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docxalisondakintxt
 
Research Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docxResearch Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docxalisondakintxt
 
Step 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docxStep 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docxalisondakintxt
 
Objectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docxObjectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docxalisondakintxt
 
Marketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docxMarketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docxalisondakintxt
 
Learning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docxLearning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docxalisondakintxt
 
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docxRACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docxalisondakintxt
 
Part 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docxPart 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docxalisondakintxt
 

Plus de alisondakintxt (20)

You will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docxYou will be doing a Health Policy Analysis Power Point on a releva.docx
You will be doing a Health Policy Analysis Power Point on a releva.docx
 
Which of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docxWhich of the three major sociological approaches to understanding so.docx
Which of the three major sociological approaches to understanding so.docx
 
Throughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docxThroughout the course we have examined that the African American com.docx
Throughout the course we have examined that the African American com.docx
 
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docxUnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
UnderstandingCultureFood,Faith,&CultureDr.FredFoy.docx
 
The Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docxThe Elderly populationPowerPoint Presentation.Discuss the as.docx
The Elderly populationPowerPoint Presentation.Discuss the as.docx
 
The leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docxThe leader of your organization just resigned because they were arre.docx
The leader of your organization just resigned because they were arre.docx
 
The Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docxThe Star Model™The Star Model™ framework for organization .docx
The Star Model™The Star Model™ framework for organization .docx
 
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docxSTUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
STUDENT REPLIESDISCUSSION 2STUDENT REPLY #1 Darlene Milan On.docx
 
the elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docxthe elderly populationIdentify a vulnerable population or a comm.docx
the elderly populationIdentify a vulnerable population or a comm.docx
 
TECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docxTECH460Module 2Organization Profile and Problem Statement.docx
TECH460Module 2Organization Profile and Problem Statement.docx
 
Step 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docxStep 1Select ONE of the following viral agents for your assignme.docx
Step 1Select ONE of the following viral agents for your assignme.docx
 
The Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docxThe Christianity ReligionAdiesa BurgessD.docx
The Christianity ReligionAdiesa BurgessD.docx
 
Review the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docxReview the term Significance Test in the Statistics Visual Learner.docx
Review the term Significance Test in the Statistics Visual Learner.docx
 
Research Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docxResearch Paper PresentationWith the information you gathered.docx
Research Paper PresentationWith the information you gathered.docx
 
Step 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docxStep 1 You are a registered nurse who works with wound-care patien.docx
Step 1 You are a registered nurse who works with wound-care patien.docx
 
Objectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docxObjectives Unacceptable Below Average Acceptable Above Average.docx
Objectives Unacceptable Below Average Acceptable Above Average.docx
 
Marketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docxMarketing Plan Analysis and Presentation Part 1– Rese.docx
Marketing Plan Analysis and Presentation Part 1– Rese.docx
 
Learning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docxLearning Objectives By the end of this presentation, you will b.docx
Learning Objectives By the end of this presentation, you will b.docx
 
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docxRACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
RACE, ETHNICITY, AND THE DEATH PENALTYConstitutionality.docx
 
Part 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docxPart 1Respond to the following in a minimum of 175 words•.docx
Part 1Respond to the following in a minimum of 175 words•.docx
 

Dernier

HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONHumphrey A Beña
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Mark Reed
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxAshokKarra1
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parentsnavabharathschool99
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfErwinPantujan2
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17Celine George
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptxmary850239
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinojohnmickonozaleda
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxMaryGraceBautista27
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Seán Kennedy
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomnelietumpap1
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSJoshuaGantuangco2
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)cama23
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management systemChristalin Nelson
 

Dernier (20)

HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptxYOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
YOUVE GOT EMAIL_FINALS_EL_DORADO_2024.pptx
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATIONTHEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
THEORIES OF ORGANIZATION-PUBLIC ADMINISTRATION
 
Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)Influencing policy (training slides from Fast Track Impact)
Influencing policy (training slides from Fast Track Impact)
 
Karra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptxKarra SKD Conference Presentation Revised.pptx
Karra SKD Conference Presentation Revised.pptx
 
Choosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for ParentsChoosing the Right CBSE School A Comprehensive Guide for Parents
Choosing the Right CBSE School A Comprehensive Guide for Parents
 
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdfVirtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
Virtual-Orientation-on-the-Administration-of-NATG12-NATG6-and-ELLNA.pdf
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptxYOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
YOUVE_GOT_EMAIL_PRELIMS_EL_DORADO_2024.pptx
 
How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17How to Add Barcode on PDF Report in Odoo 17
How to Add Barcode on PDF Report in Odoo 17
 
4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx4.16.24 21st Century Movements for Black Lives.pptx
4.16.24 21st Century Movements for Black Lives.pptx
 
FILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipinoFILIPINO PSYCHology sikolohiyang pilipino
FILIPINO PSYCHology sikolohiyang pilipino
 
Science 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptxScience 7 Quarter 4 Module 2: Natural Resources.pptx
Science 7 Quarter 4 Module 2: Natural Resources.pptx
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...Student Profile Sample - We help schools to connect the data they have, with ...
Student Profile Sample - We help schools to connect the data they have, with ...
 
ENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choomENGLISH6-Q4-W3.pptxqurter our high choom
ENGLISH6-Q4-W3.pptxqurter our high choom
 
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTSGRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
GRADE 4 - SUMMATIVE TEST QUARTER 4 ALL SUBJECTS
 
Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)Global Lehigh Strategic Initiatives (without descriptions)
Global Lehigh Strategic Initiatives (without descriptions)
 
Concurrency Control in Database Management system
Concurrency Control in Database Management systemConcurrency Control in Database Management system
Concurrency Control in Database Management system
 

Part 1 Major Events DocumentationScenario You visit a retail.docx

  • 1. Part 1: Major Events Documentation Scenario: You visit a retail establishment, shop around, and finally carry several products to one of the point of sale (POS) terminals distributed openly around the store. You produce a credit card, the salesclerk processes the transaction, bags your goods, and hands you the receipt. On your way to the exit, a store employee asks to see your receipt and checks the contents of the store bag. Document each of the major events just described and explain them in terms of the PCI compliance standard. Include this report in your assignment. Part 2: PCI Compliance This part of the assignment will cover PCI. Please refer to the attached file in your responses. Respond to and address the following in essay style: 1. Suppose HGA’s mainframe, depicted in Figure B-1, stored cardholder data in the private databases. What steps should be taken to protect that data in order to be PCI compliant? 2. HGA’s mainframe has network connectivity. Assuming that cardholder data is transmitted across these networks, describe how data should be protected in transmission. 3. Users are located at various sites connected to the HGA network. Suggest appropriate access controls to restrict unauthorized users from looking at cardholder data. 4. The PCI specification notes that all systems and network devices connected to a system that stores, transmits, or processes cardholder data is in scope and must comply with PCI specifications. To avoid having the whole network subject to PCI specifications, how would you segment the network to reduce the scope of compliance? Assignment Requirements: Submit your assignment in the usual double-spaced APA-styled report. At least four pages of material are expected beyond the title page, table of contents, abstract, and references page.
  • 2. · Answers contain sufficient information to adequately answer the questions · No spelling errors · No grammar errors CRSS Network Diagram Copyright Rasmussen, Inc. 2013. Proprietary and Confidential. 1 1 image3.png image5.png FedRAMP Security Assessment Plan (SAP) Third Party Assessment Prepared by <Your Name> for Country Roads Space Systems & NASA CRSS Information Systems. Administration and Classified Networks Version #.# <DATE> MOCK Plan
  • 3. CRSS Information Systems. Administration and Classified Networks | Version #.# Date Controlled Unclassified Information Page | 10 System Assessment Plan Prepared by Identification of Organization that Prepared this Document Student NameEnter Your Name Rasmussen Email AddressEnter Rasmussen Email Address ClassEnter Class Name Course and SemesterEnter Section Number and Semester Prepared for Identification of Cloud Service Provider Organization NameNASA Street Address300 E St. SW Suite/Room/BuildingIA Office Floor 2 City, State ZipWashington DC 20546 Revision History Date Description Version of SSP Author<Date><Revision Description><Version><Author><Date><Revision Description><Version><Author>
  • 4. Table of Contents 1Introduction1 1.1Laws, Regulations, Standards, and Guidance1 1.2Purpose1 2Scope2 2.1Information System Name/Title2 2.2Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing2 2.3Roles Slated for Testing2 3Assumptions2 4Methodology3 5Test Plan4 5.1Security Assessment Team4 5.2NASA /CRSS Provider Testing Points of Contact5 5.3Testing Performed Using Automated Tools5 5.4Testing Performed Through Manual Methods6 6Rules of Engagement7 6.1Security Testing7 6.2End of Testing8 6.3Communication of Test Results8 6.4 Limitation of Liabilities…………………………………………………………… …………………………………….…………..8 6.5 Signatures 10 7Acronyms10 AAppendix A – Attachments11 List of Tables Table 21 Information System Name and Title2 Table 26 Role Based Testing2 Table 51 Security Testing Team4 Table 52 NASA /CRSS Service Provider Points of Contact5 Table 53 Tools Used for Security Testing5 Table 54 Testing Performed through Manual Methods6 Table 61 Individuals at NASA /CRSS Receiving Test Results8
  • 5. CRSS Information Systems. Administration and Classified Networks FedRAMP SAP Template Version #.# Date MOCK Plan – Academic Purposes Only Page | ii Introduction Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for Country Roads Space Systems. Testing security controls is an integral part of the FedRAMP security authorization requirements. Providing a plan for security control ensures that the process runs smoothly. The CRSS Information Systems. Administration and Classified Networks (CRSS ITS) will be assessed by an Independent Assessor (IA) <Your Name>. The use of an independent assessment team reduces the potential for conflicts of interest that could occur in verifying the implementation status and effectiveness of the security controls. National Institute of Standards and Technology (NIST) Special Publication (SP) 800- 39, Managing Information Security Risk states: Assessor independence is an important factor in: (i) preserving the impartial and unbiased nature of the assessment process; (ii) determining the credibility of the security assessment results; and (iii) ensuring that the authorizing official receives the most objective information possible in order to make an informed, risk-based, authorization decision.Laws, Regulations, Standards, and Guidance A summary of the FedRAMP Laws and Regulations and the FedRAMP Standards and Guidance is included in the System Security Plan (SSP) Attachment 12 – FedRAMP Laws and Regulations. SSP Section 12 Laws, Regulations, Standards, and Guidance contains the following two tables that are system specific:
  • 6. Table 12 1 CRSS Information Systems. Administration and Classified Networks Laws and Regulations includes additional laws and regulations specific to CRSS Information Systems. Administration and Classified Networks. Table 12 2 CRSS Information Systems. Administration and Classified Networks Standards and Guidance includes any additional standards and guidance specific to CRSS Information Systems. Administration and Classified Networks.Purpose This document consists of a test plan to test the security controls for CRSS ITS. It has been completed by <Your Name> for the benefit of Country Roads Space Systems. NIST SP 800- 39, Managing Information Security Risk states: The information system owner and common control provider rely on the security expertise and the technical judgment of the assessor to: (i) assess the security controls employed within and inherited by the information system using assessment procedures specified in the security assessment plan; and (ii) provide specific recommendations on how to correct weaknesses or deficiencies in the controls and address identified vulnerabilities.Scope Information System Name/Title The CRSS ITS is undergoing testing as described in this Security Assessment Plan named in Table 2-1. Table 21 Information System Name and Title Unique Identifier Information System Name Information System Abbreviation487-4587654 CRSS Information Systems. Administration and Classified Networks CRSS ITS Internet Protocol (IP) Addresses, WeB APPLICATIONS, and DATABASES Slated for Testing
  • 7. Instruction: If you plan to test any of the systems identified in the CRSS_Network.vsd Diagram, you will need to list them here, with a brief description of the system (extrapolate the function from the name based on other systems of the same type you find online) and list a priority for testing based on your view of the risk and vulnerability. Delete this instruction from your final version of this document. Please list all systems slated for testing. System Name Description Priority for Testing Roles Slated for Testing Role testing will be performed to test the authorizations restrictions for each role. <Your Name> will access the system while logged in as different user types and attempt to perform restricted functions as unprivileged users. Functions and roles that will be tested are noted in Table 26 Role Based Testing. Roles slated for testing correspond to those roles listed in the CRSS ITS SSP. Table 26 Role Based Testing Role Name Test User ID Associated FunctionsEnter Role NameEnter Test User IDEnter Associated FunctionsEnter Role NameEnter Test User IDEnter Associated FunctionsEnter Role NameEnter Test User IDEnter Associated Functions Assumptions
  • 8. Instruction: The assumptions listed are default assumptions. The Auditor must edit these assumptions as necessary for each unique engagement. Delete this instruction from your final version of this document. The following assumptions were used when developing this SAP: Country Roads Space Systems resources, including documentation and individuals with knowledge of the Country Roads Space Systems and infrastructure and their contact information, will be available to <Your Name> staff during the time necessary to complete assessments. The Country Roads Space Systems will provide login account information/credentials necessary for <Your Name> to use its testing devices to perform authenticated scans of devices and applications. The Country Roads Space Systems will permit <Your Name> to connect its testing laptops to the Country Roads Space Systems networks defined within the scope of this assessment. The Country Roads Space Systems will permit communication from Third Party Assessment Organization testing appliances to an internet hosted vulnerability management service to permit the analysis of vulnerability data. Security controls that have been identified as “Not Applicable” in the SSP will be verified as such and further testing will not be performed on these security controls Significant upgrades or changes to the infrastructure and components of the system undergoing testing will not be performed during the security assessment period. For onsite control assessment, Country Roads Space Systems personnel will be available should the <Your Name> staff determine that either after hours work, or weekend work, is necessary to support the security assessment. <ADD MORE HERE>Methodology Instruction: FedRAMP provides a documented methodology to describe the process for testing the security controls. The IAs
  • 9. may edit this section to add additional information. Delete this instruction from your final version of this document. <Your Name> will perform an assessment of the CRSS ITS security controls using the methodology described in NIST SP 800-53A. <Your Name> will use FedRAMP test procedures to evaluate the security control(s). Outline below, these test procedures contain the test objectives and associated test cases to determine if a control is effectively implemented and operating as intended. <Your Name> data gathering activities will consist of the following: Request Country Roads Space Systems provide FedRAMP required documentation Request any follow-up documentation, files, or information needed that is not provided in FedRAMP required documentation Travel to the Country Roads Space Systems sites as necessary to inspect systems and meet with Country Roads Space Systems staff Obtain information through the use of security testing tools Security controls will be verified using one or more of the following assessment methods: Examine: the IA will review, analyze, inspect, or observe one or more assessment artifacts as specified in the attached test cases Interview: the IA will conduct discussions with individuals within the organization to facilitate assessor understanding, achieve clarification, or obtain evidence Technical Tests: the IA will perform technical tests, including penetration testing, on system components using automated and manual methods <Your Name> will use sampling when performing this assessment. Control Name Data Gathering Methodology Verification method Details
  • 10. Test Plan Security Assessment Team Instruction: List the members of the risk assessment team and the role each member will play. Include team members contact information. Enter up to 3 other members after you on the first line. Fill in the role with skills you believe are needed to perform this assessment and fake contact information. Delete this instruction from your final version of this document. The security assessment team consists of the below individuals. Security control assessors play a unique role in testing system security controls. NIST SP 800-39, Managing Information Security Risk states: The security control assessor is an individual, group, or organization responsible for conducting a comprehensive assessment of the management, operational, and technical security controls employed within or inherited by an information system to determine the overall effectiveness of the controls (i.e., the extent to which the controls are implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system). The members of the IA security testing team are found in Table 51 Security Testing Team. Table 51 Security Testing Team Name Role
  • 11. Contact InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract InformationEnter Test Team POC NameEnter Test Team POC RoleEnter Test Team Contract Information Country Roads Space Systems Provider Testing Points of Contact Instruction: The IA must obtain at least three points of contact from the CSP to use for testing communications. One of the contacts must be available 24 x 7 and must include an operations center (e.g., NOC, SOC). Delete this instruction from your final version of this document. The Country Roads Space Systems points of contact that the testing team will use are found in Table 52 Country Roads Space Systems Service Provider Points of Contact (POCs). Table 52 Country Roads Space Systems Service Provider Points of Contact Name Role Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact InformationEnter CSP POC NameEnter CSP POC RoleEnter CSP Contact Information Testing Performed Using Automated Tools Instruction: Describe what tools will be used for testing security controls. Include all product names and names of open source tools and include version numbers. If open source tools are used, name the organization (or individuals) who developed the tools. Additionally, describe the function and purpose of the tool (e.g., file integrity checking, web application scanning). For scanners, indicate what the scanner’s capability is, e.g., database scanning, web application scanning, infrastructure
  • 12. scanning, code scanning/analysis). For more information see the Guide to Understanding FedRAMP. Delete this instruction from your final version of this document. <Your Name> plans to use the following tools noted in Table 53 Tools Used for Security Testing to perform testing of the CRSS ITS. Table 53 Tools Used for Security Testing Tool Name Vendor/Organization Name & Version Purpose of ToolEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool PurposeEnter Tool NameEnter Vendor and VersionEnter Tool Purpose Testing Performed Through Manual Methods Instruction: Describe what technical tests will be performed through manual methods without the use of automated tools. The results of all manual tests must be recorded in the Security Assessment Report (SAR). Examples are listed in the first four rows. Delete the examples, and put in the real tests. Add additional rows as necessary. Identifiers must be in the format MT-1, MT-2 which would indicate “Manual Test 1” and “Manual Test 2” etc. Example MT-1 Example Forceful Browsing Example Description: We will login as a customer and try to see if we can gain access to the Network Administrator and Database Administrator privileges and authorizations by navigating to different views and manually forcing the browser to various URLs. Example MT-2 Example Structured Query Language (SQL) Injection Example Description: We will perform some manual SQL
  • 13. injection attacks using fake names and 0 OR '1'='1' statements. Example MT-3 C Example Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) Example Description: We will test the CAPTCHA function on the web form manually. Example MT-4 Example Online Certificate Status Protocol (OCSP) Example Description: We will manually test to see if OCSP is validating certificates. Penetration tests must be included in this section. Delete these instructions from your final version of this document. Table 54 Testing Performed through Manual Methods describes the technical test that were performed through manual methods without automated tools. Table 54 Testing Performed through Manual Methods Test ID Test Name DescriptionTest IDTest NameEnter Test DescriptionTest IDTest NameEnter Test DescriptionTest IDTest NameEnter Test Description Rules of Engagement Security testing Instruction: FedRAMP provides a Rules of Engagement template. The IAs must edit this RoE as necessary. The final version of the RoE must be signed by both the IA and CSP. Delete this instruction from your final version of this document. A Rules of Engagement (RoE) document is designed to describe proper notifications and disclosures between the owner of a tested systems and an independent assessor. In particular, a
  • 14. RoE includes information about targets of automated scans and IP address origination information of automated scans (and other testing tools). Together with the information provided in preceding sections of this document, this document shall serve as a RoE once signed. Disclosures Instruction: Edit and modify the disclosures as necessary. If testing is to be conducted from an internal location, identify at least one network port with access to all subnets/segments to be tested. The purpose of identifying the IP addresses from where the security testing will be performed is so that when the IAs are performing scans, the CSP will understand that the rapid and high volume network traffic is not an attack and is part of the testing. Edit the below lists as needed. Delete this instruction from your final version of this document. Any testing will be performed according to terms and conditions designed to minimize risk exposure that could occur during security testing. All scans will originate from the following IP address(es): 192.168.1.250 Security Testing May Include Instruction: The IA must edit the bullets in this default list to make it consistent with each unique system tested. Delete this instruction from your final version of this document. Security testing may include the following activities: Port scans and other network service interaction and queries Network sniffing, traffic monitoring, traffic analysis, and host discovery Attempted logins or other use of systems, with any account name/password Attempted structured query language (SQL) injection and other forms of input parameter testing Use of exploit code for leveraging discovered vulnerabilities Password cracking via capture and scanning of authentication databases
  • 15. Spoofing or deceiving servers regarding network traffic Altering running system configuration except where denial of service would result Adding user accounts Security Testing Will Not Include Instruction: The 3PAO must edit the bullets in this default list to make it consistent with each unique system tested. Delete this instruction from your final version of this document. Security testing will not include any of the following activities: Changes to assigned user passwords Modification of user files or system files Telephone modem probes and scans (active and passive) Intentional viewing of Country Roads Space Systems staff email, Internet caches, and/or personnel cookie files Denial of service attacks Exploits that will introduce new weaknesses to the system Intentional introduction of malicious code (viruses, Trojans, worms, etc.)End of Testing <Your Name> will notify CRSS Project Manager at Country Roads Space Systems when security testing has been completed.Communication of Test Results Email and reports on all security testing will be encrypted according to Country Roads Space Systems requirements. Security testing results will be sent and disclosed to the individuals at Country Roads Space Systems noted in Table 61 Individuals at Country Roads Space Systems Receiving Test Results within 60 days after security testing has been completed. Table 61 Individuals at Country Roads Space Systems Receiving Test Results Name Role
  • 16. Contact InformationYour ProfessorGradingEnter CSP Contact Information Limitation of Liability Instruction: Insert any Limitations of Liability associated with the security testing below. Edit the provided default Limitation of Liability as needed. Delete this instruction from your final version of this document. <Your Name>, and its stated partners, shall not be held liable to Country Roads Space Systems for any and all liabilities, claims, or damages arising out of or relating to the security vulnerability testing portion of this agreement, howsoever caused and regardless of the legal theory asserted, including breach of contract or warranty, tort, strict liability, statutory liability, or otherwise. Country Roads Space Systems acknowledges that there are limitations inherent in the methodologies implemented, and the assessment of security and vulnerability relating to information technology is an uncertain process based on past experiences, currently available information, and the anticipation of reasonable threats at the time of the analysis. There is no assurance that an analysis of this nature will identify all vulnerabilities or propose exhaustive and operationally viable recommendations to mitigate all exposure.Signatures The following individuals at the IA and Country Roads Space Systems have been identified as having the authority to agree to security testing of CRSS ITS. ACCEPTANCE AND SIGNATURE
  • 17. I have read the above Security Assessment Plan and Rules of Engagement and I acknowledge and agree to the tests and terms set forth in the plan. <Your Name> Representative:Enter 3PAO Representative Name. (printed) <Your Name> Representative: (signature)Click here to enter a date. (date) Country Roads Space Systems Representative:CRSS Manager (printed) Country Roads Space Systems Representative: NASA PM (signature)Click here to enter a date. (date) Controlled Unclassified Information Page | 12 Acronyms Please add any Acronyms you utilize in this area, in alphabetical order. Delete this instruction from your final version of this document. The master list of FedRAMP acronym and glossary definitions for all FedRAMP templates is available on the FedRAMP
  • 18. website Documents page under Program Overview Documents. A&A – Assessment and Authorization BCP – Business Continuity Plan BIA – Business Impact Analysis BPR - Business Process Reengineering Plan CEO – Chief Executive Officer COBIT - Control Objectives for Information and Related Technologies CRSS – Country Roads Space Systems DR – Disaster Recovery Plan HOT – Hot review in auditing ISO – International Standards Organization IT – Information Technology LAN – Local Area Network NASA – National Aeronautical Space Agency NIST – National Institute of Standards and Technology POAM – Plan of Action and Milestones RA – Risk Analysis Report SAP – Security Assessment Plan SAR – Security Assessment Report WAN – Wide Area Network Unclassified Confidential Information Page 11A Appendix A – Attachments Instruction: If applicable, attachments must include penetration testing rules of engagement, penetration testing methodology, and the sampling methodology used in testing. Delete this instruction from your final version of this document. List of Attachments: image1.png image2.png
  • 19. image3.png LAN Server Interagency Wide Area Network (WAN) Other Agency Host or LAN Modem Pool Console Router/ Screener Other Agency Host or LAN Private Databases Modem Pool Internet Local Area Network (LAN) Mainframe