October 25, 2021

Security Assessment Report Template

Question 1:

Create a diagram for a better approach for compliance, based on one of the following frameworks: PCI, HIPAA, NIST, or any other accepted framework.

Ideally, the network will be an Enterprise-class consisting of 1000+ clients for various corporate departments, with 50-100 servers providing typical network services. The network infrastructure will be using Layer 3 switches and layered routing to provide separation of subnets.

Your diagram, at a minimum, should include the following secure network design elements: Firewalls, IDS/IPS, DMZ, Vlans, Border and Gateway routers, private IP addressing, Isolated Server Subnets, Network Access Control, and VPN concentrator.

Question 2:

Based on an question 1

Include the following in your report (add sections to the template as needed):

1. An overview of why the report is being written

2. A paragraph description of the system

3. A paragraph outlining the framework governing the enterprise

4. Major gaps that were found

5. Remediation that is recommended

6. A high-level diagram that represents the current state of the system

7. An equal diagram depicting the proper end state

Refer to the “Security Assessment Report (SAR),” within the required readings. This resource provides detailed explanations of each section that should be included within the assessment report.

Refer to the “System Security Assessment Report Template” and the following “Framework Findings and Recommendations Scoring Guide,” prior to beginning the assignment to become familiar with the expectations for successful completion.

APA style is not required, but solid academic writing is expected.

Security Assessment Report Template

System Assessment Report For: {System Name}

Version:

Date:

Prepared By:

Overview

Purpose:

The following report looks to carry out a security assessment on the network topology of an institution. The report is established to function as a backend communication channel for the entire institution’s systems, devices, including workstations.

Scope:

Generally, the assessment report is envisioned to guarantee the security, effectiveness, and support of the designed network topology as well as help in the institution’s network infrastructure’s management (Carter et al., 2021).

Applicable Laws and Regulations

The following laws and regulations are applicable:

Some of the applicable data protection laws include the CISA (Cybersecurity Information Sharing Act), which allows institutions to assess network traffic and take defensive measures meant to protect their systems. The CISA encourages organizations to share cyber-threat data with the government (McNicholas & Angle, 2021).

The United States cybersecurity laws are present at state and federal levels, and they differ following the commercial sectors. Nonetheless, numerous organizations depend on omnibus frameworks such as the NIST Cybersecurity Framework. The NIST framework is essential in this instance considering that it helps businesses take steps in assessing and identifying probable material risks, policy implementation, and design, including controls, meant for the protection of a firm, detect and monitor for realized risks and anomalies, and adequately and promptly responding to incidents (McNicholas & Angle, 2021).

Applicable Standards and Guidance

The following standards and guidance are applicable to the organization:

The NIST Framework is essential in this instance, considering that it will help the firm implement a new security policy, protocol, strategy, or framework. The stakeholders’ involvement is a significant aspect that also needs observation. With the NIST framework, the institution’s standards will require the employees to know and understand what the organization expects from them in guaranteeing security integrity, including what the NIST guidelines contain. Therefore, creating an awareness and training program will be a basic package in the implementation plan, which will also help raise every person’s awareness (Carter et al., 2021).

Moreover, following the establishment of the training programs, which look to assist in reinforcement, the organization should create a cybersecurity culture. The firm’s culture should be centered on offering the best security practices. In this regard, the security team’s responsibility is to help cultivate a collaborative and security awareness culture.

System Overview

System Name

The name of the system in this instance is the network infrastructure.

General System Description and Purpose

The system is essential for daily operations in the firm. Numerous firms in a period of technological innovations are presently very dependent on the network infrastructures that aid them in completing and organizing consumer inquiries and orders.

Security Categorization

The system’s infrastructure includes; the head office that includes the remote network connection region and the different systems and workstations, including the data and client servers. The firm has introduced a remote network system to ensure that work becomes more reliable for individuals who continue working at home after office hours. They are linked with the organizations through the internet and have a server connected for data storage and security that any other office can share.

Assessment Methodology

Performed Tests

Risk Assessment Approach: Risk assessment, together with risk management and communication, are among the most significant risk analysis components that are used as the general strategy for managing, addressing, and risk mitigation (Sotnikov, 2021).

Identification of Vulnerabilities

The overall significance of overlap linking risk communication, management, assessment elements is prearranged. Nonetheless, the risk assessment needs some functional separation. Such separations are applied to guarantee that the issue is addressed clearly and transparently and has a scientific foundation.

Performed Risk Analysis

The risk analysis’ primary goal is identifying the threats and vulnerabilities associated with the firm’s capacity to deliver consumer’s services (Sotnikov, 2021). Performing risk assessment helps identify different actionable and reliable plans associated with the firm’s operations where the business’s network and computer are highlighted as a latent high-risk system.

Security Assessment Results

The risk assessment is fashioned to align with the organization’s risk management process that further considers both the external and the internal factors, which in return affects the performance and safety of the organization’s network infrastructure. Within this framework, an individual is estimated to classify the objectives and decisions, which should be used as output risk assessment results.

Non-Conforming Controls

Every NIST security framework tier implementation ought to play a significant role during the NIST framework’s implementstion a communication tool to discuss the budget, risk appetite, and mission priority. The organization’s unique position of their internal information resources, organizational requirements and objectives, including the risk appetite against the desired outcomes, which the Framework Core explicity introduces and explains, will be characterized by the framework profiles (Carter et al., 2021).

Authorization Recommendations

The NIST cybersecurity framework includes security different controls utilized in monitoring and controlling the cyber events and security features associated with an organization. Therefore, the organization should identify, select, and implement several security controls that are most suitable and reliable to help in protecting the organization’s critical infrastructure (Carter et al., 2021).

System Status

Current View

End

References

Carter, T., Kroll, J., & Bret Michael, J. (2021). Lessons Learned From Applying the NIST Privacy Framework. IT Professional, 23(4), 9-13. https://doi.org/10.1109/mitp.2021.3086916

Sotnikov, I. (2021). How to Perform IT Risk Assessment. Blog.netwrix.com. Retrieved 22 October 2021, from https://blog.netwrix.com/2018/01/16/how-to-perform-it-risk-assessment/.

McNicholas, E. (2021). Cybersecurity 2021 | Laws and Regulations | USA | ICLG. International Comparative Legal Guides International Business Reports. Retrieved 22 October 2021, from https://iclg.com/practice-areas/cybersecurity-laws-and-regulations/usa.

Collepals.com Plagiarism Free Papers

Are you looking for custom essay writing service or even dissertation writing services? Just request for our write my paper service, and we'll match you with the best essay writer in your subject! With an exceptional team of professional academic experts in a wide range of subjects, we can guarantee you an unrivaled quality of custom-written papers.

Get ZERO PLAGIARISM, HUMAN WRITTEN ESSAYS

Why Hire Collepals.com writers to do your paper?

Quality- We are experienced and have access to ample research materials.

We write plagiarism Free Content

Confidential- We never share or sell your personal information to third parties.

Support-Chat with us today! We are always waiting to answer all your questions.

Security Assessment Report Template

Related Posts

A company may be profitable but cash-poor, or generate millions of dollars in revenue but still not profitable

SOCW 8110 WEEK 1 DISCUSSION

Discuss ways to use lean to improve one of the following: a pizza restaurant, a hospital, or an auto dealership.