CIS 349 Designing Compliance within the LAN-to-WAN Domain

Strayer CIS 349 Information Technology Audit and Control, Assignment 4: Designing Compliance within the LAN to WAN Domain, 7 pages, 1426 words, for Auditing IT Infrastructures for Compliance.
Imagine you are an Information Systems Security Officer for a medium-sized financial services firm that has operations in four states Virginia, Florida, Arizona, and California. Due to the highly sensitive data created, stored, and transported by your organization, the CIO is concerned with implementing proper security controls for the LAN-to-WAN domain. Specifically, the CIO is concerned… The CIO has tasked you with proposing a series of hardware and software controls designed to provide security for the LAN-to-W AN domain. The CIO anticipates receiving both a written report and diagram(s) to support your recommendations.

Download Now
(sent via email)


Remote access to corporate resources is becoming commonplace. From an
• auditing perspective, suggest two (2) or more controls that should be in place
to prevent the loss or theft of confidential information.
I Fui~Disk Encryption: All company-owned and managed devices should have an
business-class manageable full-disk encryption solution implemented to ensure that
in the event of device loss or theft, no data is retrievable. Compliance with this control
should be regularly audited.
Two-factor Authentication: All remote access should require 2FA to ensure remote
access is protected in the event of credentials being lost or stolen.
Sandbox environment: Access from non-company equipment should only be allowed
through an SSL VPN portal system that uses a dissolvable agent to create a sandbox
environment that isolates all data transactions to a virtual disk and memory allocation
that is completely wiped when the connection terminates.
Give your opinion on what you believe are the essential elements of an
acceptable use policy for remote access. Elaborate on each item and justify its
First, I would have to say violation management, mainly to address allowing
unauthorized individuals to utilize company resources that have remote access to
company networks and data.
I would say other elements would be those that deal with privacy. Understanding that
while remotely accessing company resources and data, an employee is expected to
maintain the same level of privacy as would be available in the workplace … mainly,
not working on private information in the presence of others that could create a
disclosure or violation.