CIS 462 SCADA Stuxnet Worm

Strayer CIS 462 Security Strategy and Policy, Case Study 2: SCADA Worm, 6 pages, 1212 words, Graded A, Security Policies and Implementation Issues
Protecting the nation’s critical infrastructure is a major security challenge within the U.S. Likewise, the responsibility for protecting the nation’s critical infrastructure encompasses all sectors of government, including private sector cooperation. Search on the Internet for information on the SCADA Worm.
Write a three to five page paper in which you:
1. Describe the impact and the vulnerability of the SCADA / Stuxnet Worm on the critical infrastructure of the United States.
2. Describe the methods to mitigate the vulnerabilities, as they relate to the seven domains.
3. Assess the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure.
4. Assess the elements of an effective IT Security Policy Framework, and how these elements, if properly implemented, could prevent or mitigate and attack similar to the SCADA / Stuxnet Worm.
Exclusive and Original document Available only on Course Answer

Download Now
(sent via email)

Discussion 1

Determine the primacy considerations that an organization would need to take into account when developing the security policies involving bring your own device (BYOD), portable and mobile devices. Security is the primacy consideration that organizations must prepare for when allowing BYOD devices. These devices could become a gateway to the organization’s network and assets for malicious programs. Configuring each user’s personal device to work securely with the organizations network, active directories, and files could become burdensome on the organization’s IT department. Another consideration is how the organization will ahear to policies and regulations regarding PII and their customers information. Many organizations require devices to be enabled with a remote wipe function, should they be lost or stolen. list and examine the major challenges of enforcing policies concerning BYOD, portable and mobile devices. A major challenge with enforcing policies on BYOD devices is that the devices are also used in the wild, that is to say that users access sites, programs, and files that would not typically be approved on organization networks. An acceptable use policy is typically used for organization devices and networks, but with BYOD organizations relies heavily on the user’s self-policing, and good judgment. Another major challenge is staying within compliance of policies and regulations, a lost device can result in a reportable breach unless the device is enccypted. The threat of BYOD devices infecting the organization with malware or worms is another major challenge organizations need to consider before allowing BYO D access to their networks.

Discussion 2

Analyze the IT infrastructure assets that are commonly located in the DMZ. Determine how the types and size of the organization may impact the structure of the DMZ. In Korea, the demilitarized zone is a strip of land in the Korean Pennisula that acts as a buffer zone between North and South Korea. In network security, the concept of a demilitarized zone is the same. The DMZ is the portion of a network that sits between the big bad Internet and the local area network. The purpose of the DMZ is to allow organizations to have managed assets that are most vulnerable to attack and most interactive with the outside world to be in a secluded area so that any threats or attacks do not pass into the LAN. In the DMZ, there are usually email servers, web servers, DNS servers, FrP servers, and VoiP servers. These servers, while providing for the local area network, have restrictions for the local area network and for the big bad Internet. As far as the type and size of the organization, a DMZ’s structure is going to depend on the needs of the orgnaizations or services that it provides. There is definitely not a set way to structure a DMZ. The organization has to decide on what needs to be in the DMZ and what does not. Propose at least three policies that organizations need to implement for traffic flowing into the DMZ and out of the DMZ. Firewall policies are key for the DMZ. Organizations also needs IDPS configuration policies that protect this area. There must also be policies on VPN and remote access, as users have to pass through the DMZ.