User Account

All Pages

How would they notify the department of homeland security

Assignment Help Management Information Sys
Reference no: EM131464682

Audit Defense Practice

A key responsibility for security professionals is representing organizations during audits, either internal or external. Since our case study involves cyber security for a chemical facility, we'll be practicing this skill by responding to questions that might be generated by an inspector with the Department of Homeland Security (DHS).

Consult the attached document to get your assigned audit question and post to the Wiki your question and answer so that we can share the learning experience.

PureLand Wastewater Compliance Audit

Objective

This assignment requires the students to answer questions as might be encountered while undergoing a compliance audit regarding Department of Homeland Security Chemical Facility Anti-Terrorism Standards (CFATS) regulations. The students will play the role of a Cyber Security consultant being audited by a DHS compliance inspector.

Instructions for assignment

1. Find your assigned question from the table below

Student Name

Assigned Question

Name 1

2.1

Name 2

2.2

Name 3

2.3

Name 4

2.4

Name 5

2.5

Name 6

2.6

Name 7

2.7

2. Using the Risk-Based Performance Standards

Guidance Chemical Facility Anti-Terrorism Standards document for reference, research and write an answer for one of the following questions (assigned to you based on a random draw) from a DHS inspector conducting a site inspection. Consult your team members if you need help. After the team has compiled all their answers, get ready to be audited by the instructor. You'll have 20 minutes to research and write your answer.

2.1. What systems listed on your PureLand Network Diagram do you consider to be the most critical systems? Why did you pick these systems as most critical?

2.2. What do you feel are the most important elements of a successful change management process? How will you ensure that changes made to the Cyber systems at PureLand Wastewater won't lead to Cyber Security Incidents?

2.3. Is there currently any segregation of systems at PureLand based on criticality of the systems? If yes, please explain the segregation strategy. If not, please explain what plans are being developed to segregate assets on the network based on risk.

2.4. What methods are used or planned for implementation to manage passwords? Is there any differentiation in how end user and privileged (e.g., system administrator) accounts are managed?

2.5. Is there currently any Cyber Security awareness and training program in place at PureLand? If yes, please explain the frequency and method of documenting completion. If not, please explain what topics will be included in your awareness program and how you plan to document and track compliance.

2.6. What kinds of technical controls are being used at PureLand to prevent malware attacks? What additional controls are planned for implementation within the next 24 months?

2.7. If PureLand was aware of a Cyber Security incident taking place at their facility, what is the protocol for responding to and reporting the incident?

2.8. What measures does PureLand take (or plan to take) to secure Safety Instrumented Systems to prevent Cyber Security incidents from causing a catastrophic event?

2.9. Does PureLand have an up to date inventory of hardware connected to their network? What is included in the inventory? Is PureLand aware of new devices being added to the network? What technology is used to gain awareness of what devices are connected to the network?

2.10. What do you feel is the greater risk driver for PureLand Chemical theft or diversion or release of the Chemical of Interest and why?

2.11. Provide some examples of areas you feel have physical security concerns related to cyber assets along with brief explanations of why they have higher risk.

2.12. What are the requirements you will have for the person who will manage your cyber security program?

2.13. Does PureLand use shared accounts for accessing computer systems? What are the risks associated with use of shared accounts and how might you mitigate these risks?

2.14. Does PureLand use separation of duties as a security practice? What duties are separated or planned to be separated and why?

2.15. What kinds of controls are in place to ensure access to devices or information is managed appropriately? What processes are used or planned to manage changes to the workforce?

2.16. If PureLand had a Cyber Security Incident take place (for example, an APT penetration), who would PureLand IT folks report the incident to internally and externally? How would they notify the Department of Homeland Security?

Reference no: EM131464682

Questions Cloud

What judgments can you make about police jurisdictions : What judgments can you make about police jurisdictions? Where may police jurisdictions be in the next 10 to 20 years? Explain.
Find the mean and the sampling or nonsampling error : Find the mean and the sampling/nonsampling error. Calculate the mean and standard deviation for the probability distribution you developed.
Describe relationship between the two variables in four plot : Distinguish between the following: Regression coefficient and correlation coefficient. r = 0 and r = 0.
Companies to work for by using a search engine : Locate a list of the 100 best companies to work for by using a search engine. (WE DID THIS AS A TEAM)
How would they notify the department of homeland security : What do you feel are the most important elements of a successful change management process?
Company uses standard costing-compute budgeted fixed cost : ABC Company uses standard costing. Compute the budgeted fixed cost per labor hour for the fixed overhead separately for each plant:
How much discretionary buying power do you have each year : Following are six questions that might be found on questionnaires. Comment on each as to whether or not it is a good question. If it is not, explain why.
What are the major problem assumptions : One design problem in the development of survey instruments concerns the sequence of questions. What suggestions would you give to researchers designing.
Why is it desirable to pretest survey instruments : One of the major reasons why survey research may not be effective is that the survey instruments are less useful than they should be.

Reviews

Write a Review

Management Information Sys Questions & Answers

  Discuss about the natural steps in it organization

Explain how IT strategy facilitates organizational decisions that are related to the forces that shape the role of IT within an organization (consider domestic and global environments).

  What are some disadvantages to hardware standardization

When choosing network hardware, why would it be recommended to standardize at least some types of hardware? What are some disadvantages to hardware standardization? When would you recommend hardware standardization or would you recommend it at all..

  Partitioned viewsplease answer the following- what are

partitioned viewsplease answer the following- what are partitioned views?- why are they useful?- provide an example of

  Class information management in healthcareavoiding

class information management in healthcareavoiding liability patient safetydeveloped by practice spath for use in the

  Payroll cycle- harware and software controlsin respects to

payroll cycle- harware and software controlsin respects to the payroll cycle - think of what hardware and software

  Develop a project vision statement

Can your experts do this under Modelling Enterprise Architecture - You should identify an IS/IT project that Valentinos need. Develop a Project Vision statement, a Scope diagram and identify some potential benefits and costs.

  Find the domestic production costs

What happens when the cost of exporting and importing catch up to domestic production costs due to increased transportation and labor costs

  What are some of formal and informal role for given position

Why is there a difference between these two situations? Choose a specific job held by an IT professional. What are some of the formal and informal roles for this position?

  Challenges to design a supply chain

Challenges to design a supply chain - If you were to be tasked to design a supply chain, what are some of the challenges that you might face?

  Evaluate the corporate functions according to their needs

HealthCare Strategies Inc. was founded in 2005 to deliver a wide variety of healthcare and information technology services to home health agencies, hospices, hospitals, and other health-care providers in a cost-effective manner. The company focuse..

  Process improvement framework and problem solving framework

Compare and contrast the fundamental differences between process improvement framework and problem solving framework

  This addresses multitech amp low-voltage components

this addresses multitech amp low-voltage components situationsmultitech interview situation you have an interview for

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd