1. From your computer workstation, create a new text document called Compliance Lab #4.
2. Review the following scenario:
Your organization is a governmental agency that serves a vital role in homeland security functions. In fact, your hiring took longer than you would have liked because it seemed as though the organization's managers wanted to know a lot about you before they gave you clearance to work. After a year at the job, your manager feels your progress has come a long way, so she is giving you more responsibility and has asked you to analyze the benefits of reporting risks, threats, and vulnerabilities in an IT assessment that is under way. Your manager would like for you to conduct research and report your findings about the type of vulnerabilities that require disclosure and when it is lawful or unlawful to conceal information produced by vulnerability assessments. She would also like for you to include some trends on current security threats and the types of responsible disclosure being performed by other organizations.
3. Launch your Web browser and type in the Web address https://www.sans.org. In the Custom Search box on the Web page's upper right corner, search for "How do we define Responsible Disclosure?" On the search results page, click on the top link labeled "How do we define Responsible Disclosure?" to open the pdf article. Read about the following topics:
a. Vulnerability Life Cycle
b. Types of Disclosure
c. Nondisclosure
d. Full Disclosure
e. Limited Disclosure
f. Responsible Disclosure
g. Existing Policies and Proposals
In your text document, note one relevant point about each section.
4. In your Web browser, open the document "Symantec Global Internet Security Threat Report" provided by Symantec Corporation at https://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf. Review the Highlights section of the document that discusses the main concepts in each section. Then, review the following topics in the document:
a. Threat Activity Trends
b. Vulnerability Trends
c. Malicious Code Trends
d. Phishing, Underground Economy Servers, and Spam Trends
In your text document, note one relevant point about each section.
5. In your Web browser, type the Web address https://www.zerodayinitiative.com/advisories/published/. Review some of the links on the page provided by the respected security experts at TippingPoint DVLabs and others.
6. Research other available resources (Internet resources, your textbook, and so on) to validate how performing periodic security assessments throughout the seven domains of a typical IT infrastructure can help an organization achieve compliance. In your text document, explain how performing periodic security assessments throughout the seven domains of a typical IT infrastructure can help an organization achieve compliance.
7. In your text document, write an executive summary describing how security assessments throughout the seven domains of a typical IT infrastructure can help organizations achieve compliance by mitigating risks and threats.
8. Submit the text document to your instructor as a deliverable for this lab.