CSEC 378/418 Extra Credit 4 4 Points of Available Extra Credit Acceptable Use Policy Purpose: To analyze a scenario and create an Acceptable Use Policy addressing the poor acceptable use practices...

Instructions are attached



CSEC 378/418 Extra Credit 4 4 Points of Available Extra Credit Acceptable Use Policy Purpose: To analyze a scenario and create an Acceptable Use Policy addressing the poor acceptable use practices outlined in the scenario. Assignment: You will write an Acceptable Use Policy based on the scenario listed below. The purpose of this policy will be to specifically address the problems detailed in the scenario and to correct these problems and define consequences for violating the policy. This report submission is expected to be a minimum of 6 pages in length, double spaced, using a 12pt Times New Roman font, with 1” margins. You may look up examples online and follow a template, but everything must be in your own words. Copying large portions of a policy or copying the whole policy and adding the company name into the policy is considered plagiarism, and will result in you receiving a 0 for the assignment and disciplinary action. If you have questions about the assignment, please ask me during class or send me an email. *** Please follow the instructions on the assignment *** Write just 6 pages. Eliezer Andujar Class: Host Security CSEC 378-418 Professor: Kevin Naughton Scenario: You have been hired on as a Security Consultant by Real Good Bank. Real Good Bank states that they were recently audited and were told to create an Acceptable Use Policy that addressed the security issues in their network and followed current best practices based on NIST guidelines. The CTO has explained that company users are not set up on a Company Domain because users were annoyed by the User Access Control prompts that appeared on their screen every time they tried to access/install something as well as constantly being forced to change their password and having to come up with a complex password. In response to this the IT department at Real Good Bank decided to remove user computers from the domain, making user’s administrators on their computers, and setting their passwords to never expire. Users can install any software onto their systems now and enjoy the freedom of being able to try out cool new software that is sent to their emails. Users also decided to uninstall the Anti-Virus and Web Filtering software on their company workstations because they believed that it was causing their computers to run slowly and stopped them from installing all the games and other software that they wanted. There is currently only one ethernet network and one wireless network at Real Good Bank. The wireless network and wired network are able to communicate freely with each other because users were upset that they couldn’t use their personal smartphones and tablets to connect to company servers and access confidential data they needed to perform their jobs. Many users also prefer to bring in their own laptops and desktops to plug into the company ethernet network as they believe that their machine is better than the systems that the IT department is purchasing. Users are also currently purchasing 5-port hubs and plugging them into the 1 ethernet port at their desks because they enjoy being able to plug their own printer and other personal ethernet devices in at their desk. Employees like to save the confidential data they use at work locally on their personal devices so they can work on their projects at home. While a VPN is available, users complained that it was too slow when they were connected to it and that saving documents locally was a far better solution. If a user is ever fired from Real Good Bank, the first thing a user does is drop their company issued computer from the 34th floor of the Real Good Bank building into the dumpster. Users state this makes them feel comfortable that their data can’t be accessed once they leave. Users also will not let IT have access to their personal devices when they leave because they claim their device does not belong to IT. Users also promise that they don’t have any company data on their device or they promise that they will delete any company data that they see when they get home. CSEC 378/418 Extra Credit 3 3 Points of Available Extra Credit Research Paper Purpose: Research one of the topics listed below. Learn about the topic and write a paper detailing what you learned and what the technology is used for. Assignment: Write a 4 page (Double spaced, 1” margins, 12pt Times New Roman font) paper about one of the topics listed below. Your paper should go into detail about the function of the technology you chose and include information on common implementations. What does the technology do? How does it work and what are some requirements that must be met for it to function properly? Have there been multiple versions of the technology? If so, detail some changes that have been made in different versions. Include a works cited referencing any sources and resources you used in your research. Your submission will be graded based on how well the topic is researched and described. Your writing should be clear and concise, avoiding unnecessary repetition. It should be evident that you sufficiently researched and understand the topic. Failing to meet the length spacing or font size requirements will result in a loss of points. TOPICS · Ansible · Kubernetes · Vagrant · Jenkins · Docker · Git · DNSSEC · AWS · Palo Alto Firewalls · Cisco Firepower If you have questions about the assignment, please ask me during class or send me an email. *** TOPIC WILL BE WHAT EVER THE WRITER FINDS MORE EASIER TO DO, FROM THE TOPICS ABOVE. ***Make sure to follow the instructions on the assignment. Eliezer Andujar Class: Host Security CSEC 378-418 Professor: Kevin Naughton