LAN or WAN compliance auditing in an organization

LAN or WAN compliance auditing in an organization

This is an assignment that discusses the  LAN or WAN compliance auditing in an organization. The paper also discusses the control definition in various aspects in the topic.

LAN or WAN compliance auditing in an organization

Firstly, read the scenario below and complete the associated worksheet. Tidewater LLC is an organization that produces and sells apparel for men, women and children online. The company has grown 70% over the past 2 years and is building a new facility to support the continued growth. Because of the growth, the leadership within the organization has not been able to validate compliance of the SLA’s. Also, feel that the vendors do not have the best interest of Tidewater LLC in mind.

Consequently, there is a CIO and web developer acting as the IT staff. Tidewater LLC is in the process of recovering all IT services into the server facility being housed in their new facility. Tidewater LLC wishes establish and staff an IT department with a system administrator, network administrator, two general technicians, cyber security specialist and a full time system auditor. The new office is a 2000 sqft open office with the server room located in an adjacent room. Hardware supporting the organizations IT services include 100 desktop computers supporting the staff, network switches, routers. A firewall, Maciffy Security Appliance to provide intrusion detection, prevention. Additionally, antivirus protection, Network Attached Storage (NAS) for users to have a home drive as well as a shared networked drive for collaboration and sharing, an IIS server for website management and a call manager for VoIP.

LAN or WAN compliance auditing in an organization

Secondly, Wi-Fi access points will be as the network installation progresses. Email will be managed by an exchange server. The only service outsourced is a 100mbps connection for Internet and VPN’s between the organization and its suppliers. Current employees have a desk with computer. There are no prerequisite requirements such as training for users to have accounts created. All data storage is by a third party vendor in a shared envi‌‌‍‌‌‍‍‍‌‍‍‌‍‍‍‌‌‌‍ronment. Also, no controls are implemented to prevent any user from accessing any other user’s files or folders.  Utilizing the NIST 800-53A, develop a control sheet that the organization should implement.

Control Definition

This control sheet should encompass controls that apply to the users and systems within the organization. You will brief these controls to the CEO and CIO and explain why you choose these controls and any impact it will have to the organization. Additionally, from the Access Control (AC) family of the NIST 800-53A, select three controls you would recommend be implemented. Why Chosen From the Security Awareness and Training Policy and Procedures (AT) of the NIST 800-53A, select three controls you would recommend be implemented. Why Chosen From the Audit and Control (AU) section of the NIST 800-53A, select three controls you would recommend be implemented.

Finally, why Chosen From the Configuration Management (CM) section of the NIST 800-53A. Select four controls you would recommend to implement. Why Chosen From the Security Assessment and Authorization (CA) section of the NIST 800-53A, select three controls you would recommend be implemented. Why Chosen From the Contingency Planning (CP) section of the NIST 800-53A, select two controls you would recommend be implemented.