Are you pressed for time and haven’t started working on your assignment yet? Would you like to buy an assignment? Use our custom writing services for better grades. Even if your deadline is approaching fast, our writers can handle your task right when you need it.
Order a Similar Paper Order a Different Paper
I would like to get this attached lab done
I would like to get this attached lab done
Document Sections Lab Purpose – General discussion of the purpose of the lab Lab Goal – What completing this lab should impart to you Lab Instructions – Instructions for carrying out the lab Lab Deliverables – What you have to submit to your instructor Lab Resources – NIST Cybersecurity Framework (NIST CSF) available under Lab Resources. Lab Purpose Operational Technology (OT) and Information Security (Infosec) are a constantly growing and changing areas of concern for governments, corporations, and individuals. Technology itself changes at a pace much faster than ever seen before. As technology advances, so do the security issues. As new technology presents new security challenges, information security must concern itself with the old and the new technology; thus, producing a constant layering. As a security aware professional, recognizing the need for controls in all areas of the cyber domain (physical, people, and technology) is critical for your success and the success of your organization, and for your personal security. Infusing Internet of Things devices with Operational Technology instruments, processes, and artifacts creates opportunities for better security as well as introducing new vulnerabilities that must be protected against. The purpose of this lab is to increase your awareness and sources of awareness of Operational Technology vulnerabilities, security design, and defense-in-depth by building a Risk Assessment Plan with the aid of the NIST CyberSecurity Framework (NIST CSF) . NIST CSF provides a common organizing structure for multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively today. It is applicable to organizations relying ontechnology, whether their cybersecurity focus is primarily on information technology, industrial control systems , cyber-physical systems , or connected devices more generally, including the Internet of Things. While performing the lab, and creating lab deliverable, please keep the governance framework and policy perspectives in mind. The focus of this lab is not just the technical review, but also need to review the policy concerns. Lab Goals Upon completion of this lab, you should have: Increased your awareness of Information Security influences on Operational Technology and building design. Improved your understanding of the relevance of infrastructure security based on functions, categories, subcategories, and reference structure of the NIST Cybersecurity Framework. Increased recognition of cybersecurity influences on attributes of our society’s critical infrastructure. Lab Instructions 1. Data Center Facility (30 points). (a) Identify and Describe the Data Center Facility that supports Online Banking System for a Regional Bank. (b) Identify the numbers of people that may be on site at operational times, and access points and barriers to entry to important areas. (c) Provide complete schematic (graphic symbols rather than realistic pictures) of the Data Center Facility. Label the Assets in the schematic. Here is an example: Using paper and pencil, or Lucidchart.com (Links to an external site.) (login with your ASU-Gmail credentials) or Microsoft Visio, Take a screenshot image (cut/paste) of your completed schematic into a Word document. 2. Risk Assessment by answering these prompts based on NIST CF. Each prompt is 30 points. (Type the question then the answer). A. Identify: Refer to NIST CSF: ID.AM-1 & 2, ID.BE-3 & 4, and ID.RA-1 & 3. In a Word Table, state the following for Identify: Asset: Create an inventory of physical assets and cyber assets (devices and systems) within the facility. Criticality: Prioritize these assets based on their criticality to the business functions of the organization. Vulnerability: Identify a vulnerability for each asset. CVE Site ID: Link to the example of vulnerability from the CVE site https://cve.mitre.org/cve/ (Links to an external site.) B. Protect: Refer to NIST CSF: PR.AC-1 & 2 and PR.AT-1 & 2. Describe 2 ways to protect the physical assets. Describe 2 ways to protect the cyber assets. Explain 2 topics that are in a security training program for employees who have privileged users access based on their job role. C. Detect: Refer to NIST CSF: DE.CM-2, 3, & 8. How would you know if a someone or something was attempting to access, disable, degrade, or destroy one or more of the devices and/or systems in the facility? Which types of systems are implemented to identify occurrences of physical security breaches? Which types of systems are implemented to identify occurrences of cyber security breaches? D. Respond: Refer to NIST CSF: RS.AN-1, 2, 3 and RS.CO-4 & 5. How would you respond to the anomalies and events through the systems you have would implement? Which type of response plan is necessary when physical security is breached at the facility? Which type of response plan is necessary when cyber security is breached at the facility? E. Recover: Refer to NIST CSF; RC.RP-1 and RC.CO-1 & 2. Which steps are in place to recover from actions intended to access, disable, degrade, or destroy the assets ? Which type of recovery plan is needed for physical security breaches that occur at one of the critical areas in the facility? Which type of recovery plan is needed for cyber security breaches that occur at one of the critical areas in the facility? Lab Deliverables When using resources to support your work, required to use APA mechanics. (20 points) To obtain full points, you are required to provide: Introduction Your Data Center Facility schematic Risk Assessment Conclusion References (minimum of 3 references) Please formulate your lab report based on information security governance perspectives! Lab Resources NIST Cybersecurity Framework: https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf CVE site https://cve.mitre.org/cve/