After reading this week’s materials, please respond to one or more of the following questions. Describe the controls contained within the three Access Control categories that can be integrated within a defense-in-depth model and give an example of one that you have read about or have knowledge of from your own experience. Describe three threats to Access Control from what were covered within the reading and give an example of each. Describe three of the intrusion detection system types used in access control monitoring covered within the reading. What is a honeypot and what are the legal concerns with using them? What are the challenges that an Identity and Access Management system helps overcome? What benefits does it provide? Describe the process of Identification, Authentication, Authorization, and Accountability. What is a race condition? Discuss the single sign-on technologies Kerberos, security domains, directory services and thin clients. What does federation provide? Unlocked: Sunday, November 19, 2017 11:59 PM EST – Sunday, November 26, 2017 11:59 PM EST. Must post first. After reading this week’s materials, please respond to one or more of the following questions. Describe the steps in the information system security audit process. Describe the differences between Black box, White box, and Gray box forms of vulnerability and penetration testing. What are the five steps a team goes through when conducting a penetration test? What are the three degrees of knowledge that a penetration team can have about the target? Discuss any three of the commonly exploited vulnerabilities targeted in penetration tests and the appropriate countermeasures to mitigate them. Discuss the various test types that Operations and Security Departments should carry out to monitor the environment’s vulnerability to attack. Define the following KPI terms: factor, measurement, baseline, metric, and indicator. What is the difference between a KPI and KRI? What are the key elements that should be included in a good technical audit report? What should be included to provide senior management a brief overview of the report highlights?

    Part 1

    Question 2: Threats to Entrance Regulate

        Unauthorized entrance to computer media and referableification are the deep threats to a networked plan. To secure that matter is referable affected and immanent loss is minimized, an structure need to fir a argumentative entrance regulate which gain cover severe referableification from qualification, abreason and inherent or premeditated unveiling (Malik & Patel, 2016). Spoofing, Choleric software and Denial of Service are some of the Entranceed regulate threats.

        Spoofing entails a program or idiosyncratic gaining an usage which is referable genuine by successfully impersonating through falsifying grounds. An pattern of this is Caller ID Spoofing whereby callers disguise their personality to distress or waste. Installing choleric software or programs such as viruses with fixed to differ or flush subvert files. Denial of Service onset (DoS onset) is whereby a computer contrivance is made secretive to the planned reasonr. This may be indefinitely or honest restraint a incomprehensive date. Restraint entreaty disrupting the configured referableification, approve routing referableification.

    Part 2

    Question 2: Black Box, White Box, and Gray Box Insight Testing

        In determining the guarantee predicament of an structure, it is inseparable to reason serviceable specialists to action twain notorious, and the unnotorious network vulnerabilities. Black Box, White Box and Gray Box are the three onset copys that can be chosen restraint the insight tests.

        A stochastic similarity is followed in the Black Box copy to the onset. Therefore, this depicts that, manifold variables or obscures are read during the utilization of this process than when using other similarityes (Antunes & Vieira, 2014). White Box similarity is deterministic compared to Black Box. This media that precedently the insight tests, the hacking team usually has a restrainttune of anterior referableification. It is more deterministic due to a poor compute of variables. The Gray Box similarity is a mongrel of the White Box and Black Box processs. This similarity entails span players: the outsider who is untrusted and the insider who is trusted to settle the network.


    Antunes, N., & Vieira, M. (2014). Insight testing restraint structure services. Computer, 47(2), 30-36.

    Malik, M., & Patel, T. (2016). Groundsbase Guarantee-Attacks and Regulate Processs. International Journal of Referableification, 6(1/2).