I think the hardest part of this assignment was actually coming up with the formatting for both the Action Plan and the Final Presentation. After almost two-weeks of work on the action plan, I'm still not 100% content with my format selection. But, after a while, I had to let that go and just get it done.
The formatting for the Final Presentation was not quite so difficult to select, but it was still a bit of a challenge.
Finding specific references for what I knew were findings was also very challenging to say the least. Of particular note along this line was finding a reference for passwords--password complexity, history, minimum and maximum lifetimes, etc. The best reference I could come up with was NIST Special Publication 800-53, "Recommended Security Controls for Federal Information Systems
and Organizations". Appendix F, the Security Control Catalog had a reference for passwords. Although, it states the organization sets the standards as far as complexity, history, etc.
For this project, all my references ended up coming from NIST and DISA. Again, DISA is part of the DoD, but their security checklists can easily be applied to any organization.
For this project, all my references ended up coming from NIST and DISA. Again, DISA is part of the DoD, but their security checklists can easily be applied to any organization.
No comments:
Post a Comment