Controls Placed On a File Server.
Instruction
Assignment 2B Risk Assessment and Risk Mitigation Control Learning Objectives and Outcomes ♣ Select appropriate security controls for a given scenario. Assignment Requirements You are an employee for a health care organization—I Care. I Care has recently installed five Windows Server 2012 machines. These file servers are for application and file sharing as your working organization has grown threefold in just two years. Using your risk management skills and your research on NIST templates, list five to seven controls that could be placed on a file server. Be sure to provide an explanation for each control you recommend. Also, explain how this would or would not reduce risk. Summarize your thoughts in a Word document and submit it to your instructor. Participate in this discussion to engage in a meaningful debate regarding your choices of security controls as part of the risk management process. You must defend your choices with valid rationale. Required Resources None Submission Requirements ♣ Format: Microsoft Word ♣ Font: Times New Roman, 12-Point, Double-Space ♣ Citation Style: APA ♣ Length: 1–2 pages Self-Assessment Checklist ♣ I have engaged in discussion of the assigned topic(s) with at least two of my peers. ♣ I have raised questions and solicited peer and instructor input on the topic(s) discussed. ♣ I have articulated my position clearly and logically. ♣ I have supported my argument with data and factual information. ♣ I have provided relevant citations and references to support my position on the issue discussed. ♣ I have compared and contrasted my position with the perspectives offered by my peers and highlighted critical similarities and differences. ♣ I have solicited peer and instructor feedback on my arguments and propositions. ♣ I have offered a substantive, critical evaluation of the peer’s perspective on the discussed issue(s) that is opposite of mine, and supported my critical review with data and factual information. ♣ I have covered topical requirements assigned for this document. ♣ I have captured critical points of the discussion. ♣ I have summarized different perspectives offered by the discussants. ♣ I have summarized 2-3 major learning moments I experienced during the discussion. ♣ I have briefly discussed how my perspective changed or got validated through this discussion. ♣ I have provided feedback on how the discussion could be improved. ♣ I have followed the submission requirements.
Controls Placed On a File Server
Name
Institution
The controls that could be placed on the server by the use of control management skills on the NIST templates are access control, physically securing the server, device encryption, keep the server is up to date, and it fully patched, use antivirus software, remove any unwanted software, and use of the auditing function.
In controlling the access of files, one should use the new technology file system, to control the access of some folders and files by specific individuals or groups. One can also decide to delete any file or folder that is confidential. In the control of physically securing the server, use a strong password to protect the basic input or output system (BIOS), and the boot leader. This will prevent any intruder from accessing the server.
In encrypting the device, one should use systems that will keep the device safe even in a case when the drive gets stolen. Use methods like the BitLocker, as it will assist in device encryption. Another control used is a fully patched and update the updated server. A windows server should be fully updated at all times, and this can be done using the Windows Server Update Services (WSUS). In using the antivirus software, make sure a to use a suitable file server on the file. In many situations, the enterprise products give the chance of updating the virus signature form a local update server.
In the control measure of removing any unwanted software, it is crucial to get rid of any unwanted software from the windows server. Unwanted software is like Flash and Java. This unwanted software’s increases the risk of a server from getting hacked as it is easy for hackers to gain access to the address. The last possible control method is by sung the auditing function. This function is essential as it helps one to see any unauthorized person who is attempting to read, write or delete any file or folder that is confidential. The function can be set up by choosing the Security tab and choosing the option Auditing tab and under Advanced.
Reference
Ballew, J. (2016). Secure and Protect Windows To Go Drives. In Windows To Go (pp. 89-108). Apress, Berkeley, CA.