Define an SLA and state why it is required in a risk adverse organization Essay Example for Free

Define an SLA and state why it is necessitate in a risk adverse organization Essay1. This is a closed-book, closed-notes quiz. No reference cloth (including assignments and labs) will be permitted for use during the quiz session. 2. The quiz contains the following types of questions* Short essay type3. Place your answers in the space immediately following all(prenominal) question.Quiz Questions1. Define an SLA and state why it is required in a risk adverse organization. A SLA is a service level agreement, which is a curve between the ISP and the company. A SLA gives the company an idea of how much time they will be without services, should something happen with the ISP. A SLA is important to a company in make recovery plans, knowing what critical systems need to be available for a continuance of business and formulation of disaster recovery.2. Using the user domain, watch risks associated with users and let off what toilette be done to mitigate them. The user domain has several risks involved, as people are involved and there is no way employees privy be monitored without the use of CCTV. Social engineering a person trying to obtain information through malicious means. The greatest shaft in mitigating risk in the user domain is bringing up and reminders for users to be aware of their surroundings. No acceptable users policy, AUP, or lack of training employees on the correct usage of the network. User accounts left active, if the employee is terminated, and another employee has the log on credentials. Mitigation would to be disabling all user accounts upon termination. .3. Using the workstation domain, define risks associated within that domain and explain what can be done to reduce risks in that domain.The use of USBs or disk, the files could contain viruses and infect other files or applications on the network. No acceptable users policy, AUP, orlack of training employees on the correct usage of the network. The users staying signed into thei r accounts when leaving their desk. Session timeout would facilitate with this risk, but training and follow up with need to be done as well.4. List four compliance laws or regulations or mandates, and explain them. HIPAA- covers all healthcare industries and states all patient information must be encrypted in storage, transmissions, and restrictions on access to the information.SOX- cover all publically traded companies and require auditing of the accounting procedures of the business. The reports required by SOX are reported to the SEC. Access to the financial information is restricted and based on need to know.FISMA- covers government agencies and is to ensure all assets of the government are protected. Assets like information, operations and actual machinery are protected from hackers or internal threats. Guidelines to develop a security guideline for government agencies, requires regular audits.CIPA-Child Internet resistance Act- covers federally funded entities than provide internet services to individuals, schools and libraries. The Act requires content filters to be used to prevent children from being exposed to harmful content, pornography and illicit sites on the internet.5. Define risk with a formula. Explain what each variable means. Risk= Threat x Vulnerability- Threat is any compromise in the network that can be used for malicious behavior, an example worm, or Trojan horse. Vulnerability- is a weakness in the software or OS of a network that can be exploited for malicious intent. The two multiplied equals a risk to the information, assets or intellectual property of a business.