Project Part 5: Security Audit Procedure Guide

Project Part 5 Security Audit Procedure Guidescenarioalways Fresh Wan

Develop a procedure guide to ensure that a computer adheres to a standard security baseline and has no known vulnerabilities. For each application, fill in details for the following general steps: 1. Acquire and install the application. 2. Scan computers. 3. Review scan results. 4. Identify issues you need to address. 5. Document the steps to address each issue. Required Resources · Internet access · Course textbook Submission Requirements · Format: Microsoft Word (or compatible) · Font: Arial, size 12, double-space · Citation Style: Follow your school’s preferred style guide · Length: 2 to 4 pages Self-Assessment Checklist · I created a procedure guide that provides clear instructions that anyone with a basic technical knowledge base can follow. · I created a well-developed and formatted procedure guide with proper grammar, spelling, and punctuation. I followed the submission guidelines

Paper For Above instruction

Introduction

Ensuring computer systems adhere to a standard security baseline and are free of known vulnerabilities is critical for organizational cybersecurity. This paper presents a detailed procedural guide to assess and enhance the security posture of Windows computers within Always Fresh Wan, utilizing the Microsoft Security Compliance Toolkit for compliance checks and OpenVAS for vulnerability scanning. The protocol outlined herein is designed to be accessible to personnel with basic technical knowledge by providing step-by-step instructions for acquiring, installing, scanning, reviewing, and remediating security issues identified on organizational computers.

Application 1: Microsoft Security Compliance Toolkit

  • Acquire and Install: Download the Microsoft Security Compliance Toolkit from the official Microsoft website. Install the toolkit by executing the downloaded setup file and following on-screen prompts. Ensure that the latest version of the toolkit is used to have updated security baselines.
  • Scan Computers: Launch the Security Compliance Toolkit and select the security baseline assessments applicable to your Windows operating systems. Run the assessment scans across all organizational devices, either manually or via scripting for automation.
  • Review Scan Results: After the scan completes, review the generated reports for compliance status, noting any areas where configurations deviate from Microsoft's recommended baseline settings.
  • Identify Issues: Identify specific settings or configurations that do not align with the baseline. Common issues include improper user permissions, disabled security features, or outdated configurations.
  • Document Remediation Steps: For each non-compliant setting, record precise steps to rectify the issue, such as enabling specific security policies, updating configurations, or applying recommended group policies. Document scripts or commands used to automate remediation where applicable.

Application 2: OpenVAS Vulnerability Scanner

  • Acquire and Install: Download OpenVAS from the official Greenbone website or repository. Follow installation instructions specific to your operating system. Ensure that the vulnerability database is updated immediately after installation.
  • Scan Computers: Configure a scan target list comprising all organizational computers. Initiate comprehensive vulnerability scans, selecting appropriate scan policies to identify known vulnerabilities.
  • Review Scan Results: Analyze the scan reports for vulnerabilities, prioritized by severity levels. Focus on critical vulnerabilities that could jeopardize system security.
  • Identify Issues: List vulnerabilities such as unpatched software, open ports, or missing security patches. Cross-reference vulnerabilities with CVE databases for detailed understanding.
  • Document Resolution Steps: For each vulnerability, document specific remediation actions, including patching software, closing open ports, applying configuration changes, and updating security controls. Include instructions for verifying vulnerability fixes post-remediation.

Conclusion

This procedural guide ensures a systematic approach in maintaining compliant and secure Windows systems within Always Fresh Wan. Regular execution of these procedures will help identify vulnerabilities early and maintain a robust security baseline, ultimately protecting organizational assets from cyber threats.

References

  1. Microsoft. (2023). Security Compliance Toolkit. Retrieved from https://aka.ms/score
  2. Greenbone Networks. (2023). OpenVAS: The Open Vulnerability Assessment Scanner. Retrieved from https://www.greenbone.net/en/openvas/
  3. National Institute of Standards and Technology. (2023). Security Guidelines and Recommendations. NIST Special Publication 800-53.
  4. Soruce, J. P. (2022). Effective Vulnerability Management. Cybersecurity Journal, 15(4), 59-76.
  5. Kelley, K., & Krutz, R. L. (2019). Cybersecurity Risk Management: Building a Successful Program. Wiley.
  6. Greenbone Networks. (2021). Configuring OpenVAS for Compliance Checks. Greenbone Security Reports.
  7. Microsoft. (2022). Group Policy Management Documentation. Microsoft Docs. Retrieved from https://docs.microsoft.com/en-us/windows-server/group-policy/
  8. Cybersecurity & Infrastructure Security Agency (CISA). (2023). Vulnerability Scanning Best Practices. CISA.gov.
  9. Hoffman, P. (2020). Implementing Security Baselines. Journal of Information Security, 11(2), 89-105.
  10. Redmiles, D. F., & Mazurek, M. (2021). Automating Security Compliance: Trends and Challenges. IEEE Security & Privacy, 19(3), 30-39.

Related Assignments