Project Part 5: Security Audit Procedure Guide 792173

Posted on December 26, 2025

Project Part 5 Security Audit Procedure Guidescenarioalways Fresh Wan

Develop a procedure guide to ensure that a computer adheres to a standard security baseline and has no known vulnerabilities. For each application, fill in details for the following general steps: 1. Acquire and install the application. 2. Scan computers. 3. Review scan results. 4. Identify issues you need to address. 5. Document the steps to address each issue.

Required Resources · Internet access · Course textbook Submission Requirements · Format: Microsoft Word (or compatible) · Font: Arial, size 12, double-space · Citation Style: Follow your school’s preferred style guide · Length: 2 to 4 pages

Self-Assessment Checklist · I created a procedure guide that provides clear instructions that anyone with a basic technical knowledge base can follow. · I created a well-developed and formatted procedure guide with proper grammar, spelling, and punctuation. I followed the submission guidelines

Paper For Above instruction

Introduction

Ensuring the cybersecurity of organizational assets is fundamental for protecting sensitive data and maintaining operational integrity. Always Fresh, a retail chain, has recognized the importance of establishing a rigorous security audit process to verify compliance with security standards and identify vulnerabilities proactively. This paper provides a comprehensive procedure guide for conducting security audits on Windows computers using the Microsoft Security Compliance Toolkit and OpenVAS, detailing steps from acquiring and installing tools to addressing identified issues. The goal is to enable IT teams with clear instructions to systematically evaluate and enhance system security.

Using the Microsoft Security Compliance Toolkit

The Microsoft Security Compliance Toolkit (SCT) offers a standardized approach to assessing and configuring Windows systems according to best security practices. The procedure involves multiple phases from initial setup to remediation, designed to ensure compliance with a security baseline.

1. Acquire and Install the Application

The first step is to download the latest version of the Microsoft Security Compliance Toolkit from the official Microsoft website or the Microsoft Security Compliance Manager portal. Once downloaded, the toolkit can be installed on a designated administrative workstation. It typically comprises a series of security baseline templates and assessment tools. The toolkit installation involves executing the setup file and following on-screen prompts, ensuring that system requirements are met to prevent installation issues.

2. Scan Computers

After setup, the assessment process begins. The security baseline templates are imported into the Local Group Policy Editor or the Security Compliance Toolkit Analyzer. These templates represent the organization's standard security configurations. The scanner can then be used to evaluate each Windows computer—either manually or through automated scripts—by comparing current settings against the baseline. The SCT provides reports that highlight compliance levels by identifying settings that deviate from the recommended configurations.

3. Review Scan Results

Once the scans are complete, the results are reviewed to determine compliance status. The reports generated specify which configurations are not aligned with the security baseline, such as disabled security features or misconfigured policies. IT professionals analyze these findings to prioritize remediation efforts, focusing on issues that pose the greatest risk or violate compliance standards.

4. Identify Issues You Need to Address

Typical issues may include outdated operating system patches, weak password policies, disabled firewalls, or misconfigured user permissions. Identifying these vulnerabilities allows IT staff to plan corrective actions. Each issue’s severity and potential impact guide prioritization, ensuring that critical vulnerabilities are addressed promptly to mitigate risks.

5. Document the Steps to Address Each Issue

For each identified issue, detailed remediation procedures are documented. For example, if the firewall service is disabled, the steps involve opening the Services applet, locating the Windows Firewall service, and setting its startup type to automatic, then starting the service. For outdated patches, instructions include checking Windows Update settings, manually initiating updates, and verifying successful installation. Proper documentation ensures that remediation steps are repeatable and transparent for audit purposes, facilitating ongoing compliance maintenance.

Vulnerability Scanning with OpenVAS

Complementing the Microsoft SCT, OpenVAS (Open Vulnerability Assessment Scanner) provides a comprehensive vulnerability scanning solution for detecting known exploits and weaknesses in network services.

1. Acquire and Install OpenVAS

OpenVAS is an open-source platform that requires downloading from its official website or repository. Installation involves deploying the Greenbone Vulnerability Management (GVM) components on a Linux-based server or workstation. The process includes dependency resolution, configuration of the scanner, and ensuring network access to targeted Windows systems.

2. Scan Computers

Once installed, OpenVAS scans can be scheduled or conducted manually. Targets (Windows machines) are specified, and scan profiles are selected, typically focusing on vulnerabilities relevant to Windows environments. The scans probe for unpatched services, open ports, weak configurations, and known vulnerabilities, generating detailed reports.

3. Review Scan Results

The reports from OpenVAS highlight vulnerabilities, including descriptions, severity ratings, and potential exploits. Results should be reviewed systematically, prioritizing high-severity vulnerabilities such as outdated protocols, exposed services, and missing patches.

4. Identify Issues to Address

Issues may encompass unpatched vulnerabilities, open ports susceptible to exploitation, or weak authentication mechanisms. Addressing these issues involves applying patches, closing unnecessary open ports, or strengthening account security.

5. Document the Remediation Steps

For each vulnerability, precise mitigation steps are documented—for example, updating service patches, configuring firewalls to restrict access, or disabling unneeded services. Maintaining detailed records supports audit processes and facilitates ongoing security improvements.

Conclusion

Implementing a structured security audit procedure using tools like the Microsoft Security Compliance Toolkit and OpenVAS empowers organizations like Always Fresh to identify and remediate vulnerabilities proactively. Regular assessments, combined with thorough documentation, foster compliance and bolster security resilience. Clear, step-by-step procedures ensure that team members of varying technical expertise can effectively participate in maintaining a secure computing environment.

References

Microsoft Security Compliance Toolkit. (2022). Microsoft. https://docs.microsoft.com/en-us/windows/security/threat-protection/security-policy-settings/security-compliance-tool
Greenbone Networks. (2021). OpenVAS Vulnerability Scanner. https://www.greenbone.net/en/openvas
National Institute of Standards and Technology (NIST). (2020). Security Guidelines and Best Practices. NIST Special Publication 800-53.
Cybersecurity & Infrastructure Security Agency (CISA). (2022). Vulnerability Management. https://us-cert.cisa.gov/ncas/tips/ST04-003
Santos, I., & Silva, B. (2021). Implementing Security Baselines in Windows Environments. Journal of Cybersecurity Practices, 12(3), 45-59.
Greenbone Networks. (2020). The Practical Guide to Vulnerability Management. Greenbone Blog.
Microsoft Docs. (2023). Securing Windows Systems. https://docs.microsoft.com/en-us/windows/security
Wang, Y., & Zhou, H. (2019). Vulnerability Assessment Techniques in Network Security. IEEE Transactions on Information Forensics & Security, 14(2), 233-245.
ISO/IEC 27001. (2013). Information technology — Security techniques — Information security management systems. ISO.
Sullivan, G. (2022). Effective Disaster Recovery and Security Testing. Cybersecurity Journal, 5(4), 102-110.

« Previous Next »

Hire Dr Jack for Homework & Academic Writing Help

Need personalised help with your homework, assignments, research papers, or dissertations? I would be happy to work with you one-to-one and support you from start to finish.

100% human-written work (no AI used) – if you ever detect AI content, I offer a full refund, no questions asked.
Zero plagiarism – I deliver original work, and if any plagiarism is found, you receive a 100% refund.
On-time delivery – your work is always completed within the agreed timeframe.
Available 24/7 – you can reach out whenever it is convenient for you.
Fixed Rate – $20 Per Page (Nothing Extra for Urgent, Title/Reference Page , Revision and many more.).

To discuss your requirements, please email me at drjack9650@gmail.com . I will respond as soon as possible.

Project Part 5 Security Audit Procedure Guidescenarioalways Fresh Wan

Paper For Above instruction

Introduction

Using the Microsoft Security Compliance Toolkit

1. Acquire and Install the Application

2. Scan Computers

3. Review Scan Results

4. Identify Issues You Need to Address

5. Document the Steps to Address Each Issue

Vulnerability Scanning with OpenVAS

1. Acquire and Install OpenVAS

2. Scan Computers

3. Review Scan Results

4. Identify Issues to Address

5. Document the Remediation Steps

Conclusion

References

Related Assignments