SlideShare a Scribd company logo

CIS 502 Imagine Your Future/newtonhelp.com   

Download as DOC, PDF
B
bellflower48

The document outlines various assignments, exams, and case studies related to cybersecurity topics from the CIS 502 course, covering web server application attacks, risk assessments, and critical infrastructure protection. It includes midterm sets with questions on security policies, data classification, risk assessments, and incident response, as well as questions on security frameworks and practices. It is intended for students to enhance their understanding and application of cybersecurity principles.

Education
1 of 60
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
CIS 502 All Assignments (2 Set) For more course tutorials visit www.newtonhelp.com CIS 502 Week 2 Assignment 1 Web Server Application Attacks (2 Papers) CIS 502 WEEK 6 Assignment 2: Critical Infrastructure Protection (2 Papers) CIS 502 Week 9 Assignment 3 Cybersecurity (2 Papers) CIS 502 Week 10 Technical Paper Risk Assessment (2 Papers) CIS 502 Week 3 Case Study 1 Advanced Persistent Threats Against RSA Tokens (2 Papers) CIS 502 Week 4 Case Study 2 Social Engineering Attacks and Counterintelligence (2 Papers) CIS 502 Week 7 Case Study 3 Mobile Devices Security (2 Papers) CIS 502 WEEK 8 CASE STUDY Mobile Device Security and Other Threats (2 Papers)
=============================================== CIS 502 Final Exam Guide For more course tutorials visit www.newtonhelp.com CIS 502 Final Exam Guide • 1 Two parties are exchanging messages using public key cryptography. Which of the following statements describes the proper procedure for transmitting an encrypted message? • 2 Public key cryptography is another name for: • 3 A running-key cipher can be used when: • 4 Two parties, Party A and Party B, regularly exchange messages using public key cryptography. One party, Party A, believes that its private encryption key has been compromised. What action should Party B take?
• 5 Two parties that have never communicated before wish to send messages using symmetric encryption key cryptography. How should the parties begin? • 6 A stream cipher encrypts data by XORing plaintext with the encryption key. How is the ciphertext converted back into plaintext? • 7 Two parties that have never communicated before wish to send messages using asymmetric key cryptography. How should the parties begin? • 8 The Advanced Encryption Standard is another name for which cipher: • 9 All of the following statements about the polyalphabetic cipher are true EXCEPT: • 10 Which U.S. law gives law enforcement organizations greater powers to search telephone, e-mail, banking, and other records? • 11 A security incident as defined as:
• 12 An organization has developed its first-ever computer security incident response procedure. What type of test should be undertaken first? • 13 The (ISC)2 code of ethics includes all of the following EXCEPT: • 14 The allegation that an employee has violated company policy by downloading child pornography onto a company workstation should result in: • 15 A case of employee misconduct that is the subject of a forensic investigation will likely result in a court proceeding. What should included in the forensic investigation: • 16 A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted? • 17 The categories of laws in the U.S. are: • 18 The purpose of a password policy that requires a minimum number of days between password changes is:
• 19 The most effective way to confirm whether backups function properly is: • 20 All of the following are valid reasons for backing up data EXCEPT: • 21 The purpose of backups includes all of the following EXCEPT: • 22 An organization has in its possession many types of business records that vary in sensitivity and handling requirements. No policy exists that defines how any of these records should be protected. This organization lacks: • 23 An employee in an organization is requesting access to more information than is required. This request should be denied on the basis of which principle: • 24 An organization has been made a party in a civil lawsuit. The organization is required to search its electronic records for specific memoranda. This process is known as: • 25 An organization’s IT manager is establishing a business relationship with an off-site media storage company, for storage of backup media. The storage company has a location 5 miles away from the organization’s data center, and another location that is 70 miles away. Why should one location be preferred over the other?
• 26 The process of erasing magnetic media through the use of a strong magnetic field is known as: • 27 Which type of fire extinguisher is effective against flammable liquids: • 28 The type of smoke detector that is designed to detect smoke before it is visible is: • 29 The term “N+1” means: • 30 A building access mechanism where only one person at a time may pass is called a: • 31 A secure facility needs to control incoming vehicle traffic and be able to stop determined attacks. What control should be implemented: • 32 A security manager is concerned that lost key cards can be used by an intruder to gain entrance to a facility. What measure can be used to prevent this?
• 33 The risks of excessive humidity in a computing facility include all of the following • 34 Provided it is permitted by local fire codes, which type of fire sprinkler system is most preferred for computer rooms? • 35 The innermost portion of an operating system is known as: • 36 A security analyst has a system evaluation criteria manual called the “Orange Book”. This is a part of: • 37 The component in a computer where program instructions are executed is called the: • 38 A resource server contains an access control system. When a user requests access to an object, the system examines the permission settings for the object and the permission settings for the user, and then makes a decision whether the user may access the object. The access control model that most closely resembles this is: • 39 The TCSEC system evaluation criteria is used to evaluate systems of what type:
• 40 A source code review uncovered the existence of instructions that permit the user to bypass security controls. What was discovered in the code review? • 41 A hidden means of communication between two systems has been discovered. This is known as: • 42 A security officer has declared that a new information system must be certified before it can be used. This means: • 43 A systems engineer is designing a system that consists of a central computer and attached peripherals. For fastest throughput, which of the following technologies should be used for communication with peripheral devices: • 44 A network manager wishes to simplify management of all of the network devices in the organization through centralized authentication. Which of the following available authentication protocols should the network manager choose: • 45 On a TCP/IP network, a station’s IP address is 10.0.25.200, the subnet mask is 255.255.252.0, and the default gateway is 10.0.25.1. How will the station send a packet to another station whose IP address is 10.0.24.10?
• 46 How many Class C networks can be created in a Class B network: • 47 Someone is sending ICMP echo requests to a network’s broadcast address. What is this person doing? • 48 A station on a network is sending hundreds of SYN packets to a destination computer. What is the sending computer doing? • 49 An IT manager wishes to connect several branch offices to the headquarters office for voice and data communications. What packet switched service should the IT manager consider? =============================================== CIS 502 Midterm Set 1 For more course tutorials visit www.newtonhelp.com CIS 502 Midterm set 1
• 1 A security manager is developing a data classification policy. What elements need to be in the policy? • 2 An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues? • 3 The statement, “Information systems should be configured to require strong passwords”, is an example of a/an: • 4 The statement, “Promote professionalism among information system security practitioners through the provisioning of professional certification and training.” is an example of a/an: • 5 Exposure factor is defined as: • 6 A security manager needs to perform a risk assessment on a critical business application, in order to determine what additional controls may be needed to protect the application and its databases. The best approach to performing this risk assessment is: • 7 CIA is known as:
• 8 An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as: • 9 The impact of a specific threat is defined as: • 10 Annualized loss expectancy is defined as: • 11 A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is:: • 12 An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics? • 13 An organization suffered a virus outbreak when malware was download by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle:
• 14 Which of the following is NOT an authentication protocol: • 15 The categories of controls are: • 16 Organizations that implement two-factor authentication often do not adequately plan. One result of this is: • 17 Buffer overflow, SQL injection, and stack smashing are examples of: • 18 A biometric authentication system that incorporates the results of newer scans into a user's profile is less likely to: • 19 One disadvantage of the use of digital certificates as a means for two-factor authentication is NOT: • 20 A smart card is a good form of two-factor authentication because: • 21 Which of the following statements about Crossover Error Rate (CER) is true:
• 22 The reason why preventive controls are preferred over detective controls is: • 23 What is the best defense against social engineering? • 24 The reason that two-factor authentication is preferable over ordinary authentication is: • 25 Video surveillance is an example of what type(s) of control: • 26 A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take? • 27 The most effective countermeasures against input attacks are: • 28 The primary advantage of the use of workstation-based anti-virus is: • 29 The purpose for putting a “canary” value in the stack is:
• 30 An attack on a DNS server to implant forged “A” records is characteristic of a: • 31 A defense in depth strategy for anti-malware is recommended because: • 32 A security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are: • 33 “Safe languages” and “safe libraries” are so-called because: • 34 The instructions contained with an object are known as its: • 35 A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as: • 36 What is the most effective countermeasure against script injection attacks?
• 37 All of the following are advantages of using self-signed SSL certificates • 38 The following are characteristics of a computer virus EXCEPT: • 39 An organization is about to start its first disaster recovery planning project. The project manager is responsible for choosing project team members. Which staff members should be chosen for this project? • 40 The activity that is concerned with the continuation of business operations is: • 41 The purpose of a parallel test is: • 42 The greatest risk related to a cutover test is: • 43 A DRP project team has determined that the RTO for a specific application shall be set to 180 minutes. Which option for a recovery system will best meet the application’s recovery needs? • 44 The primary impact of a pandemic on an organization is:
• 45 An organization that is building a disaster recovery capability needs to re-engineer its application servers to meet new recovery requirements of 4 hour RPO and 24 hour RTO. Which of the following approaches will best meet this objective? • 46 The first priority for disaster response should be: • 47 The purpose of off-site media storage is: • 48 The types of BCP and DRP tests are: • 49 At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization’s most important business processes. This phase of the project is known as: • 50 The definition of Recovery Point Objective (RPO) is: =============================================== CIS 502 Midterm Set 2 For more course tutorials visit www.newtonhelp.com
CIS 502 Midterm set 2 • 1 An organization recently underwent an audit of its financial applications. The audit report stated that there were several segregation of duties issues that were related to IT support of the application. What does this mean? • 2 A security manager is developing a data classification policy. What elements need to be in the policy? • 3 An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues? • 4 An organization suffered a virus outbreak when malware was download by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle: • 5 A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is::
• 6 A qualitative risk assessment is used to identify: • 7 An employee with a previous criminal history was terminated. The former employee leaked several sensitive documents to the news media. To prevent this, the organization should have: • 8 CIA is known as: • 9 The options for risk treatment are: • 10 The statement, “Information systems should be configured to require strong passwords”, is an example of a/an: • 11 An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as: • 12 An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics?
• 13 The statement, “Promote professionalism among information system security practitioners through the provisioning of professional certification and training.” is an example of a/an: • 14One disadvantage of the use of digital certificates as a means for two-factor authentication is NOT: • 15 The categories of controls are: • 16 A biometric authentication system that incorporates the results of newer scans into a user's profile is less likely to: • 17 The use of retina scanning as a biometric authentication method has not gained favor because: • 18 Buffer overflow, SQL injection, and stack smashing are examples of: • 19 Which of the following statements about Crossover Error Rate (CER) is true: • 20 In an information system that authenticates users based on userid and password, the primary reason for storing a hash of the password instead of storing the encrypted password is:
• 21 The reason why preventive controls are preferred over detective controls is: • 22 Video surveillance is an example of what type(s) of control: • 23 Which of the following is NOT an authentication protocol: • 24 An information system that processes sensitive information is configured to require a valid userid and strong password from any user. This process of accepting and validating this information is known as: • 25 What is the best defense against social engineering? • 26 The following are valid reasons to reduce the level of privilege for workstation users • 27 The purpose for putting a “canary” value in the stack is: • 28 An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an: • 29 The instructions contained with an object are known as its:
• 30 Rootkits can be difficult to detect because: • 31 A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as: • 32 An attack on a DNS server to implant forged “A” records is characteristic of a: • 33 “Safe languages” and “safe libraries” are so-called because: • 34 A defense in depth strategy for anti-malware is recommended because: • 35 The most effective countermeasures against input attacks are: • 36 A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take? • 37 The following are characteristics of a computer virus EXCEPT:
• 38 A list of all of the significant events that occur in an application is known as: • 39 The purpose of a parallel test is: • 40 The first priority for disaster response should be: • 41 In what sequence should a disaster recovery planning project be performed? • 42 For the purpose of business continuity and disaster recovery planning, the definition of a “disaster” is: • 43 The purpose of a server cluster includes all of the following EXCEPT: • 44 The definition of Recovery Point Objective (RPO) is: • 45 At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization’s most important business processes. This phase of the project is known as:
• 46 An organization is about to start its first disaster recovery planning project. The project manager is responsible for choosing project team members. Which staff members should be chosen for this project? • 47 The types of BCP and DRP tests are: • 48 Why is disaster recovery-related training a vital component in a DRP project? • 49 A DRP project team has determined that the RTO for a specific application shall be set to 180 minutes. Which option for a recovery system will best meet the application’s recovery needs? • 50 The primary reason for classifying disasters as natural or man-made is: =============================================== CIS 502 Week 1 Discussion Information Security and Risk Management For more course tutorials visit www.newtonhelp.com CIS 502 Week 1 Discussion
“Information Security and Risk Management” Please respond to the following: From a management perspective, analyze the overall industry requirements and major organizational challenges of forming a sound information security program, and ascertain the fundamental manner in which regulations and compliancy may factor into the challenges in question. From the e-Activity, compare and contrast quantitative, qualitative, and hybrid risk assessment methodologies overall. Give one (1) example of when you would use each of the methods over the others. Justify your response. =============================================== CIS 502 Week 2 Assignment 1 Web Server Application Attacks (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers Assignment 1: Web Server Application Attacks
Due Week 2 and worth 110 points It is common knowledge that Web server application attacks have become common in today’s digital information sharing age. Understanding the implications and vulnerabilities of such attacks, as well as the manner in which we may safeguard against them is paramount, because our demands on e-Commerce and the Internet have increased exponentially. In this assignment, you will examine the response of both the U.S. government and non-government entities to such attacks. To complete this assignment, use the document titled “Guidelines on Securing Public Web Servers”, located at http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800- 44v2.pdf, to complete the assignment. Read the Network World article, “40% of U.S. government Web sites fail security test” also, located athttp://www.networkworld.com/news/2012/031512-dnssec- survey-2012-257326.html. Write a three to five (3-5) page paper in which you: Examine three (3) common Web application vulnerabilities and attacks, and recommend corresponding mitigation strategies for each. Provide a rationale for your response.
Using Microsoft Visio or an open source alternative such as Dia, outline an architectural design geared toward protecting Web servers from a commonly known Denial of Service (DOS) attack.Note: The graphically depicted solution is not included in the required page length. Based on your research from the Network World article, examine the potential reasons why the security risks facing U.S. government Websites were not always dealt with once they were identified and recognized as such. Suggest what you believe to be the best mitigation or defense mechanisms that would help to combat the Domain Name System Security Extensions (DNSSEC) concerns to which the article refers. Propose a plan that the U.S. government could use in order to ensure that such mitigation takes place. The plan should include, at a minimum, two (2) mitigation or defense mechanisms. Use at least three (3) quality resources outside of the suggested resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
Include charts or diagrams created in Visio or an open source alternative such as Dia. The completed diagrams / charts must be imported into the Word document before the paper is submitted. The specific course learning outcomes associated with this assignment are: Define common and emerging security issues and management responsibilities. Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures. Use technology and information resources to research issues in security management =============================================== CIS 502 Week 2 DiscussionRole-Based Access Controls For more course tutorials visit www.newtonhelp.com CIS 502 Week 2 Discussion “Role-Based Access Controls” Please respond to the following:
Consider at least one (1) alternative to role-based access controls, and indicate where you believe this alternative method would help the security of the organization prosper. Perform research as needed and justify your answer. From the e-Activity, consider role-based access control (RBAC) methods in terms of file-level and database permissions, and formulate what you believe are the main advantages to using these methods in order to achieve ample security. =============================================== CIS 502 Week 3 Case Study 1 Advanced Persistent Threats Against RSA Tokens (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 3 Case Study 1 – Strayer New Case Study 1: Advanced Persistent Threats Against RSA Tokens Due Week 3 and worth 100 points
Authentication breach by impersonation or password crack has been popular for attackers to breach our assets. The latest RSA APT attack to breach one of the most secure RSA tokens alerted the industry and reminded all of us that there is no security that can last forever. We must remain vigilant and stay ahead of the game. Read the following documents:  “APT Summit Findings” located in the online course shell  “RSA Security Brief” located in the online course shell Write a five to eight (5-8) page paper in which you: 1. Analyze the Advanced Persistent Threats (APT) Summit Findings article as well as the RSA Security Brief article and identify the vulnerabilities that existed in the system. 2. Analyze the attack methods carried out in pursuit of the authentication breach and explain which methods were successful and why. 3. Suggest three (3) techniques or methods to protect against APT attacks in the future as the CSO for a large organization.
4. Determine what types of technologies would help alleviate the problems identified in the articles assuming you are the CSO or CTO in an organization. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:  Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.  Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:  Describe the industry requirements and organizational challenges of forming a sound information security workforce from a management perspective.  Define common and emerging security issues and management responsibilities.
 Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.  Explain access control methods and attacks.  Use technology and information resources to research issues in security management.  Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 3 DiscussionThe Security Problem in Software Development Life Cycle (SDLC) For more course tutorials visit www.newtonhelp.com CIS 502 Week 3 Discussion “The Security Problem in Software Development Life Cycle (SDLC)” Please respond to the following:
From the e-Activity, contemplate the main reasons why you believe the Francophoned attacks were successful, and explore the key factors that made the social engineering aspect of the attacks so complex and so difficult to identify as malicious. From the e-Activity, based on the complexity of the Francophoned attacks, give your opinion of overall strategies that you believe security professionals could use in order keep up with the sophisticated nature of the attacks that result from the progression and sophistication of technologies. =============================================== CIS 502 Week 4 Case Study 2 Social Engineering Attacks and Counterintelligence (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 4 Case Study 2 – Strayer New Case Study 2: Social Engineering Attacks and Counterintelligence
Due Week 4 and worth 100 points Social engineering attacks and counterintelligence have major impacts to our national security. In July 2010, the Afghan War Diary was released in WikiLeaks. In October 2010, WikiLeaks also released the largest military leak in history – the Iraq War Logs revealing the war occupation in Iraq. This type of information is considered as classified data by the Department of Defense. Read the article titled, “WikiLeaks Releases 400,000 Classified US Military Files”, located at Write a five to eight (5-8) page paper in which you: 1. Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs. 2. Examine the importance of forming a sound information security workforce and describe the challenges faced by organizations in doing this as evidenced by the articles about the Afghan War Diary and the Iraq War Logs that were released in WikiLeaks.
3. Predict how the Afghan War Diary and the Iraq War Logs that were released in WikiLeaks could influence organizations in regard to their security policies and risk management procedures. 4. Propose two (2) methods to thwart this type of intelligence leak in the future and explain why each would be effective. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:  Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.  Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:  Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures.
 Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.  Define common and emerging security issues and management responsibilities.  Use technology and information resources to research issues in security management.  Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 4 Discussion Business Continuity Planning and Disaster Recovery Planning For more course tutorials visit www.newtonhelp.com CIS 502 Week 4 Discussion
“Business Continuity Planning and Disaster Recovery Planning” Please respond to the following: Imagine that you are trying to receive funding for select planning projects. Compare and contrast the attributes of business continuity and disaster recovery plans, and suggest the primary ways in which you would explain these differences to your employer’s Board of Directors. Hwacer.com From the e-Activity, analyze each company’s plans, and provide three (3) examples of the key ways in which the business continuity and disaster recovery plans of the two (2) organizations are alike and three (3) examples of the ways in which they are different. =============================================== CIS 502 Week 5 Discussion Cryptography For more course tutorials visit www.newtonhelp.com CIS 502 Week 5 Discussion “Cryptography” Please respond to the following:
Analyze the overall attributes of symmetric and asymmetric cryptography technologies. Discuss the advantages and disadvantages of each, and speculate upon the main reasons why organizations utilize both technologies today. Give an example of where you would consider using each of these forms of encryption within an organization to support your response. From the e-Activity, give your opinion of whether cryptography should be a part of every email security strategy or if there are specific characteristics of organizations where such measures are not needed. Justify your answer. =============================================== CIS 502 WEEK 6 Assignment 2 Critical Infrastructure Protection (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 WEEK 6 ASSIGNMENT 2 Assignment 2: Critical Infrastructure Protection Due Week 6 and worth 110 points
According to the text, Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. You may use the following resources in order to complete the assignment, “National Infrastructure Protection Plan”, located at http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf DHS Critical Infrastructure Security Webpage, located at https://www.dhs.gov/topic/critical-infrastructure-security “NIST Framework for Improving Critical Infrastructure Cybersecurity,” located at http://www.nist.gov/cyberframework/upload/cybersecurity- framework-021214-final.pdf “NIST Roadmap for Improving Critical Infrastructure Cybersecurity,” located at http://www.nist.gov/cyberframework/upload/roadmap- 021214.pdf Write a three to five (3-5) page paper in which you: Interpret the Department of Homeland Security’s mission, operations and responsibilities. Detail the Critical Infrastructure Protection (CIP) initiatives, what they protect, and the methods we use to protect our assets.
Analyze the way in which CIP has or has not advanced between the releases of the DHS’ NIPP and the NIST’s Framework for Improving Critical Infrastructure Cybersecurity. Justify your response. Describe the vulnerabilities that should concern IS professionals who protect the U.S.’s critical infrastructure. Suggest three (3) methods to improve the protection of the U.S.’s critical infrastructure, and justify each suggested method. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure, and indicate the strategic ways that you believe IS professionals could better serve as protectors. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:
Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities. Evaluate potential situations of business interruption and the planning necessary to mitigate the threats involved. Compare and contrast business continuity and disaster recovery planning. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 6 Discussion Incident Response and Compliances For more course tutorials visit www.newtonhelp.com CIS 502 Week 6 Discussion “Incident Response and Compliances” Please respond to the following:
From the first e-Activity, determine whether or not you believe that legislation and regulations have had the intended impact on the legal and ethical issues inherent in information security. From the second e-Activity, discuss the specifics of the incident you researched, and analyze the mitigation and recovery tactics that those impacted utilized. Determine whether or not you would have considered a different course of action than the one taken related to the incident that you researched. Justify your answer. =============================================== CIS 502 Week 7 Case Study 3 Mobile Devices Security (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 7 Case Study 3 – Strayer New Case Study 3: Mobile Devices Security
Due Week 7 and worth 100 points The use of mobile devices is prevalent and growing rapidly as users heavily depend on them. Unfortunately, attackers follow the money and user population. In addition, mobile devices do not receive patches for their vulnerabilities. The Zeus-in-the-Mobile (ZitMo) attack against Android users is an example defeating the emerging technology to steal user’s credentials and ultimately money. Mobile devices can also spread malware. Read the article titled, “Mobile device attacks surge”, located at http://www.treasuryandrisk.com/2011/02/08/pr-mobile-device- attacks-surge, and FIPS 140-2 Security Policy, located at http://csrc.nist.gov/groups/STM/cmvp/documents/140- 1/140sp/140sp1648.pdf. In addition, read the report titled, “Emerging Cyber Threats 2012”, located at http://www.gtisc.gatech.edu/doc/emerging_cyber_threats_report2012. pdf. Write a five to eight (5-8) page paper in which you: 1. Describe the emerging cybersecurity issues and vulnerabilities presented in the “Emerging Cyber Threats 2012” report.
2. Analyze vulnerabilities of mobile devices in regard to usability and scale based on your research and suggest methods to mitigate the vulnerabilities of mobile devices. 3. Assess and describe the value of cryptography and encryption in regard to Equifax’s approach to implementing stronger security policies around mobile devices. 4. Justify Gunter Ollmann’s comments about Zeus-in-the-Mobile (ZitMo) and describe the implications of advanced security breaches such as this. 5. Several challenges of controlling information online are set forth in the section of the article titled, “Controlling Information Online – A New Frontier in Information Security”. Determine what you believe is the greatest challenge in regard to controlling information online. 6. Justify Dan Kuykendall’s statement about the biggest issue with mobile browsers and give two (2) examples illustrating his point. 7. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:
 Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.  Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:  Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.  Define common and emerging security issues and management responsibilities.  Explain access control methods and attacks.  Describe the applications and uses of cryptography and encryption.  Use technology and information resources to research issues in security management.
Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 7 DiscussionSecurity Policies and Procedures and Big Data For more course tutorials visit www.newtonhelp.com CIS 502 Week 7 Discussion “Security Policies and Procedures and Big Data” Please respond to the following: From the first e-Activity, analyze the chosen organization’s security policies and procedures, and provide an opinion of whether or not its policies and procedures are strong from an information security standpoint. Justify your opinion utilizing specific examples from your research. From the second e-Activity, determine what you believe to be the top two (2) security concerns related to big data, and give your opinion of what you believe are appropriate solutions to those problems, if solutions do exist. Justify your response. ===============================================
CIS 502 WEEK 8 CASE STUDY Mobile Device Security and Other Threats (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 WEEK 8 CASE STUDY Case Study: Mobile Device Security and Other Threats Due Week 8 and worth 110 points Read the article titled, “Mobile Devices Will Be Biggest Business Security Threat in 2014”, located at http://www.businessnewsdaily.com/5670-mobile-devices-will-be- biggest-business-security-threat-in-2014.html, and reference FIPS 140-2 Security Policy, located at http://csrc.nist.gov/groups/STM/cmvp/documents/140- 1/140sp/140sp1648.pdf. In addition, read the Sophos report titled, “Security Threat Report 2014”, located at http://www.sophos.com/en- us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf. Write a three to five (3-5) page paper in which you:
Analyze the emerging security threats presented within the “Security Threat Report 2014” report. Analyze the major threats to mobile devices, and suggest at least two (2) methods to mitigate the concerns and make the devices more secure from an organizational standpoint. Justify your response. Determine whether or not you believe that the mobile device threats are the most critical and disturbing of all of the security threats presented in the articles. Provide a rationale for your response. Select one (1) security threat, unrelated to mobile devices, that you believe is the most alarming, and explain the main reasons why you believe that the chosen threat warrants concern. Suggest key strategies for mitigating the risk. Justify your response. Use at least three (3) quality resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are: Define common and emerging security issues and management responsibilities. Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities. Explain access control methods and attacks. Describe the applications and uses of cryptography and encryption. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 8 Discussion Logical and Physical Security For more course tutorials visit www.newtonhelp.com CIS 502 Week 8 Discussion “Logical and Physical Security” Please respond to the following:
From the e-Activity, evaluate the effectiveness of the physical and environmental security measures that the organization you researched used in regard to protecting its assets. Indicate improvements to the organization’s security measures where applicable. Justify your response. Consider a scenario where a financial company, whose management harbors concerns about its immature security posture, has quickly expanded its operations into multiple locations throughout the U.S. Indicate where you believe the company should begin in its securing process with the top-three (3) logical security measures and top-three (3) physical security measures that most concern to you. Justify the main reasons why you believe that the six (6) measures indicated are so critical. =============================================== CIS 502 Week 9 Assignment 3 Cybersecurity (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 9 Assignment 3 – Strayer New
Assignment 3: Cybersecurity Due Week 9 and worth 50 points Cybersecurity is such an important topic today and understanding its implications is paramount in the security profession. Compliance, certification, accreditation, and assessment are critical in understanding the legal and ethical procedures to follow as a security professional. In support of cybersecurity initiatives, the National Initiative for Cyber Security Education (NICE) has published several initiatives in regard to protecting national security. The following document titled, “National Initiative for Cybersecurity Education”, located at http://csrc.nist.gov/nice/framework/documents/NICE- Cybersecurity-Workforce- Framework-Summary-Booklet.pdf, will be used to help you complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the National Initiative for Cyber Security Education and describe the initiative. 2. Assess the value of the NICE framework. Discuss the importance of this framework in regard to the security profession and individual organizations. 3. Suggest three (3) examples that illustrate the importance of the National Initiative for Cyber Security Education initiative.
4. Describe the expected outcomes of this initiative. 5. Evaluate how organizations can implement the NICE framework to prevent internal and external attacks. 6. Determine how the NICE framework addresses the legal and ethical issues in the field of information security. 7. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:
Evaluate and explain from a management perspective the industry-standard equipment, tools, and technologies organizations can employ to mitigate risks and thwart both internal and external attacks. Describe the legal and ethical issues inherent in information security. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 9 Discussion Security Models and Cloud Operations For more course tutorials visit www.newtonhelp.com CIS 502 Week 9 Discussion “Security Models and Cloud Operations” Please respond to the following:
From the first e-Activity, analyze the industry researched for each security model would be most applicable, and explain why you believe that to be the case. Identify the security models from your findings. From the second e-Activity, ascertain the primary way in which the organization that you researched was able to leverage a cloud solution while overcoming its security concerns. Discuss whether or not you believe that the security concerns surrounding cloud operations are warranted. Justify your answers with real-world examples from applicable situations, where appropriate. =============================================== CIS 502 Week 10 DiscussionEmerging Technologies and Mobile Devices For more course tutorials visit www.newtonhelp.com CIS 502 Week 10 Discussion “Emerging Technologies and Mobile Devices” Please respond to the following:
From the e-Activity, choose the one (1) emerging technology you believe will have the biggest impact on telecommunications and network security within the next two (2) years, and explain the main reasons why you believe this will be the case. Justify your answer. As people and organizations alike are relying more on mobile devices for company communications, give your opinion of what you believe are the top-three (3) concerns with mobile devices and security, and determine the major ways in which these concerns may affect the organization. Additionally, select at least one (1) security solution for mobile devices, and suggest the primary way in which you believe that such a solution could assist in the risk mitigation process. =============================================== CIS 502 Week 10 Technical Paper Risk Assessment (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 10 Technical Paper Technical Paper: Risk Assessment Global Finance, Inc. Internet OC193 10Gbps
Remote Dial UpUsers OC193 10Gbps DMZ Border (Core) Routers Distribution Routers VPN Gateway 10Gbps RAS PBX Printers Mgmt (x3) Credit Dept Finance Accounting Worstations Printers Worstations (x5) LoanDept WorstationsPrinters 10Gbps 10 Gbps 10 Gbps Oracle 9i DB Server 10 Gbps Access Layer VLAN Switch 10 Gbps
10 Gbps Exchange 2000 Email Worstations (x10)Printers (x3) Worstations (x49) Printers (x25) Customer Services Worstations (x12) (x5) Printers (x3) SUS Server (x5) (x63) (x7) Off-Site Office VPN Gateway PSTN Intranet Web Server Internal DNS File and Print Server Workstations (x7) 100Mbps Trusted Computing Base Internal Network
Global Finance, Inc. Network Diagram Above is the Global Finance, Inc. (GFI) network diagram. GFI has grown rapidly this past year and acquired many network devices as displayed in the diagram. The company invested in the network and designed it to be fault tolerant and resilient from any network failures. However, although the company’s financial status has matured and its network has expanded at a rapid pace, its network security has not kept up with the company growth. GFI’s network is fairly stabilized as it has not experienced many outages due to network failures. GFI has hired three (3) network engineers to keep up with the network growth and the bandwidth demand by the company employees and the clients. However, the company has not hired any security personnel who can take care of the operational security responsibility. The trusted computing base (TCB) internal network in the Global Finance, Inc. Network Diagram hosts the company’s mission critical systems without which the company’s operations and financial situation would suffer. The Oracle database and email systems are among the most intensively used application servers in the company. GFI cannot afford system outages because its cash flow and financial systems heavily depend on the network stability. GFI has experienced DOS network attacks twice this year and its Oracle database and email servers had been down for a week. The recovery process required GFI to use $25,000 to restore its operations back to normal. GFI estimated the loss from these network attacks at more than $100,000 including lost customer confidence. Write a twelve to fifteen (12-15) page formal risk assessment proposal and redraw the above diagram of a secure and risk- mitigating model in which you:
1. Describe the company network, interconnection, and communication environment. 2. Assess risk based on the Global Finance, Inc. Network Diagram scenario. Note: Your risk assessment should cover all the necessary details for your client, GFI Inc., to understand the risk factors of the organization and risk posture of the current environment. The company management will decide what to mitigate based on your risk assessment. Your risk assessment must be comprehensive for the organization to make data-driven decisions. a. Describe and defend your assumptions as there is no further information from this company. The company does not wish to release any security-related information per company policy. b. Assess security vulnerabilities, including the possibility of faulty network design, and recommend mitigation procedures for each vulnerability. c. Justify your cryptography recommendations based on data-driven decision making and objective opinions. 3. Examine whether your risk assessment methodology is quantitative, qualitative, hybrid, or a combination of these. 4. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 5. Create the redrawn diagram of a secure and risk-mitigating model using Microsoft Visio or its open source equivalent. Note: The graphically depicted solution is not included in the required page length. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for any additional instructions. 6. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. 7. Include charts or diagrams created in Excel, Visio, MS Project, or one of their equivalents such as Open Project, Dia, and OpenOffice. The completed diagrams/charts must be imported into the Word document before the paper is submitted. The specific course learning outcomes associated with this assignment are Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures Describe the details and the importance of application security models and their implementation from a management perspective. Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities Evaluate and explain from a management perspective the industry- standard equipment, tools, and technologies organizations can employ to mitigate risks and thwart both internal and external attacks. Explain access control methods and attacks. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. ===============================================
CIS 502 Imagine Your Future/newtonhelp.com   

More Related Content

DOCX
CIS 502 Effective Communication/tutorialrank.com
jonhson263
 
DOCX
Cis 502 Extraordinary Success/newtonhelp.com
amaranthbeg149
 
DOC
Cis 502Enhance teaching / snaptutorial.com
StokesCope168
 
DOCX
CIS 502 Education Redefined / snaptutorial.com
McdonaldRyan201
 
DOC
CIS 502 Education Specialist / snaptutorial.com
stevesonz128
 
DOCX
CIS 502 Exceptional Education - snaptutorial.com
donaldzs149
 
PDF
3D Security Report
Group of company MUK
 
DOC
CIS 349 Imagine Your Future/newtonhelp.com   
bellflower46
 
CIS 502 Effective Communication/tutorialrank.com
jonhson263
 
Cis 502 Extraordinary Success/newtonhelp.com
amaranthbeg149
 
Cis 502Enhance teaching / snaptutorial.com
StokesCope168
 
CIS 502 Education Redefined / snaptutorial.com
McdonaldRyan201
 
CIS 502 Education Specialist / snaptutorial.com
stevesonz128
 
CIS 502 Exceptional Education - snaptutorial.com
donaldzs149
 
3D Security Report
Group of company MUK
 
CIS 349 Imagine Your Future/newtonhelp.com   
bellflower46
 

What's hot (18)

DOCX
Cis 349 Extraordinary Success/newtonhelp.com
amaranthbeg147
 
PPTX
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
 
DOCX
CIS 349 RANK Inspiring Innovation--cis349rank.com
KeatonJennings91
 
DOCX
CIS 349 RANK Lessons in Excellence--cis349rank.com
RoelofMerwe139
 
DOCX
CIS 349 Effective Communication/tutorialrank.com
jonhson185
 
PDF
SANS 2013 Critical Security Controls Survey
Edgar Alejandro Villegas
 
DOCX
CIS 349 RANK Introduction Education--cis349rank.com
claric263
 
PDF
Cis 349 Inspiring Innovation--tutorialrank.com
PrescottLunt371
 
DOCX
CIS 349 RANK Education Counseling--cis349rank.com
shanaabe13
 
DOCX
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan37
 
DOCX
CIS 349 RANK Become Exceptional--cis349rank.com
claric103
 
PPTX
Scada security webinar 2012
AVEVA
 
DOCX
Cis 333 Extraordinary Success/newtonhelp.com
amaranthbeg146
 
DOCX
CIS 349 RANK Achievement Education--cis349rank.com
claric154
 
PDF
Augment Method for Intrusion Detection around KDD Cup 99 Dataset
IRJET Journal
 
PDF
Cis 349 Teaching Effectively--tutorialrank.com
Soaps82
 
PDF
Cis 333 Enhance teaching / snaptutorial.com
Davis104
 
PDF
CIS 333 Life of the Mind/newtonhelp.com   
bellflower3
 
Cis 349 Extraordinary Success/newtonhelp.com
amaranthbeg147
 
Extending the 20 critical security controls to gap assessments and security m...
John M. Willis
 
CIS 349 RANK Inspiring Innovation--cis349rank.com
KeatonJennings91
 
CIS 349 RANK Lessons in Excellence--cis349rank.com
RoelofMerwe139
 
CIS 349 Effective Communication/tutorialrank.com
jonhson185
 
SANS 2013 Critical Security Controls Survey
Edgar Alejandro Villegas
 
CIS 349 RANK Introduction Education--cis349rank.com
claric263
 
Cis 349 Inspiring Innovation--tutorialrank.com
PrescottLunt371
 
CIS 349 RANK Education Counseling--cis349rank.com
shanaabe13
 
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan37
 
CIS 349 RANK Become Exceptional--cis349rank.com
claric103
 
Scada security webinar 2012
AVEVA
 
Cis 333 Extraordinary Success/newtonhelp.com
amaranthbeg146
 
CIS 349 RANK Achievement Education--cis349rank.com
claric154
 
Augment Method for Intrusion Detection around KDD Cup 99 Dataset
IRJET Journal
 
Cis 349 Teaching Effectively--tutorialrank.com
Soaps82
 
Cis 333 Enhance teaching / snaptutorial.com
Davis104
 
CIS 333 Life of the Mind/newtonhelp.com   
bellflower3
 
Ad

Similar to CIS 502 Imagine Your Future/newtonhelp.com    (19)

DOC
Stayer cis 349 final exam guide set 1 new
shyaminfo17
 
DOCX
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan38
 
PDF
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
DOC
Stayer cis 349 final exam guide set 1 new
Tristanmillerr
 
PPTX
Scada security presentation by Stephen Miller
AVEVA
 
DOC
Cis 349 final exam guide set 1 new
shyaminfo4
 
DOC
Uop cis 349 final exam guide set 1 new
matthewtaylorliam12
 
DOC
Uop cis 349 final exam guide set 1 new
chanduruc123
 
PPTX
Lecture 3 Country Specific Strategy.pptx
jitendrachettri894
 
PDF
ComTIA Cysa+ - SY-601-Corrected Dump.pdf
hieunn131
 
PDF
SOC Analyst Interview Questions & Answers.pdf
infosec train
 
DOC
Uop cis 349 final exam guide set 1 new
eyavagal
 
DOC
Uop cis 349 final exam guide set 1 new
mailemail
 
DOC
Uop cis 349 final exam guide set 1 new
uopassignment
 
PDF
ProjectReport_Finalversion
Mamoon Ismail Khalid
 
PPTX
583318main_2011_Present_NASA_IT_Summit_Grandy_Serene_Implementing_Cyber_Secur...
trinirebel1
 
DOC
Uop cis 349 final exam guide set 1 new
uopassignment
 
DOC
Uop cis 349 final exam guide set 1 new
eyavagal
 
DOC
Uop cis 349 final exam guide set 1 new
uopassignment
 
Stayer cis 349 final exam guide set 1 new
shyaminfo17
 
CIS 349 Education Organization / snaptutorial.com
McdonaldRyan38
 
Protecting Your Business from Unauthorized IBM i Access
Precisely
 
Stayer cis 349 final exam guide set 1 new
Tristanmillerr
 
Scada security presentation by Stephen Miller
AVEVA
 
Cis 349 final exam guide set 1 new
shyaminfo4
 
Uop cis 349 final exam guide set 1 new
matthewtaylorliam12
 
Uop cis 349 final exam guide set 1 new
chanduruc123
 
Lecture 3 Country Specific Strategy.pptx
jitendrachettri894
 
ComTIA Cysa+ - SY-601-Corrected Dump.pdf
hieunn131
 
SOC Analyst Interview Questions & Answers.pdf
infosec train
 
Uop cis 349 final exam guide set 1 new
eyavagal
 
Uop cis 349 final exam guide set 1 new
mailemail
 
Uop cis 349 final exam guide set 1 new
uopassignment
 
ProjectReport_Finalversion
Mamoon Ismail Khalid
 
583318main_2011_Present_NASA_IT_Summit_Grandy_Serene_Implementing_Cyber_Secur...
trinirebel1
 
Uop cis 349 final exam guide set 1 new
uopassignment
 
Uop cis 349 final exam guide set 1 new
eyavagal
 
Uop cis 349 final exam guide set 1 new
uopassignment
 
Ad

Recently uploaded (20)

PPTX
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
PDF
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
PPTX
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
PPTX
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
PPTX
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
PDF
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
PPTX
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PPTX
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PPTX
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PDF
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
PDF
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
PDF
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PDF
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 
school management -TNTEU- B.Ed., Semester II Unit 1.pptx
NihumathunnisaH
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Saundersa Comprehensive Review for the NCLEX-RN Examination.pdf
sreejithcareers
 
Introduction_to_Human_Anatomy_and_Physiology_for_B.Pharm.pptx
chetansingh379583
 
Week 4 Term 3 Study Techniques revisited.pptx
mansk2
 
BOWEL ELIMINATION FACTORS AFFECTING AND TYPES
PreetiSawant10
 
Business Ethics Teaching Materials for college
CynthiaCastillo40
 
human mycosis Human fungal infections are called human mycosis..pptx
shilpa939953
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Microbial diseases, their pathogenesis and prophylaxis
DevlinaSengupta
 
RMMM.pdf make it easy to upload and study
sajedul2
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
The Healthy Child – Unit II | Child Health Nursing I | B.Sc Nursing 5th Semester
RAKESH SAJJAN
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
FourierSeries-QuestionsWithAnswers(Part-A).pdf
Raji Murugan
 
Origin of periodic table-Mendeleev’s Periodic-Modern Periodic table
Mithil Fal Desai
 
STATICS OF THE RIGID BODIES Hibbelers.pdf
pascualasturiaskaye4
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
TR - Agricultural Crops Production NC III.pdf
avgilmegino3
 

CIS 502 Imagine Your Future/newtonhelp.com   

  • 1. CIS 502 All Assignments (2 Set) For more course tutorials visit www.newtonhelp.com CIS 502 Week 2 Assignment 1 Web Server Application Attacks (2 Papers) CIS 502 WEEK 6 Assignment 2: Critical Infrastructure Protection (2 Papers) CIS 502 Week 9 Assignment 3 Cybersecurity (2 Papers) CIS 502 Week 10 Technical Paper Risk Assessment (2 Papers) CIS 502 Week 3 Case Study 1 Advanced Persistent Threats Against RSA Tokens (2 Papers) CIS 502 Week 4 Case Study 2 Social Engineering Attacks and Counterintelligence (2 Papers) CIS 502 Week 7 Case Study 3 Mobile Devices Security (2 Papers) CIS 502 WEEK 8 CASE STUDY Mobile Device Security and Other Threats (2 Papers)
  • 2. =============================================== CIS 502 Final Exam Guide For more course tutorials visit www.newtonhelp.com CIS 502 Final Exam Guide • 1 Two parties are exchanging messages using public key cryptography. Which of the following statements describes the proper procedure for transmitting an encrypted message? • 2 Public key cryptography is another name for: • 3 A running-key cipher can be used when: • 4 Two parties, Party A and Party B, regularly exchange messages using public key cryptography. One party, Party A, believes that its private encryption key has been compromised. What action should Party B take?
  • 3. • 5 Two parties that have never communicated before wish to send messages using symmetric encryption key cryptography. How should the parties begin? • 6 A stream cipher encrypts data by XORing plaintext with the encryption key. How is the ciphertext converted back into plaintext? • 7 Two parties that have never communicated before wish to send messages using asymmetric key cryptography. How should the parties begin? • 8 The Advanced Encryption Standard is another name for which cipher: • 9 All of the following statements about the polyalphabetic cipher are true EXCEPT: • 10 Which U.S. law gives law enforcement organizations greater powers to search telephone, e-mail, banking, and other records? • 11 A security incident as defined as:
  • 4. • 12 An organization has developed its first-ever computer security incident response procedure. What type of test should be undertaken first? • 13 The (ISC)2 code of ethics includes all of the following EXCEPT: • 14 The allegation that an employee has violated company policy by downloading child pornography onto a company workstation should result in: • 15 A case of employee misconduct that is the subject of a forensic investigation will likely result in a court proceeding. What should included in the forensic investigation: • 16 A suspect has been forging credit cards with the purpose of stealing money from their owners through ATM withdrawals. Under which U.S. law is this suspect most likely to be prosecuted? • 17 The categories of laws in the U.S. are: • 18 The purpose of a password policy that requires a minimum number of days between password changes is:
  • 5. • 19 The most effective way to confirm whether backups function properly is: • 20 All of the following are valid reasons for backing up data EXCEPT: • 21 The purpose of backups includes all of the following EXCEPT: • 22 An organization has in its possession many types of business records that vary in sensitivity and handling requirements. No policy exists that defines how any of these records should be protected. This organization lacks: • 23 An employee in an organization is requesting access to more information than is required. This request should be denied on the basis of which principle: • 24 An organization has been made a party in a civil lawsuit. The organization is required to search its electronic records for specific memoranda. This process is known as: • 25 An organization’s IT manager is establishing a business relationship with an off-site media storage company, for storage of backup media. The storage company has a location 5 miles away from the organization’s data center, and another location that is 70 miles away. Why should one location be preferred over the other?
  • 6. • 26 The process of erasing magnetic media through the use of a strong magnetic field is known as: • 27 Which type of fire extinguisher is effective against flammable liquids: • 28 The type of smoke detector that is designed to detect smoke before it is visible is: • 29 The term “N+1” means: • 30 A building access mechanism where only one person at a time may pass is called a: • 31 A secure facility needs to control incoming vehicle traffic and be able to stop determined attacks. What control should be implemented: • 32 A security manager is concerned that lost key cards can be used by an intruder to gain entrance to a facility. What measure can be used to prevent this?
  • 7. • 33 The risks of excessive humidity in a computing facility include all of the following • 34 Provided it is permitted by local fire codes, which type of fire sprinkler system is most preferred for computer rooms? • 35 The innermost portion of an operating system is known as: • 36 A security analyst has a system evaluation criteria manual called the “Orange Book”. This is a part of: • 37 The component in a computer where program instructions are executed is called the: • 38 A resource server contains an access control system. When a user requests access to an object, the system examines the permission settings for the object and the permission settings for the user, and then makes a decision whether the user may access the object. The access control model that most closely resembles this is: • 39 The TCSEC system evaluation criteria is used to evaluate systems of what type:
  • 8. • 40 A source code review uncovered the existence of instructions that permit the user to bypass security controls. What was discovered in the code review? • 41 A hidden means of communication between two systems has been discovered. This is known as: • 42 A security officer has declared that a new information system must be certified before it can be used. This means: • 43 A systems engineer is designing a system that consists of a central computer and attached peripherals. For fastest throughput, which of the following technologies should be used for communication with peripheral devices: • 44 A network manager wishes to simplify management of all of the network devices in the organization through centralized authentication. Which of the following available authentication protocols should the network manager choose: • 45 On a TCP/IP network, a station’s IP address is 10.0.25.200, the subnet mask is 255.255.252.0, and the default gateway is 10.0.25.1. How will the station send a packet to another station whose IP address is 10.0.24.10?
  • 9. • 46 How many Class C networks can be created in a Class B network: • 47 Someone is sending ICMP echo requests to a network’s broadcast address. What is this person doing? • 48 A station on a network is sending hundreds of SYN packets to a destination computer. What is the sending computer doing? • 49 An IT manager wishes to connect several branch offices to the headquarters office for voice and data communications. What packet switched service should the IT manager consider? =============================================== CIS 502 Midterm Set 1 For more course tutorials visit www.newtonhelp.com CIS 502 Midterm set 1
  • 10. • 1 A security manager is developing a data classification policy. What elements need to be in the policy? • 2 An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues? • 3 The statement, “Information systems should be configured to require strong passwords”, is an example of a/an: • 4 The statement, “Promote professionalism among information system security practitioners through the provisioning of professional certification and training.” is an example of a/an: • 5 Exposure factor is defined as: • 6 A security manager needs to perform a risk assessment on a critical business application, in order to determine what additional controls may be needed to protect the application and its databases. The best approach to performing this risk assessment is: • 7 CIA is known as:
  • 11. • 8 An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as: • 9 The impact of a specific threat is defined as: • 10 Annualized loss expectancy is defined as: • 11 A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is:: • 12 An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics? • 13 An organization suffered a virus outbreak when malware was download by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle:
  • 12. • 14 Which of the following is NOT an authentication protocol: • 15 The categories of controls are: • 16 Organizations that implement two-factor authentication often do not adequately plan. One result of this is: • 17 Buffer overflow, SQL injection, and stack smashing are examples of: • 18 A biometric authentication system that incorporates the results of newer scans into a user's profile is less likely to: • 19 One disadvantage of the use of digital certificates as a means for two-factor authentication is NOT: • 20 A smart card is a good form of two-factor authentication because: • 21 Which of the following statements about Crossover Error Rate (CER) is true:
  • 13. • 22 The reason why preventive controls are preferred over detective controls is: • 23 What is the best defense against social engineering? • 24 The reason that two-factor authentication is preferable over ordinary authentication is: • 25 Video surveillance is an example of what type(s) of control: • 26 A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take? • 27 The most effective countermeasures against input attacks are: • 28 The primary advantage of the use of workstation-based anti-virus is: • 29 The purpose for putting a “canary” value in the stack is:
  • 14. • 30 An attack on a DNS server to implant forged “A” records is characteristic of a: • 31 A defense in depth strategy for anti-malware is recommended because: • 32 A security assessment discovered back doors in an application, and the security manager needs to develop a plan for detecting and removing back doors in the future. The most effective countermeasures that should be chosen are: • 33 “Safe languages” and “safe libraries” are so-called because: • 34 The instructions contained with an object are known as its: • 35 A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as: • 36 What is the most effective countermeasure against script injection attacks?
  • 15. • 37 All of the following are advantages of using self-signed SSL certificates • 38 The following are characteristics of a computer virus EXCEPT: • 39 An organization is about to start its first disaster recovery planning project. The project manager is responsible for choosing project team members. Which staff members should be chosen for this project? • 40 The activity that is concerned with the continuation of business operations is: • 41 The purpose of a parallel test is: • 42 The greatest risk related to a cutover test is: • 43 A DRP project team has determined that the RTO for a specific application shall be set to 180 minutes. Which option for a recovery system will best meet the application’s recovery needs? • 44 The primary impact of a pandemic on an organization is:
  • 16. • 45 An organization that is building a disaster recovery capability needs to re-engineer its application servers to meet new recovery requirements of 4 hour RPO and 24 hour RTO. Which of the following approaches will best meet this objective? • 46 The first priority for disaster response should be: • 47 The purpose of off-site media storage is: • 48 The types of BCP and DRP tests are: • 49 At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization’s most important business processes. This phase of the project is known as: • 50 The definition of Recovery Point Objective (RPO) is: =============================================== CIS 502 Midterm Set 2 For more course tutorials visit www.newtonhelp.com
  • 17. CIS 502 Midterm set 2 • 1 An organization recently underwent an audit of its financial applications. The audit report stated that there were several segregation of duties issues that were related to IT support of the application. What does this mean? • 2 A security manager is developing a data classification policy. What elements need to be in the policy? • 3 An organization employs hundreds of office workers that use computers to perform their tasks. What is the best plan for informing employees about security issues? • 4 An organization suffered a virus outbreak when malware was download by an employee in a spam message. This outbreak might not have happened had the organization followed what security principle: • 5 A security manager is performing a quantitative risk assessment on a particular asset. The security manager wants to estimate the yearly loss based on a particular threat. The correct way to calculate this is::
  • 18. • 6 A qualitative risk assessment is used to identify: • 7 An employee with a previous criminal history was terminated. The former employee leaked several sensitive documents to the news media. To prevent this, the organization should have: • 8 CIA is known as: • 9 The options for risk treatment are: • 10 The statement, “Information systems should be configured to require strong passwords”, is an example of a/an: • 11 An organization has a strong, management-driven model of security related activities such as policy, risk management, standards, and processes. This model is better known as: • 12 An organization wishes to purchase an application, and is undergoing a formal procurement process to evaluate and select a product. What documentation should the organization use to make sure that the application selected has the appropriate security-related characteristics?
  • 19. • 13 The statement, “Promote professionalism among information system security practitioners through the provisioning of professional certification and training.” is an example of a/an: • 14One disadvantage of the use of digital certificates as a means for two-factor authentication is NOT: • 15 The categories of controls are: • 16 A biometric authentication system that incorporates the results of newer scans into a user's profile is less likely to: • 17 The use of retina scanning as a biometric authentication method has not gained favor because: • 18 Buffer overflow, SQL injection, and stack smashing are examples of: • 19 Which of the following statements about Crossover Error Rate (CER) is true: • 20 In an information system that authenticates users based on userid and password, the primary reason for storing a hash of the password instead of storing the encrypted password is:
  • 20. • 21 The reason why preventive controls are preferred over detective controls is: • 22 Video surveillance is an example of what type(s) of control: • 23 Which of the following is NOT an authentication protocol: • 24 An information system that processes sensitive information is configured to require a valid userid and strong password from any user. This process of accepting and validating this information is known as: • 25 What is the best defense against social engineering? • 26 The following are valid reasons to reduce the level of privilege for workstation users • 27 The purpose for putting a “canary” value in the stack is: • 28 An organization wants to prevent SQL and script injection attacks on its Internet web application. The organization should implement a/an: • 29 The instructions contained with an object are known as its:
  • 21. • 30 Rootkits can be difficult to detect because: • 31 A user, Bill, has posted a link on a web site that causes unsuspecting users to transfer money to Bill if they click the link. The link will only work for users who happen to be authenticated to the bank that is the target of the link. This is known as: • 32 An attack on a DNS server to implant forged “A” records is characteristic of a: • 33 “Safe languages” and “safe libraries” are so-called because: • 34 A defense in depth strategy for anti-malware is recommended because: • 35 The most effective countermeasures against input attacks are: • 36 A database administrator (DBA) is responsible for carrying out security policy, which includes controlling which users have access to which data. The DBA has been asked to make just certain fields in some database tables visible to some new users. What is the best course of action for the DBA to take? • 37 The following are characteristics of a computer virus EXCEPT:
  • 22. • 38 A list of all of the significant events that occur in an application is known as: • 39 The purpose of a parallel test is: • 40 The first priority for disaster response should be: • 41 In what sequence should a disaster recovery planning project be performed? • 42 For the purpose of business continuity and disaster recovery planning, the definition of a “disaster” is: • 43 The purpose of a server cluster includes all of the following EXCEPT: • 44 The definition of Recovery Point Objective (RPO) is: • 45 At the beginning of a disaster recovery planning project, the project team will be compiling a list of all of the organization’s most important business processes. This phase of the project is known as:
  • 23. • 46 An organization is about to start its first disaster recovery planning project. The project manager is responsible for choosing project team members. Which staff members should be chosen for this project? • 47 The types of BCP and DRP tests are: • 48 Why is disaster recovery-related training a vital component in a DRP project? • 49 A DRP project team has determined that the RTO for a specific application shall be set to 180 minutes. Which option for a recovery system will best meet the application’s recovery needs? • 50 The primary reason for classifying disasters as natural or man-made is: =============================================== CIS 502 Week 1 Discussion Information Security and Risk Management For more course tutorials visit www.newtonhelp.com CIS 502 Week 1 Discussion
  • 24. “Information Security and Risk Management” Please respond to the following: From a management perspective, analyze the overall industry requirements and major organizational challenges of forming a sound information security program, and ascertain the fundamental manner in which regulations and compliancy may factor into the challenges in question. From the e-Activity, compare and contrast quantitative, qualitative, and hybrid risk assessment methodologies overall. Give one (1) example of when you would use each of the methods over the others. Justify your response. =============================================== CIS 502 Week 2 Assignment 1 Web Server Application Attacks (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers Assignment 1: Web Server Application Attacks
  • 25. Due Week 2 and worth 110 points It is common knowledge that Web server application attacks have become common in today’s digital information sharing age. Understanding the implications and vulnerabilities of such attacks, as well as the manner in which we may safeguard against them is paramount, because our demands on e-Commerce and the Internet have increased exponentially. In this assignment, you will examine the response of both the U.S. government and non-government entities to such attacks. To complete this assignment, use the document titled “Guidelines on Securing Public Web Servers”, located at http://csrc.nist.gov/publications/nistpubs/800-44-ver2/SP800- 44v2.pdf, to complete the assignment. Read the Network World article, “40% of U.S. government Web sites fail security test” also, located athttp://www.networkworld.com/news/2012/031512-dnssec- survey-2012-257326.html. Write a three to five (3-5) page paper in which you: Examine three (3) common Web application vulnerabilities and attacks, and recommend corresponding mitigation strategies for each. Provide a rationale for your response.
  • 26. Using Microsoft Visio or an open source alternative such as Dia, outline an architectural design geared toward protecting Web servers from a commonly known Denial of Service (DOS) attack.Note: The graphically depicted solution is not included in the required page length. Based on your research from the Network World article, examine the potential reasons why the security risks facing U.S. government Websites were not always dealt with once they were identified and recognized as such. Suggest what you believe to be the best mitigation or defense mechanisms that would help to combat the Domain Name System Security Extensions (DNSSEC) concerns to which the article refers. Propose a plan that the U.S. government could use in order to ensure that such mitigation takes place. The plan should include, at a minimum, two (2) mitigation or defense mechanisms. Use at least three (3) quality resources outside of the suggested resources in this assignment.Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
  • 27. Include charts or diagrams created in Visio or an open source alternative such as Dia. The completed diagrams / charts must be imported into the Word document before the paper is submitted. The specific course learning outcomes associated with this assignment are: Define common and emerging security issues and management responsibilities. Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures. Use technology and information resources to research issues in security management =============================================== CIS 502 Week 2 DiscussionRole-Based Access Controls For more course tutorials visit www.newtonhelp.com CIS 502 Week 2 Discussion “Role-Based Access Controls” Please respond to the following:
  • 28. Consider at least one (1) alternative to role-based access controls, and indicate where you believe this alternative method would help the security of the organization prosper. Perform research as needed and justify your answer. From the e-Activity, consider role-based access control (RBAC) methods in terms of file-level and database permissions, and formulate what you believe are the main advantages to using these methods in order to achieve ample security. =============================================== CIS 502 Week 3 Case Study 1 Advanced Persistent Threats Against RSA Tokens (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 3 Case Study 1 – Strayer New Case Study 1: Advanced Persistent Threats Against RSA Tokens Due Week 3 and worth 100 points
  • 29. Authentication breach by impersonation or password crack has been popular for attackers to breach our assets. The latest RSA APT attack to breach one of the most secure RSA tokens alerted the industry and reminded all of us that there is no security that can last forever. We must remain vigilant and stay ahead of the game. Read the following documents:  “APT Summit Findings” located in the online course shell  “RSA Security Brief” located in the online course shell Write a five to eight (5-8) page paper in which you: 1. Analyze the Advanced Persistent Threats (APT) Summit Findings article as well as the RSA Security Brief article and identify the vulnerabilities that existed in the system. 2. Analyze the attack methods carried out in pursuit of the authentication breach and explain which methods were successful and why. 3. Suggest three (3) techniques or methods to protect against APT attacks in the future as the CSO for a large organization.
  • 30. 4. Determine what types of technologies would help alleviate the problems identified in the articles assuming you are the CSO or CTO in an organization. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:  Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.  Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:  Describe the industry requirements and organizational challenges of forming a sound information security workforce from a management perspective.  Define common and emerging security issues and management responsibilities.
  • 31.  Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.  Explain access control methods and attacks.  Use technology and information resources to research issues in security management.  Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 3 DiscussionThe Security Problem in Software Development Life Cycle (SDLC) For more course tutorials visit www.newtonhelp.com CIS 502 Week 3 Discussion “The Security Problem in Software Development Life Cycle (SDLC)” Please respond to the following:
  • 32. From the e-Activity, contemplate the main reasons why you believe the Francophoned attacks were successful, and explore the key factors that made the social engineering aspect of the attacks so complex and so difficult to identify as malicious. From the e-Activity, based on the complexity of the Francophoned attacks, give your opinion of overall strategies that you believe security professionals could use in order keep up with the sophisticated nature of the attacks that result from the progression and sophistication of technologies. =============================================== CIS 502 Week 4 Case Study 2 Social Engineering Attacks and Counterintelligence (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 4 Case Study 2 – Strayer New Case Study 2: Social Engineering Attacks and Counterintelligence
  • 33. Due Week 4 and worth 100 points Social engineering attacks and counterintelligence have major impacts to our national security. In July 2010, the Afghan War Diary was released in WikiLeaks. In October 2010, WikiLeaks also released the largest military leak in history – the Iraq War Logs revealing the war occupation in Iraq. This type of information is considered as classified data by the Department of Defense. Read the article titled, “WikiLeaks Releases 400,000 Classified US Military Files”, located at Write a five to eight (5-8) page paper in which you: 1. Describe what social engineering and counterintelligence are and their potential implications to our national security in regard to the leaked Afghan War Diary and the Iraq War Logs. 2. Examine the importance of forming a sound information security workforce and describe the challenges faced by organizations in doing this as evidenced by the articles about the Afghan War Diary and the Iraq War Logs that were released in WikiLeaks.
  • 34. 3. Predict how the Afghan War Diary and the Iraq War Logs that were released in WikiLeaks could influence organizations in regard to their security policies and risk management procedures. 4. Propose two (2) methods to thwart this type of intelligence leak in the future and explain why each would be effective. 5. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:  Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.  Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:  Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures.
  • 35.  Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.  Define common and emerging security issues and management responsibilities.  Use technology and information resources to research issues in security management.  Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 4 Discussion Business Continuity Planning and Disaster Recovery Planning For more course tutorials visit www.newtonhelp.com CIS 502 Week 4 Discussion
  • 36. “Business Continuity Planning and Disaster Recovery Planning” Please respond to the following: Imagine that you are trying to receive funding for select planning projects. Compare and contrast the attributes of business continuity and disaster recovery plans, and suggest the primary ways in which you would explain these differences to your employer’s Board of Directors. Hwacer.com From the e-Activity, analyze each company’s plans, and provide three (3) examples of the key ways in which the business continuity and disaster recovery plans of the two (2) organizations are alike and three (3) examples of the ways in which they are different. =============================================== CIS 502 Week 5 Discussion Cryptography For more course tutorials visit www.newtonhelp.com CIS 502 Week 5 Discussion “Cryptography” Please respond to the following:
  • 37. Analyze the overall attributes of symmetric and asymmetric cryptography technologies. Discuss the advantages and disadvantages of each, and speculate upon the main reasons why organizations utilize both technologies today. Give an example of where you would consider using each of these forms of encryption within an organization to support your response. From the e-Activity, give your opinion of whether cryptography should be a part of every email security strategy or if there are specific characteristics of organizations where such measures are not needed. Justify your answer. =============================================== CIS 502 WEEK 6 Assignment 2 Critical Infrastructure Protection (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 WEEK 6 ASSIGNMENT 2 Assignment 2: Critical Infrastructure Protection Due Week 6 and worth 110 points
  • 38. According to the text, Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. You may use the following resources in order to complete the assignment, “National Infrastructure Protection Plan”, located at http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf DHS Critical Infrastructure Security Webpage, located at https://www.dhs.gov/topic/critical-infrastructure-security “NIST Framework for Improving Critical Infrastructure Cybersecurity,” located at http://www.nist.gov/cyberframework/upload/cybersecurity- framework-021214-final.pdf “NIST Roadmap for Improving Critical Infrastructure Cybersecurity,” located at http://www.nist.gov/cyberframework/upload/roadmap- 021214.pdf Write a three to five (3-5) page paper in which you: Interpret the Department of Homeland Security’s mission, operations and responsibilities. Detail the Critical Infrastructure Protection (CIP) initiatives, what they protect, and the methods we use to protect our assets.
  • 39. Analyze the way in which CIP has or has not advanced between the releases of the DHS’ NIPP and the NIST’s Framework for Improving Critical Infrastructure Cybersecurity. Justify your response. Describe the vulnerabilities that should concern IS professionals who protect the U.S.’s critical infrastructure. Suggest three (3) methods to improve the protection of the U.S.’s critical infrastructure, and justify each suggested method. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure, and indicate the strategic ways that you believe IS professionals could better serve as protectors. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:
  • 40. Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities. Evaluate potential situations of business interruption and the planning necessary to mitigate the threats involved. Compare and contrast business continuity and disaster recovery planning. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 6 Discussion Incident Response and Compliances For more course tutorials visit www.newtonhelp.com CIS 502 Week 6 Discussion “Incident Response and Compliances” Please respond to the following:
  • 41. From the first e-Activity, determine whether or not you believe that legislation and regulations have had the intended impact on the legal and ethical issues inherent in information security. From the second e-Activity, discuss the specifics of the incident you researched, and analyze the mitigation and recovery tactics that those impacted utilized. Determine whether or not you would have considered a different course of action than the one taken related to the incident that you researched. Justify your answer. =============================================== CIS 502 Week 7 Case Study 3 Mobile Devices Security (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 7 Case Study 3 – Strayer New Case Study 3: Mobile Devices Security
  • 42. Due Week 7 and worth 100 points The use of mobile devices is prevalent and growing rapidly as users heavily depend on them. Unfortunately, attackers follow the money and user population. In addition, mobile devices do not receive patches for their vulnerabilities. The Zeus-in-the-Mobile (ZitMo) attack against Android users is an example defeating the emerging technology to steal user’s credentials and ultimately money. Mobile devices can also spread malware. Read the article titled, “Mobile device attacks surge”, located at http://www.treasuryandrisk.com/2011/02/08/pr-mobile-device- attacks-surge, and FIPS 140-2 Security Policy, located at http://csrc.nist.gov/groups/STM/cmvp/documents/140- 1/140sp/140sp1648.pdf. In addition, read the report titled, “Emerging Cyber Threats 2012”, located at http://www.gtisc.gatech.edu/doc/emerging_cyber_threats_report2012. pdf. Write a five to eight (5-8) page paper in which you: 1. Describe the emerging cybersecurity issues and vulnerabilities presented in the “Emerging Cyber Threats 2012” report.
  • 43. 2. Analyze vulnerabilities of mobile devices in regard to usability and scale based on your research and suggest methods to mitigate the vulnerabilities of mobile devices. 3. Assess and describe the value of cryptography and encryption in regard to Equifax’s approach to implementing stronger security policies around mobile devices. 4. Justify Gunter Ollmann’s comments about Zeus-in-the-Mobile (ZitMo) and describe the implications of advanced security breaches such as this. 5. Several challenges of controlling information online are set forth in the section of the article titled, “Controlling Information Online – A New Frontier in Information Security”. Determine what you believe is the greatest challenge in regard to controlling information online. 6. Justify Dan Kuykendall’s statement about the biggest issue with mobile browsers and give two (2) examples illustrating his point. 7. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements:
  • 44.  Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.  Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:  Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.  Define common and emerging security issues and management responsibilities.  Explain access control methods and attacks.  Describe the applications and uses of cryptography and encryption.  Use technology and information resources to research issues in security management.
  • 45. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 7 DiscussionSecurity Policies and Procedures and Big Data For more course tutorials visit www.newtonhelp.com CIS 502 Week 7 Discussion “Security Policies and Procedures and Big Data” Please respond to the following: From the first e-Activity, analyze the chosen organization’s security policies and procedures, and provide an opinion of whether or not its policies and procedures are strong from an information security standpoint. Justify your opinion utilizing specific examples from your research. From the second e-Activity, determine what you believe to be the top two (2) security concerns related to big data, and give your opinion of what you believe are appropriate solutions to those problems, if solutions do exist. Justify your response. ===============================================
  • 46. CIS 502 WEEK 8 CASE STUDY Mobile Device Security and Other Threats (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 WEEK 8 CASE STUDY Case Study: Mobile Device Security and Other Threats Due Week 8 and worth 110 points Read the article titled, “Mobile Devices Will Be Biggest Business Security Threat in 2014”, located at http://www.businessnewsdaily.com/5670-mobile-devices-will-be- biggest-business-security-threat-in-2014.html, and reference FIPS 140-2 Security Policy, located at http://csrc.nist.gov/groups/STM/cmvp/documents/140- 1/140sp/140sp1648.pdf. In addition, read the Sophos report titled, “Security Threat Report 2014”, located at http://www.sophos.com/en- us/medialibrary/PDFs/other/sophos-security-threat-report-2014.pdf. Write a three to five (3-5) page paper in which you:
  • 47. Analyze the emerging security threats presented within the “Security Threat Report 2014” report. Analyze the major threats to mobile devices, and suggest at least two (2) methods to mitigate the concerns and make the devices more secure from an organizational standpoint. Justify your response. Determine whether or not you believe that the mobile device threats are the most critical and disturbing of all of the security threats presented in the articles. Provide a rationale for your response. Select one (1) security threat, unrelated to mobile devices, that you believe is the most alarming, and explain the main reasons why you believe that the chosen threat warrants concern. Suggest key strategies for mitigating the risk. Justify your response. Use at least three (3) quality resources in this assignment. Note:Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
  • 48. The specific course learning outcomes associated with this assignment are: Define common and emerging security issues and management responsibilities. Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities. Explain access control methods and attacks. Describe the applications and uses of cryptography and encryption. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 8 Discussion Logical and Physical Security For more course tutorials visit www.newtonhelp.com CIS 502 Week 8 Discussion “Logical and Physical Security” Please respond to the following:
  • 49. From the e-Activity, evaluate the effectiveness of the physical and environmental security measures that the organization you researched used in regard to protecting its assets. Indicate improvements to the organization’s security measures where applicable. Justify your response. Consider a scenario where a financial company, whose management harbors concerns about its immature security posture, has quickly expanded its operations into multiple locations throughout the U.S. Indicate where you believe the company should begin in its securing process with the top-three (3) logical security measures and top-three (3) physical security measures that most concern to you. Justify the main reasons why you believe that the six (6) measures indicated are so critical. =============================================== CIS 502 Week 9 Assignment 3 Cybersecurity (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 9 Assignment 3 – Strayer New
  • 50. Assignment 3: Cybersecurity Due Week 9 and worth 50 points Cybersecurity is such an important topic today and understanding its implications is paramount in the security profession. Compliance, certification, accreditation, and assessment are critical in understanding the legal and ethical procedures to follow as a security professional. In support of cybersecurity initiatives, the National Initiative for Cyber Security Education (NICE) has published several initiatives in regard to protecting national security. The following document titled, “National Initiative for Cybersecurity Education”, located at http://csrc.nist.gov/nice/framework/documents/NICE- Cybersecurity-Workforce- Framework-Summary-Booklet.pdf, will be used to help you complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the National Initiative for Cyber Security Education and describe the initiative. 2. Assess the value of the NICE framework. Discuss the importance of this framework in regard to the security profession and individual organizations. 3. Suggest three (3) examples that illustrate the importance of the National Initiative for Cyber Security Education initiative.
  • 51. 4. Describe the expected outcomes of this initiative. 5. Evaluate how organizations can implement the NICE framework to prevent internal and external attacks. 6. Determine how the NICE framework addresses the legal and ethical issues in the field of information security. 7. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. The specific course learning outcomes associated with this assignment are:
  • 52. Evaluate and explain from a management perspective the industry-standard equipment, tools, and technologies organizations can employ to mitigate risks and thwart both internal and external attacks. Describe the legal and ethical issues inherent in information security. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. =============================================== CIS 502 Week 9 Discussion Security Models and Cloud Operations For more course tutorials visit www.newtonhelp.com CIS 502 Week 9 Discussion “Security Models and Cloud Operations” Please respond to the following:
  • 53. From the first e-Activity, analyze the industry researched for each security model would be most applicable, and explain why you believe that to be the case. Identify the security models from your findings. From the second e-Activity, ascertain the primary way in which the organization that you researched was able to leverage a cloud solution while overcoming its security concerns. Discuss whether or not you believe that the security concerns surrounding cloud operations are warranted. Justify your answers with real-world examples from applicable situations, where appropriate. =============================================== CIS 502 Week 10 DiscussionEmerging Technologies and Mobile Devices For more course tutorials visit www.newtonhelp.com CIS 502 Week 10 Discussion “Emerging Technologies and Mobile Devices” Please respond to the following:
  • 54. From the e-Activity, choose the one (1) emerging technology you believe will have the biggest impact on telecommunications and network security within the next two (2) years, and explain the main reasons why you believe this will be the case. Justify your answer. As people and organizations alike are relying more on mobile devices for company communications, give your opinion of what you believe are the top-three (3) concerns with mobile devices and security, and determine the major ways in which these concerns may affect the organization. Additionally, select at least one (1) security solution for mobile devices, and suggest the primary way in which you believe that such a solution could assist in the risk mitigation process. =============================================== CIS 502 Week 10 Technical Paper Risk Assessment (2 Papers) For more course tutorials visit www.newtonhelp.com This Tutorial contains 2 Papers CIS 502 Week 10 Technical Paper Technical Paper: Risk Assessment Global Finance, Inc. Internet OC193 10Gbps
  • 55. Remote Dial UpUsers OC193 10Gbps DMZ Border (Core) Routers Distribution Routers VPN Gateway 10Gbps RAS PBX Printers Mgmt (x3) Credit Dept Finance Accounting Worstations Printers Worstations (x5) LoanDept WorstationsPrinters 10Gbps 10 Gbps 10 Gbps Oracle 9i DB Server 10 Gbps Access Layer VLAN Switch 10 Gbps
  • 56. 10 Gbps Exchange 2000 Email Worstations (x10)Printers (x3) Worstations (x49) Printers (x25) Customer Services Worstations (x12) (x5) Printers (x3) SUS Server (x5) (x63) (x7) Off-Site Office VPN Gateway PSTN Intranet Web Server Internal DNS File and Print Server Workstations (x7) 100Mbps Trusted Computing Base Internal Network
  • 57. Global Finance, Inc. Network Diagram Above is the Global Finance, Inc. (GFI) network diagram. GFI has grown rapidly this past year and acquired many network devices as displayed in the diagram. The company invested in the network and designed it to be fault tolerant and resilient from any network failures. However, although the company’s financial status has matured and its network has expanded at a rapid pace, its network security has not kept up with the company growth. GFI’s network is fairly stabilized as it has not experienced many outages due to network failures. GFI has hired three (3) network engineers to keep up with the network growth and the bandwidth demand by the company employees and the clients. However, the company has not hired any security personnel who can take care of the operational security responsibility. The trusted computing base (TCB) internal network in the Global Finance, Inc. Network Diagram hosts the company’s mission critical systems without which the company’s operations and financial situation would suffer. The Oracle database and email systems are among the most intensively used application servers in the company. GFI cannot afford system outages because its cash flow and financial systems heavily depend on the network stability. GFI has experienced DOS network attacks twice this year and its Oracle database and email servers had been down for a week. The recovery process required GFI to use $25,000 to restore its operations back to normal. GFI estimated the loss from these network attacks at more than $100,000 including lost customer confidence. Write a twelve to fifteen (12-15) page formal risk assessment proposal and redraw the above diagram of a secure and risk- mitigating model in which you:
  • 58. 1. Describe the company network, interconnection, and communication environment. 2. Assess risk based on the Global Finance, Inc. Network Diagram scenario. Note: Your risk assessment should cover all the necessary details for your client, GFI Inc., to understand the risk factors of the organization and risk posture of the current environment. The company management will decide what to mitigate based on your risk assessment. Your risk assessment must be comprehensive for the organization to make data-driven decisions. a. Describe and defend your assumptions as there is no further information from this company. The company does not wish to release any security-related information per company policy. b. Assess security vulnerabilities, including the possibility of faulty network design, and recommend mitigation procedures for each vulnerability. c. Justify your cryptography recommendations based on data-driven decision making and objective opinions. 3. Examine whether your risk assessment methodology is quantitative, qualitative, hybrid, or a combination of these. 4. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. 5. Create the redrawn diagram of a secure and risk-mitigating model using Microsoft Visio or its open source equivalent. Note: The graphically depicted solution is not included in the required page length. Your assignment must follow these formatting requirements: Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must
  • 59. follow APA or school-specific format. Check with your professor for any additional instructions. 6. Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length. 7. Include charts or diagrams created in Excel, Visio, MS Project, or one of their equivalents such as Open Project, Dia, and OpenOffice. The completed diagrams/charts must be imported into the Word document before the paper is submitted. The specific course learning outcomes associated with this assignment are Evaluate an organization’s security policies and risk management procedures, and its ability to provide security countermeasures Describe the details and the importance of application security models and their implementation from a management perspective. Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities Evaluate and explain from a management perspective the industry- standard equipment, tools, and technologies organizations can employ to mitigate risks and thwart both internal and external attacks. Explain access control methods and attacks. Use technology and information resources to research issues in security management. Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions. ===============================================