CMGT/400 Intro to Information Assurance & Security

CMGT/400 Entire Class     CMGT/400 Entire Class 2019

Or you may purchase tutorials by the Week below.
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 ENTIRE CLASS

CMGT/400 WEEK 1

 

Everything Listed for Week 1 is included in Tutorial purchase!

 

Individual: Threats, Attacks, and Vulnerability Assessment

Includes: Assessment Paper

Includes: Microsoft Visio Diagram (fully editable diagram!)

Includes: Discussion Questions
Throughout this course you will study the different roles that contribute to an organization's information security and assurance.
Part A:
Select an organization you wish to explore and use throughout the course. As for the company, it's an organization you will choose so it can be hypothetical, the current organization you may work for, a wellknown and real-life public or private organization (e.g. Amazon, Google, Bank of America, etc.). This part is up to you. As you make your
selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst, Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer.
You need sufficient knowledge of the organization you select to complete these security assignments.
Part B:
A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyberrelated interests.
Take on the role of a Cyber Security Threat Analyst for the organization you select. Complete the Threats, Attacks, and Vulnerability Assessment Template to create an assessment document. Regarding the system model referenced in the template, the system model can be presented in the form of a network diagram since the assets will cover cloud, network, information systems, etc. You can create a diagram using Microsoft Visio, Lucidchart, or use one from your web and/or research. A sample diagram is attached for ideas and consideration.
This attachment is a sample and can't be used for the assignment since it doesn't cover all of what's needed for this particular assignment.

Submit the assignment.

 

NOTE: Discussion questions may be different, depending on which Instructor you get.

 

Supporting Activity: Information Assets

 

Supporting Activity: CIA Triad

 

Supporting Activity: Examples of Information Protection

 

 

 

CMGT400 WEEK 2 Penetration Testing Plan
CMGT/400 WEEK 2 Learning Team: Financial Service Security Engagement
CMGT400 WEEK 2 Penetration Testing Plan
CMGT/400 WEEK 2 Learning Team: Financial Service Security Engagement

CMGT/400 Week 2

Everything Listed for Week 2 is included in Tutorial purchase!

 

Learning Team: Financial Service Security Engagement
Instructions:
Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to, and manages investment portfolios for, high net-worth individuals.
Your organization just completed the migration of the account managers to a cloud-based, customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account management systems to improve the sales of investment products to customers and potential customers and for managing customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.
Management hopes the new cloud-based CRM, integrated with the onsite software applications that manage customer accounts and investment portfolios will help the organization to generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue.
The Chief Information Security Officer (CISO) of your organization is concerned about the security of this new system and its integration to existing systems and has requested that your team complete the following 6- to 8-page security analysis in Microsoft Word format:
• Create a plan that addresses the secure use of mobile devices by internal employees

   and external employees as they use mobile devices to access these applications.
• Recommend physical security and environmental controls to protect the data center

   which runs the on-site applications.
• Propose audit assessment and processes that will be used to ensure that the cloud-

    based CRM software provider uses appropriate physical security and environmental

    controls to protect their data centers which run your cloud-based CRM software.
• Develop identity and access management policies for both the onsite systems and the

    cloud-based CRM.
• Recommend cryptography and public key infrastructure (PKI) uses which could be used

    to increase security for these systems.
Submit the assignment.

 

Individual: Penetration Testing Plan

A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.
Take on the role of Penetration Tester for the organization you chose in Week 1.
Complete the Penetration Testing Plan Template to create a Penetration Testing Plan for the organization you chose.
Research/Consider and include the following:
• Pentest Pre-Planning
• Engagement timeline: Tasks and who performs them
• Team location: Where will the penetration team execute their tests? Team location

    can be the location of the teams involved with testing such as IT Operations. It's not

    uncommon for teams to operate in separate locations. Therefore, for this assignment  

    the team location can be San Francisco, CA or it can be at the company

    headquarters such as Seattle, WA. This part is all fictional data so feel free to complete

    this portion of the assignment however you like. If you need ideas, you can look at

     larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they tend

     to share a good deal of information on their websites about their organizations, office

     locations, corporate offices, etc.
• Organization locations tested: multiple locations, countries (export restrictions and

    government restrictions). Organization location can be the headquarters of the

    corporate office (e.g. Seattle, WA).
• Which pentest technologies will be used? Consider the following as you research

    options:
• Scanning Tools: Nmap, Nikto
• Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
• OSINT Tools: Whois, TheHarvester
• Wireless Tools: Aircrack-ng, Kismet
• Networking Tools: Wireshark, Hping
• What client personal are aware of the testing?
• What resources provided to pentest team?
• Test Boundaries:
• What is tested?
• Social engineering test boundaries? What is acceptable?
• What are the boundaries of physical security tests?
• What are the restrictions on invasive pentest attacks?
• What types of corporate policy affect your test?
• Gain Appropriate authorization (Including third-party authorization)
• Pentest Execution Planning: Given the scope and constraints you developed in your

   Pentest Pre-Plan, plan the following pentest execution activities
• Reconnaissance
• Scanning
• Gaining Access
• Maintaining Access
• Covering Tracks
• Pentest Analysis and Report Planning:
• Analyze pentest results
• Report pentest results
• Project sponsor can be CIO, CISO, CEO, the board, etc.
• Business context for penetration test is a business statement for why the test is needed.
• Project scope description can be application testing, internal/external network testing,

    wifi testing, physical security testing, social engineering testing. These are common

   scopes for real-world penetration testing.
• Date prepared & prepared by are the current date and you can list your name.
• Organization location can be the headquarters of the corporate office (e.g. Seattle,

   WA).
• Team location can be the location of the teams involved with testing such as IT

   Operations. It's not uncommon for teams to operate inseparate locations. Therefore, for

   this assignment the team location can be San Francisco, CA or it can be at the

   company headquarters such as Seattle, WA. This part is all fictional data so feel free to

    complete this portion of the assignment however you like. If you need ideas, you can

   look at larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they

   tend to share a good deal of information on their websites about their organizations,

   office locations, corporate offices, etc.
      • Regarding the chart on page 2 in the template that contains ID, Activity, Resource,

    Labor, Material, & Total Cost, here's what to consider for each:
      • ID: simple numbering system (1, 2, 3, etc.)
      • Activity: related activity or specific tasks required to complete the work
      • Resource: resources (tool, etc.) needed to complete the work
      • Labor: how much labor is required by individuals to complete the work
      • Material: what's needed to complete the item
• The items related to the chart on page 2 are all directly related to the work required to complete penetration test activities and manage the effort. Please search the web for examples and some ideas. These numbers and information can be estimates.
Submit the assignment.

 

 

NOTE: Discussion questions may be different, depending on which Instructor you get.

 

Supporting Activity: Audit Tools

 

Supporting Activity: Regulatory Standards

 

Supporting Activity: Social Network

 

Supporting Activity: Risks and Access Controls

 

Supporting Activity: Corporate Laptop Protection

 

Supporting Activity: Effective Ways to Save Money

 

 

 

CMGT400 WEEK 3 Security Standards, Policies, and Procedures Manual
CMGT400 WEEK 3 Security Standards, Policies, and Procedures Manual
CMGT400 WEEK 3 Security Standards, Policies, and Procedures Manual
CMGT/400 Security Standards, Policies, and Procedures Manual

CMGT/400 Week 3

 

Everything Listed for Week 1 is included in Tutorial purchase!

 

Individual: Security Standards, Policies, and Procedures Manual
Instructions:
Cyber Security Engineers are responsible for safeguarding computer networks and systems in an organization in order to protect the sensitive data they store.
Take on the role of Cyber Security Engineer for the organization you chose in Week 1.
Complete the Security Standards, Policies, and Procedures Template with recommendations to management of security standards, polices, and procedures which should be implemented in your chosen organization.
Research and include the following:
• Explain the importance to your organization of implementing security policies, plans,

   and procedures. Discuss how security policies, plans, and procedures will improve the

  overall security of the organization.

• Recommend appropriate policies and procedures for:
• Data privacy
• Data isolation
• NDA
• IP Protection
• Passwords
• Acceptable use of organizational assets and data
• Employee policies (separation of duties/training)
• Risk response
   • Avoidance
   • Transference
   • Mitigation
   • Acceptance
• Compliance examples that might affect your organization or others [Regulatory,

   Advisory, Informative]
   • HIPPA
   • FERPA
  • ISO
   • NIST
   • SEC
   • Sarbanes/Oxley
• Incident response
   • Preparation
   • Identification
   • Containment
   • Eradication
   • Recovery
   • Lessons learned
• Auditing
• Environmental/Physical
• Administrative
• Configuration
Submit the assignment.

 

 

NOTE: Discussion questions may be different, depending on which Instructor you get.

 

Supporting Activity: Effective Controls of Health Care Information

 

Supporting Activity: Access Control Methods

 

Supporting Activity: Vulnerabilities in virtualization and in the Cloud

 

Supporting Activity: Corporate Laptop Protection

 

Supporting Activity: Data Recovery

 

 

CMGT400 WEEK 4 Security Risk Mitigation Plan
CMGT400 WEEK 4 Security Risk Mitigation Plan
CMGT400 WEEK 4 Security Risk Mitigation Plan
CMGT/400 Week 4

 

Individual: Security Risk Mitigation Plan
Includes: Security Risk Mitigation Plan

Includes: Discussion Questions
A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.
Take on the role of Risk Management Analyst for the organization you chose in Week 1.
Complete the Security Risk Mitigation Plan Template for the organization you chose.
Submit the assignment.

Security Policies and Controls

[Response]

Password Policies

[Response]

Administrator Roles and Responsibilities

[Response]

User Roles and Responsibilities

[Response]

Authentic Strategy

[Response]

Intrusion Detection and Monitoring Strategy

[Response]

Virus Detection Strategies and Protection

[Response]

Auditing Policies and Procedures

[Response]

Education Plan

Develop an education plan for employees on security protocols and appropriate use.
[Response]

Risk Response

Include: Avoidance, Transference, Mitigation, and Acceptance.
[Response]

Change Management/Version Control

[Response]

Acceptable Use of Organization Assets and Data

[Response]

Employee Policies

Explain the separations of duties and training.
[Response]

Incident Response

Document incident types and category definitions, roles and responsibilities, reporting requirements and escalation, and cyber-incident response teams.
[Response]

Incident Response Process

Discuss the incident response process including: preparation, identification, containment, eradication, recovery, and lessons learned.

[Response]

 

 

Learning Team Assignment not included

 


 

NOTE: Discussion questions may be different, depending on which Instructor you get.

 

Supporting Activity: Staff Awareness

 

Supporting Activity: Effective Controls of Health Care Information

Supporting Activity: Corporate Laptop Policy

 

Supporting Activity: How to Protect Your Organization from Ransomware

 

Supporting Activity: Encryption

 

...and many more!

 

CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide
CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide

             CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide

CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide

CMGT/400 Week 5

 

Everything Listed for Week 5 is included in purchase!

 

Individual: Secure Staging Evironment Design and Coding Technique Standards Technical Guide
Includes: Secure Staging Guide

Includes: Microsoft Visio Diagram of Staging Environment

Includes: Discussion Questions
A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.
Take on the role of Software Engineer for the organization you selected in Week 1.
Use the technical guide template to create a 3- to 4-page Secure Staging Environment Design and Coding Technique Standards Technical Guide for the organization you chose.
Research and include the following:
• Design a secure staging environment for your organization
• Diagram your staging environment
• Include descriptions for each object in your environment
• Create a secure coding technique/quality and testing standard for your organization

    covering the following secure coding techniques:
• Proper error handling
• Proper input validation
• Normalization
• Stored procedures
• Code signing
• Encryption
• Obfuscation/camouflage
• Code reuse/dead code
• Server-side vs. client-side execution and validation
• Memory management
• Use of third-party libraries and ADKs
• Data exposure
• Code quality and testing
• Automation
• Static code analyzers
• Dynamic analysis (e.g. fuzzing)
• Stress testing
• Sandboxing
• Model verification
Submit the assignment.

 

NOTE: Discussion questions may be different, depending on which Instructor you get.


Supporting Activity: Secure Software and Systems

 

Supporting Activity: Threat Modeling

 

Supporting Activity: Internal Auditor

 

Supporting Activity: Professional Education

 

Supporting Activity: Global Encryption Laws

 

Supporting Activity: Cyber Incident Policy and Response Program