CMGT/400 Intro to Information Assurance & Security

    

 
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 ENTIRE CLASS

CMGT/400 WEEK 1

 

Everything Listed for Week 1 is included in Tutorial purchase!

 

Individual: Threats, Attacks, and Vulnerability Assessment

Includes Paper and MS Visio Diagram (fully editable diagram!)
Throughout this course you will study the different roles that contribute to an organization's information security and assurance.
Part A:
Select an organization you wish to explore and use throughout the course. As for the company, it's an organization you will choose so it can be hypothetical, the current organization you may work for, a wellknown and real-life public or private organization (e.g. Amazon, Google, Bank of America, etc.). This part is up to you. As you make your
selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst, Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer.
You need sufficient knowledge of the organization you select to complete these security assignments.
Part B:
A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyberrelated interests.
Take on the role of a Cyber Security Threat Analyst for the organization you select. Complete the Threats, Attacks, and Vulnerability Assessment Template to create an assessment document. Regarding the system model referenced in the template, the system model can be presented in the form of a network diagram since the assets will cover cloud, network, information systems, etc. You can create a diagram using Microsoft Visio, Lucidchart, or use one from your web and/or research. A sample diagram is attached for ideas and consideration.
This attachment is a sample and can't be used for the assignment since it doesn't cover all of what's needed for this particular assignment.

Submit the assignment.

 

Supporting Activity: Information Assets

 

Supporting Activity: CIA Triad

 

Supporting Activity: Examples of Information Protection

 

 

 

CMGT400 WEEK 2 Organization risks and threats
CMGT/400 WEEK 2 Common Information Security Threats
CMGT/400 WEEK 2 Social Network, cmgt400 Regulatory Standards
CMGT/400 Financial Service Security Engagement

CMGT/400 Week 2

Everything Listed for Week 2 is included in Tutorial purchase!

 

Learning Team: Financial Service Security Engagement
Instructions:
Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to, and manages investment portfolios for, high net-worth individuals.
Your organization just completed the migration of the account managers to a cloud-based, customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account management systems to improve the sales of investment products to customers and potential customers and for managing customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.
Management hopes the new cloud-based CRM, integrated with the onsite software applications that manage customer accounts and investment portfolios will help the organization to generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue.
The Chief Information Security Officer (CISO) of your organization is concerned about the security of this new system and its integration to existing systems and has requested that your team complete the following 6- to 8-page security analysis in Microsoft Word format:
• Create a plan that addresses the secure use of mobile devices by internal employees

   and external employees as they use mobile devices to access these applications.
• Recommend physical security and environmental controls to protect the data center

   which runs the on-site applications.
• Propose audit assessment and processes that will be used to ensure that the cloud-

    based CRM software provider uses appropriate physical security and environmental

    controls to protect their data centers which run your cloud-based CRM software.
• Develop identity and access management policies for both the onsite systems and the

    cloud-based CRM.
• Recommend cryptography and public key infrastructure (PKI) uses which could be used

    to increase security for these systems.
Submit the assignment.

 

Individual: Penetration Testing Plan

A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.
Take on the role of Penetration Tester for the organization you chose in Week 1.
Complete the Penetration Testing Plan Template to create a Penetration Testing Plan for the organization you chose.
Research/Consider and include the following:
• Pentest Pre-Planning
• Engagement timeline: Tasks and who performs them
• Team location: Where will the penetration team execute their tests? Team location

    can be the location of the teams involved with testing such as IT Operations. It's not

    uncommon for teams to operate in separate locations. Therefore, for this assignment  

    the team location can be San Francisco, CA or it can be at the company

    headquarters such as Seattle, WA. This part is all fictional data so feel free to complete

    this portion of the assignment however you like. If you need ideas, you can look at

     larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they tend

     to share a good deal of information on their websites about their organizations, office

     locations, corporate offices, etc.
• Organization locations tested: multiple locations, countries (export restrictions and

    government restrictions). Organization location can be the headquarters of the

    corporate office (e.g. Seattle, WA).
• Which pentest technologies will be used? Consider the following as you research

    options:
• Scanning Tools: Nmap, Nikto
• Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
• OSINT Tools: Whois, TheHarvester
• Wireless Tools: Aircrack-ng, Kismet
• Networking Tools: Wireshark, Hping
• What client personal are aware of the testing?
• What resources provided to pentest team?
• Test Boundaries:
• What is tested?
• Social engineering test boundaries? What is acceptable?
• What are the boundaries of physical security tests?
• What are the restrictions on invasive pentest attacks?
• What types of corporate policy affect your test?
• Gain Appropriate authorization (Including third-party authorization)
• Pentest Execution Planning: Given the scope and constraints you developed in your

   Pentest Pre-Plan, plan the following pentest execution activities
• Reconnaissance
• Scanning
• Gaining Access
• Maintaining Access
• Covering Tracks
• Pentest Analysis and Report Planning:
• Analyze pentest results
• Report pentest results
• Project sponsor can be CIO, CISO, CEO, the board, etc.
• Business context for penetration test is a business statement for why the test is needed.
• Project scope description can be application testing, internal/external network testing,

    wifi testing, physical security testing, social engineering testing. These are common

   scopes for real-world penetration testing.
• Date prepared & prepared by are the current date and you can list your name.
• Organization location can be the headquarters of the corporate office (e.g. Seattle,

   WA).
• Team location can be the location of the teams involved with testing such as IT

   Operations. It's not uncommon for teams to operate inseparate locations. Therefore, for

   this assignment the team location can be San Francisco, CA or it can be at the

   company headquarters such as Seattle, WA. This part is all fictional data so feel free to

    complete this portion of the assignment however you like. If you need ideas, you can

   look at larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they

   tend to share a good deal of information on their websites about their organizations,

   office locations, corporate offices, etc.
      • Regarding the chart on page 2 in the template that contains ID, Activity, Resource,

    Labor, Material, & Total Cost, here's what to consider for each:
      • ID: simple numbering system (1, 2, 3, etc.)
      • Activity: related activity or specific tasks required to complete the work
      • Resource: resources (tool, etc.) needed to complete the work
      • Labor: how much labor is required by individuals to complete the work
      • Material: what's needed to complete the item
• The items related to the chart on page 2 are all directly related to the work required to complete penetration test activities and manage the effort. Please search the web for examples and some ideas. These numbers and information can be estimates.
Submit the assignment.

 

Supporting Activity: Audit Tool

 

Supporting Activity: Regulatory Standards

 

Supporting Activity: Social Network

 

Supporting Activity: Risks and Access Controls

 

Supporting Activity: Corporate Laptop Protection

 

Supporting Activity: Effective Ways to Save Money

 

 

 

CMGT400 WEEK 3 Securing and Protecting Information
CMGT400 WEEK 3 Review of IT Systems Development Practices
CMGT/400 Week 3 Create a 5-slide Microsoft PowerPoint presentation which communicates the changes and/or best practices that must be incorporated within the IT development function. This development function is critical,

CMGT/400 Week 3

 

Everything Listed for Week 1 is included in Tutorial purchase!

 

Individual: Security Standards, Policies, and Procedures Manual
Instructions:
Cyber Security Engineers are responsible for safeguarding computer networks and systems in an organization in order to protect the sensitive data they store.
Take on the role of Cyber Security Engineer for the organization you chose in Week 1.
Complete the Security Standards, Policies, and Procedures Template with recommendations to management of security standards, polices, and procedures which should be implemented in your chosen organization.
Research and include the following:
• Explain the importance to your organization of implementing security policies, plans,

   and procedures. Discuss how security policies, plans, and procedures will improve the

  overall security of the organization.

• Recommend appropriate policies and procedures for:
• Data privacy
• Data isolation
• NDA
• IP Protection
• Passwords
• Acceptable use of organizational assets and data
• Employee policies (separation of duties/training)
• Risk response
   • Avoidance
   • Transference
   • Mitigation
   • Acceptance
• Compliance examples that might affect your organization or others [Regulatory,

   Advisory, Informative]
   • HIPPA
   • FERPA
  • ISO
   • NIST
   • SEC
   • Sarbanes/Oxley
• Incident response
   • Preparation
   • Identification
   • Containment
   • Eradication
   • Recovery
   • Lessons learned
• Auditing
• Environmental/Physical
• Administrative
• Configuration
Submit the assignment.

 

Supporting Activity: Effective Controls of Health Care Information

 

Supporting Activity: Access Control Methods

 

Supporting Activity: Vulnerabilities in virtualization and in the Cloud

 

Supporting Activity: Corporate Laptop Protection

 

Supporting Activity: Data Recovery

 

 

CMGT/400 WEEK 4 Create Secure Environment
CMGT400 WEEK4 The Role of the Information Security Policy
COMING SOON!
CMGT/400 Week 4

 

Everything Listed for Week 4 is included in purchase - Individual AND Team Assignments!

 

Learning Team: Disaster Recovery and Business Continuity Plan
Instructions:
Using the financial services scenario from the Week 2 Learning Team assignment, "Financial Service Security Engagement," create a Disaster Recovery and Business Continuity Plan in Microsoft Word with a minimum of 8 pages with the following:
• Determine the recovery model for your backup and recovery strategy

• Design the backup strategy and include a diagram to document your backup

    strategy. Include recovery steps in your diagram
• Recommend a schedule for backups
• Explain how you will test your backup and recovery strategy
• Recovery sites
   • Hot site
   • Warm site
   • Cold site
• Order of restoration
• Backup types
   • Differential
   • Incremental
   • Snapshot
• Full
• Geographic considerations
   • Off-site backups
   • Distance
   • Location selection
   • Legal implications
   • Legal implications
   • Data sovereignty
• Continuity of operation
   • Exercises
   • After-action reports
   • Failover
   • Alternate processing sites
   • Alternate business

Submit the assignment.

 

 

Individual: Security Risk Mitigation Plan
Instructions:
A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.
Take on the role of Risk Management Analyst for the organization you chose in Week 1.
Complete the Security Risk Mitigation Plan Template for the organization you chose.
Submit the assignment.

 


Supporting Activity: Staff Awareness

 

Supporting Activity: Effective Controls of Health Care Information

Supporting Activity: Corporate Laptop Policy

 

 

 

CMGT/400 WEEK 4 Create Secure Environment
CMGT410 WEEK 5 Consolidate your assignments from Weeks Two, Three, and Four, incorporating faculty feedback into a 20- to 30-slide Microsoft PowerPoint presentation.

             CMGT/400 Week 5 Educate the Board of Directors on IT Security Issues and Costs

COMING SOON!

CMGT/400 Week 5

 

Everything Listed for Week 5 is included in purchase - Individual AND Team Assignments!

 

 

Individual: Secure Staging Evironment Design and Coding Technique Standards Technical Guide
Instructions:
A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.
Take on the role of Software Engineer for the organization you selected in Week 1.
Use the technical guide template to create a 3- to 4-page Secure Staging Environment Design and Coding Technique Standards Technical Guide for the organization you chose.
Research and include the following:
• Design a secure staging environment for your organization
• Diagram your staging environment
• Include descriptions for each object in your environment
• Create a secure coding technique/quality and testing standard for your organization

    covering the following secure coding techniques:
• Proper error handling
• Proper input validation
• Normalization
• Stored procedures
• Code signing
• Encryption
• Obfuscation/camouflage
• Code reuse/dead code
• Server-side vs. client-side execution and validation
• Memory management
• Use of third-party libraries and ADKs
• Data exposure
• Code quality and testing
• Automation
• Static code analyzers
• Dynamic analysis (e.g. fuzzing)
• Stress testing
• Sandboxing
• Model verification
Submit the assignment.


Supporting Activity: Internal Auditor

Considering the role of an internal IT auditor, research a day in the life of an internal IT auditor.
Discuss an internal IT auditor's background type, skills, and the experience you think should be a requirement for someone applying for that job.

 

Supporting Activity: Professional Education

A prospective employer recruiting for a security role may get applications from people with a wide variety of backgrounds in terms of experience and education.
Discuss how you would weigh the value of a four year degree, industry certifications, and vendor specific certifications.

 

Supporting Activity: Global Encryption Laws

Read the article International Cryptography Regulation and the Global Information Economy and answer the question "How will the difference in encryption laws influence global organizations security policy and technical implementation."

 

Supporting Activity: Cyber Incident Policy and Response Program

Hospitals are an increasing target of cybercriminals including organized criminal gangs and ransomware. Although many organizations are developing security prevention and detection programs, a weakness in predefined incident response policies and processes exist. In an effort to reduce risk to hospital critical infrastructures, information assets
and patients, Johns Hopkins has developed a robust security program including formal incident response protocols and processes. What recommendations do you have for Johns Hopkins Cyber Incident Policy and Response Program? How can this program be applied to your organization?