CMGT/400 Intro to Information Assurance & Security

CMGT/400 Entire Class     CMGT/400 Entire Class 2019

Or you may purchase tutorials by the Week below.
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 Threats, Attacks, and Vulnerability Assessment
CMGT/400 ENTIRE CLASS

CMGT/400 WEEK 1

 

Everything Listed for Week 1 is included in Tutorial purchase!

 

Individual: Threats, Attacks, and Vulnerability Assessment

Includes: Assessment Paper

Includes: Microsoft Visio Diagram (fully editable diagram!)

Includes: Discussion Questions
Throughout this course you will study the different roles that contribute to an organization's information security and assurance.
Part A:
Select an organization you wish to explore and use throughout the course. As for the company, it's an organization you will choose so it can be hypothetical, the current organization you may work for, a wellknown and real-life public or private organization (e.g. Amazon, Google, Bank of America, etc.). This part is up to you. As you make your
selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst, Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer.
You need sufficient knowledge of the organization you select to complete these security assignments.
Part B:
A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyberrelated interests.
Take on the role of a Cyber Security Threat Analyst for the organization you select. Complete the Threats, Attacks, and Vulnerability Assessment Template to create an assessment document. Regarding the system model referenced in the template, the system model can be presented in the form of a network diagram since the assets will cover cloud, network, information systems, etc. You can create a diagram using Microsoft Visio, Lucidchart, or use one from your web and/or research. A sample diagram is attached for ideas and consideration.
This attachment is a sample and can't be used for the assignment since it doesn't cover all of what's needed for this particular assignment.

Submit the assignment.

 

Discussion Questions include THREE (3 each) a\Answers to each DQ! A+ Work!

 

Discussion: Penetration Testing

Includes THREE (3 Answers) to each DQ!

Penetration testers specialize in analyzing an organization for the purpose of making an authorized simulated attack on the organization's IT systems, to evaluate the security of its IT systems.
The ability to analyze an organization's security and make authorized simulated attacks on it, to identify security risks, is a useful skill for anyone involved in cybersecurity to develop--not just penetration testers.
This week you will select an organization you wish to explore throughout the course. Discuss how you will analyze the security of the organization prior to conducting a penetration test. Why is it important to gain authorization before you conduct a penetration test? How do you plan to attack the organization's IT systems? How will you report vulnerabilities which you identify back to the organization?

 

Discussion: Threats and Vulnerability Scanning

Includes THREE (3 Answers) to each DQ!

Open Vulnerability Assessment System (OpenVAS) is free software that draws on a database of known vulnerabilities for various types of network devices. The software scans the network and collects information by monitoring various open ports to determine whether a given host is vulnerable to any of the known security threats. Based on the information collected, the vulnerability assessment software suggests solutions to address the detected vulnerabilities.
Discuss how you could use OpenVAS to identify and resolve security threats and vulnerabilities in an organization's IT infrastructure. How could cloud-based vendors use OpenVAS to identify and resolve security threats and vulnerabilities in cloud-based services, platforms, and software applications which they provide? Why would you need to continue to run OpenVAS on a periodic basis to continue to scan for threats and vulnerabilities?

 

*** BONUS Discussion Questions (and Answers) ***

shown below are also included in the Week 1 tutorials!

 

Supporting Activity: Information Assets

 

Supporting Activity: CIA Triad

 

Supporting Activity: Examples of Information Protection

 

 

 

CMGT400 WEEK 2 Penetration Testing Plan
CMGT/400 WEEK 2 Learning Team: Financial Service Security Engagement
CMGT400 WEEK 2 Penetration Testing Plan
CMGT/400 WEEK 2 Learning Team: Financial Service Security Engagement

CMGT/400 Week 2

Everything Listed for Week 2 is included in Tutorial purchase!

 

Learning Team: Financial Service Security Engagement
Instructions:
Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to, and manages investment portfolios for, high net-worth individuals.
Your organization just completed the migration of the account managers to a cloud-based, customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account management systems to improve the sales of investment products to customers and potential customers and for managing customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.
Management hopes the new cloud-based CRM, integrated with the onsite software applications that manage customer accounts and investment portfolios will help the organization to generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue.
The Chief Information Security Officer (CISO) of your organization is concerned about the security of this new system and its integration to existing systems and has requested that your team complete the following 6- to 8-page security analysis in Microsoft Word format:
• Create a plan that addresses the secure use of mobile devices by internal employees

   and external employees as they use mobile devices to access these applications.
• Recommend physical security and environmental controls to protect the data center

   which runs the on-site applications.
• Propose audit assessment and processes that will be used to ensure that the cloud-

    based CRM software provider uses appropriate physical security and environmental

    controls to protect their data centers which run your cloud-based CRM software.
• Develop identity and access management policies for both the onsite systems and the

    cloud-based CRM.
• Recommend cryptography and public key infrastructure (PKI) uses which could be used

    to increase security for these systems.
Submit the assignment.

 

Individual: Penetration Testing Plan

A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.
Take on the role of Penetration Tester for the organization you chose in Week 1.
Complete the Penetration Testing Plan Template to create a Penetration Testing Plan for the organization you chose.
Research/Consider and include the following:
• Pentest Pre-Planning
• Engagement timeline: Tasks and who performs them
• Team location: Where will the penetration team execute their tests? Team location

    can be the location of the teams involved with testing such as IT Operations. It's not

    uncommon for teams to operate in separate locations. Therefore, for this assignment  

    the team location can be San Francisco, CA or it can be at the company

    headquarters such as Seattle, WA. This part is all fictional data so feel free to complete

    this portion of the assignment however you like. If you need ideas, you can look at

     larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they tend

     to share a good deal of information on their websites about their organizations, office

     locations, corporate offices, etc.
• Organization locations tested: multiple locations, countries (export restrictions and

    government restrictions). Organization location can be the headquarters of the

    corporate office (e.g. Seattle, WA).
• Which pentest technologies will be used? Consider the following as you research

    options:
• Scanning Tools: Nmap, Nikto
• Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
• OSINT Tools: Whois, TheHarvester
• Wireless Tools: Aircrack-ng, Kismet
• Networking Tools: Wireshark, Hping
• What client personal are aware of the testing?
• What resources provided to pentest team?
• Test Boundaries:
• What is tested?
• Social engineering test boundaries? What is acceptable?
• What are the boundaries of physical security tests?
• What are the restrictions on invasive pentest attacks?
• What types of corporate policy affect your test?
• Gain Appropriate authorization (Including third-party authorization)
• Pentest Execution Planning: Given the scope and constraints you developed in your

   Pentest Pre-Plan, plan the following pentest execution activities
• Reconnaissance
• Scanning
• Gaining Access
• Maintaining Access
• Covering Tracks
• Pentest Analysis and Report Planning:
• Analyze pentest results
• Report pentest results
• Project sponsor can be CIO, CISO, CEO, the board, etc.
• Business context for penetration test is a business statement for why the test is needed.
• Project scope description can be application testing, internal/external network testing,

    wifi testing, physical security testing, social engineering testing. These are common

   scopes for real-world penetration testing.
• Date prepared & prepared by are the current date and you can list your name.
• Organization location can be the headquarters of the corporate office (e.g. Seattle,

   WA).
• Team location can be the location of the teams involved with testing such as IT

   Operations. It's not uncommon for teams to operate inseparate locations. Therefore, for

   this assignment the team location can be San Francisco, CA or it can be at the

   company headquarters such as Seattle, WA. This part is all fictional data so feel free to

    complete this portion of the assignment however you like. If you need ideas, you can

   look at larger public companies such as Amazon, Google, Microsoft, Apple, etc. as they

   tend to share a good deal of information on their websites about their organizations,

   office locations, corporate offices, etc.
      • Regarding the chart on page 2 in the template that contains ID, Activity, Resource,

    Labor, Material, & Total Cost, here's what to consider for each:
      • ID: simple numbering system (1, 2, 3, etc.)
      • Activity: related activity or specific tasks required to complete the work
      • Resource: resources (tool, etc.) needed to complete the work
      • Labor: how much labor is required by individuals to complete the work
      • Material: what's needed to complete the item
• The items related to the chart on page 2 are all directly related to the work required to complete penetration test activities and manage the effort. Please search the web for examples and some ideas. These numbers and information can be estimates.
Submit the assignment.

 

 

Discussion Questions include THREE (3 each) Answers to each DQ! A+ Work!

 

Discussion: Firewalls and Evasion

Includes THREE (3 Answers) to each DQ!

A firewall is a device that prevents unauthorized access to a host or a network either from within the corporate environment or coming from the public network, like the internet. Generally, there are two types of firewalls. A hardware firewall takes the form of a closed proprietary appliance with its own operating system. This is considered
faster but a bit expensive. A software firewall is installed on a computer and it utilizes the computer's operating system. Firewalls either hardware or software use rules to filter incoming and outgoing traffic to the network.
Discuss how you could use firewalls to support organizational security? What are the advantages and disadvantages of using hardware and software-based firewalls? What software tools could you use to assess the security of the firewalls used to protect your organization's computer architecture? How can you bypass blocked sites using
anonymous website surfing sites?

Discussion: Mobile Device Security

Includes THREE (3 Answers) to each DQ!

Mobile device security continues to increase in importance and has become a key security focus as organizations and individuals protect their information assets and IT technology.
Discuss how you would approach mobile device security for employees, customers, stakeholders, and partners as they use mobile devices to access technology and software applications in the organization you chose in Week 1?
How would you integrate mobile devices with security-enhancing solutions to reduce the risk of hackers targeting them to exploit security vulnerabilities?

 

 

*** BONUS Discussion Questions (and Answers) ***

shown below are also included in the Week 2 tutorials!

 

Supporting Activity: Information Assets

 

Supporting Activity: CIA Triad

 

Supporting Activity: Examples of Information Protection

 

 

CMGT400 WEEK 3 Security Standards, Policies, and Procedures Manual
CMGT400 WEEK 3 Security Standards, Policies, and Procedures Manual
CMGT400 WEEK 3 Security Standards, Policies, and Procedures Manual
CMGT/400 Security Standards, Policies, and Procedures Manual

CMGT/400 Week 3

 

Everything Listed for Week 3 is included in Tutorial purchase!

 

Individual: Security Standards, Policies, and Procedures Manual
Instructions:
Cyber Security Engineers are responsible for safeguarding computer networks and systems in an organization in order to protect the sensitive data they store.
Take on the role of Cyber Security Engineer for the organization you chose in Week 1.
Complete the Security Standards, Policies, and Procedures Template with recommendations to management of security standards, polices, and procedures which should be implemented in your chosen organization.
Research and include the following:
• Explain the importance to your organization of implementing security policies, plans,

   and procedures. Discuss how security policies, plans, and procedures will improve the

  overall security of the organization.

• Recommend appropriate policies and procedures for:
• Data privacy
• Data isolation
• NDA
• IP Protection
• Passwords
• Acceptable use of organizational assets and data
• Employee policies (separation of duties/training)
• Risk response
   • Avoidance
   • Transference
   • Mitigation
   • Acceptance
• Compliance examples that might affect your organization or others [Regulatory,

   Advisory, Informative]
   • HIPPA
   • FERPA
  • ISO
   • NIST
   • SEC
   • Sarbanes/Oxley
• Incident response
   • Preparation
   • Identification
   • Containment
   • Eradication
   • Recovery
   • Lessons learned
• Auditing
• Environmental/Physical
• Administrative
• Configuration
Submit the assignment.

 

 

Discussion Questions include THREE (3 each) Answers to each DQ! A+ Work!

 

Discussion: Industry and Government Regulations

Includes THREE (3 Answers) to each DQ!
Discuss which resource(s) you found to be most useful in terms not only of researching the different types of industry and government regulations that exist, but which industry and government regulations must be implemented for a given security scenario.
What criteria are you using, or thinking of using, to determine which type of industry or government regulation is most appropriate for your particular individual assignment?

Discussion: Protecting Data

Includes THREE (3 Answers) to each DQ!

Consider legal, ethical, and regulatory considerations of protecting data in the context of the organization you chose in Week 1.
Discuss which resource(s) you found to be most useful in terms not only of researching the different types of legal, ethical, and regulatory considerations of protecting data that exist, but also which legal, ethical, and regulatory considerations of protecting data must be implemented for a given security scenario.
What additional considerations need to be addressed when storing and protecting the data of people who live in the European Union?

 

*** BONUS Discussion Questions (and Answers) ***

shown below are also included in the Week 3 tutorials!

 

Supporting Activity: Effective Controls of Health Care Info

 

Supporting Activity: Access Control Methods

 

Supporting Activity: Vulnerabilities in Virtualization

 

 

 

 

CMGT/400 Disaster Recovery and Business Continuity Plan
CMGT400 WEEK 4 Security Risk Mitigation Plan
CMGT400 WEEK 4 Security Risk Mitigation Plan
CMGT400 WEEK 4 Security Risk Mitigation Plan

CMGT/400 Week 4

 

Everything Listed for Week 4 is included in Tutorial purchase!

 

Individual: Security Risk Mitigation Plan
Includes Option#1: Security Risk Mitigation Plan

Includes Option#2: Security Risk Mitigation Plan
A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.
Take on the role of Risk Management Analyst for the organization you chose in Week 1.
Complete the Security Risk Mitigation Plan Template for the organization you chose.
Submit the assignment.

Security Policies and Controls

[Response]

Password Policies

[Response]

Administrator Roles and Responsibilities

[Response]

User Roles and Responsibilities

[Response]

Authentic Strategy

[Response]

Intrusion Detection and Monitoring Strategy

[Response]

Virus Detection Strategies and Protection

[Response]

Auditing Policies and Procedures

[Response]

Education Plan

Develop an education plan for employees on security protocols and appropriate use.
[Response]

Risk Response

Include: Avoidance, Transference, Mitigation, and Acceptance.
[Response]

Change Management/Version Control

[Response]

Acceptable Use of Organization Assets and Data

[Response]

Employee Policies

Explain the separations of duties and training.
[Response]

Incident Response

Document incident types and category definitions, roles and responsibilities, reporting requirements and escalation, and cyber-incident response teams.
[Response]

Incident Response Process

Discuss the incident response process including: preparation, identification, containment, eradication, recovery, and lessons learned.

[Response]

 

Learning Team: Disaster Recovery and Business Continuity Plan

Includes Option #1: DRBC Plan

Includes Option #2: DRBC Plan

Using the financial services scenario from the Week 2 Learning Team assignment, "Financial Service Security Engagement," create an 8- to 10-page Disaster Recovery and Business Continuity Plan with the following:

  • Determine the recovery model for your backup and recovery strategy
  • Design the backup strategy and include a diagram to document your backup strategy. Include recovery steps in your diagram
  • Recommend a schedule for backups
  • Explain how you will test your backup and recovery strategy
    • Recovery sites
      • Hot site
      • Warm site
      • Cold site
    • Order of restoration
    • Backup types
      • Differential
      • Incremental
      • Snapshot
      • Full
    • Geographic considerations
      • Off-site backups
      • Distance
      • Location selection
      • Legal implications
      • Legal implications
      • Data sovereignty
    • Continuity of operation
      • Exercises
      • After-action reports
      • Failover
      • Alternate processing sites
      • Alternate business practices

Submit the assignment.

 


Discussion Questions include THREE (3 each) a\Answers to each DQ! A+ Work!

 

Discussion: Security Risk Management Plan

Includes THREE (3 Answers) to each DQ!
A cybersecurity risk management plan is a plan designed to protect a system exposed to the internet, internal employees, contractors, disasters, failures, etc.
Discuss some common cybersecurity risk response, change management, version control, and incident response processes that you might consider incorporating into the cybersecurity plan you will be creating for this week's individual assignment. Are cybersecurity risk management processes similar from system to system? Where can you
locate best practices for preventing or mitigating cybersecurity risk management Threats?

Discussion: Backup and Recovery
Includes THREE (3 Answers) to each DQ!
Backup and recovery processes serve two important purposes. The first purpose is to recover data after it is lost and the second is to recover data from a prior time. Good, well tested, backup and recovery processes are key to mitigating disasters and recovering from disasters as well as ensure business continuity of operation.
Discuss the recovery model for a backup and recovery strategy. What considerations should you take into account as you determine backup schedules? How will you test the execution of your backup and recovery processes to ensure that they will work appropriately?

 

*** BONUS Discussion Questions (and Answers) ***

shown below are also included in the Week 4 tutorials!

 

Supporting Activity: Technology Knowledge

 

Supporting Activity: Encryption

 

Supporting Activity: Staff Awareness

 

Supporting Activity: Corporate Laptop Policy

 

Supporting Activity: Protection from Ransomware

 

...and many more!

 

CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide
CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide

             CMGT/400 WEEK 5 Secure Staging Evironment Design and Coding Technique Standards Technical Guide

CMGT400 Secure Staging Environment Design and  Coding Technique

CMGT/400 Week 5

 

Everything Listed for Week 5 is included in purchase!

 

Individual: Secure Staging Evironment Design and Coding Technique Standards Technical Guide
Includes Option #1: Secure Staging Guide PLUS Visio Diagram of Staging Environment (Fully Editable Diagram)! A+ Work!

Includes Option #2: Secure Staging Guide w/o Diagram
A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.
Take on the role of Software Engineer for the organization you selected in Week 1.
Use the technical guide template to create a 3- to 4-page Secure Staging Environment Design and Coding Technique Standards Technical Guide for the organization you chose.
Research and include the following:
• Design a secure staging environment for your organization
• Diagram your staging environment
• Include descriptions for each object in your environment
• Create a secure coding technique/quality and testing standard for your organization

    covering the following secure coding techniques:
• Proper error handling
• Proper input validation
• Normalization
• Stored procedures
• Code signing
• Encryption
• Obfuscation/camouflage
• Code reuse/dead code
• Server-side vs. client-side execution and validation
• Memory management
• Use of third-party libraries and ADKs
• Data exposure
• Code quality and testing
• Automation
• Static code analyzers
• Dynamic analysis (e.g. fuzzing)
• Stress testing
• Sandboxing
• Model verification
Submit the assignment.

 

 


Discussion Questions include THREE (3 each) a\Answers to each DQ! A+ Work!

 

Discussion: Secure Application Development

Includes THREE (3 Answers) to each DQ!

Application security is the use of hardware, software, and design, development, and implementation methods to create applications which are protected from cybersecurity threats.
Discuss the methods that should be used during application design, build, and implementation to protect software applications from cybersecurity threats. What hardware and software resources can an organization implement to create more secure software applications?

Discussion: Embedded Systems
Includes THREE (3 Answers) to each DQ!

Embedded systems are being integrated into many products. They are also being used to enable the Internet of Things. As embedded systems become more widespread, they present additional opportunities for hackers to exploit them to gain access to systems and data.
Discuss how organizations should analyze the security implications of embedded systems that they use. What are the consequences of having unprotected Linux operating systems installed on embedded systems? What steps should an organization take to secure the embedded systems that integrate with their technology architecture?

 

*** BONUS Discussion Questions (and Answers) ***

      are also included in the Week 5 tutorials!