CMGT/431 Information Systems Security

CMGT/431 Threat Model Week 1
CMGT/431 Threat Model Week 1
CMGT431 Threat Model

CMGT/431 Week 1

All Options listed below are Included in the Week 1 tutorial purchase!


Individual: Encryption Methodologies to Protect an Organization’s Data Paper

Includes Option #1

Includes Option #2

Includes Option #3

Includes Option #4

Companies are susceptible to losing customer data to cyber-attackers and human errors, so organizations must properly protect their data and network.  In this assignment, you will create an Encryption Policy for CIO review. Use the organization you chose in the discussion Classifying an Organization's Sensitive Data.

Write a 2- to 2½-page policy, and ensure you:

    • List the organization’s sensitive data that must be protected.
    • Complete a matrix that compares the asymmetric and symmetric encryption methodologies (PKI, TLS, SSL) for protecting data within the network.
    • Describe at least 2 primary threats that could compromise the organization’s data.
    • Describe how the encryption methodologies that should be implemented to protect the organization’s sensitive data.

Format your citations according to APA guidelines.

Submit your assignment



CMGT/431 Security Vulnerability Report
CMGT/431 Week 2 Cryptology
cmgt/431 security vulnerability report

CMGT/431 Week 2

Individual: Security Vulnerability Report

Includes Option #1

Includes Option #2

A security vulnerability report identifies the areas of the organization that are at risk of losing data, outages, etc. Typically, organizations categorize the report to focus on specific areas and highlight the level of risk per area. Based on the vulnerability report, organizations are able to plan appropriately for budgeting and resource improvements. Write a 2½- to 3 ½-page security vulnerability report in Microsoft Word based on the organization you chose in Week 1. An internal review of your organization was previously conducted and found the following vulnerabilities:

    • A formal Password Policy has not been developed that meets your organization’s regulatory requirements.
    • The organization only uses single factor authentication using weak passwords.
    • Vulnerability Severity: High
    • Impact: Threats could easily guess weak passwords allowing unauthorized access.
    • Software configuration management does not exist on your organization’s production servers.
    • There are different configurations on each server and no operating system patching schedule.
    • Vulnerability Severity: Moderate
    • Impact: With ad hoc configuration management, the organization could inadvertently or unintentionally make changes to the servers that could cause a self-imposed denial of service.
    • An Incident Response Plan has not been developed.
    • There is not a formal process for responding to a security incident.
    • Vulnerability Severity: High
    • Impact: In the event of a security incident, an ad hoc process could allow the security incident to get worse and spread throughout the network; the actual attack may not be recognized or handled in a timely manner giving the attacker more time to expand the attack.

Consider people, processes, and technology that can be exploited by the source of a threat.

Include recommended countermeasures to mitigate the impacts and risks of the vulnerabilities.

Format your citations according to APA guidelines.

Submit your assignment.


Supporting Activity: Cryptography
Complete the Written Lab exercise below from Ch. 6, CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide:
    • Encrypt the message "I will pass the CISSP exam and become certified next month"

        using columnar transposition with the keyword SECURE
    • Decrypt the message "F R Q J U D W X O D W L R Q V B R X J R W L W" using the Caesar

        ROT3 substitution cipher.
Submit the lab using the Assignment Files tab.


CMGT/431 Authentication and Authorization Methodologies Presentation
CMGT/431 Authentication and Authorization Methodologies Presentation


CMGT/431 Week 3


Individual: Authentication and Authorization Methodologies Presentation


Once a user is authenticated in an organization’s network, that user is authorized to access certain data based on the information security principle of least privilege. 

Your CEO and CIO need options for the organization’s authentication and authorization methodologies. Recommendations should include how to mitigate the impact and risks from vulnerabilities.

Create an 9- to 11-slide, media-rich presentation in Microsoft® PowerPoint® for the organization you chose in Week 1, and ensure you provide:

  • Descriptions of at least 3 roles employed in the organization you chose in Week 1
  • Descriptions of at least 3 common attacks against access control methods, including the password policy vulnerability as described in the vulnerability report
  • Countermeasures to reduce vulnerabilities and mitigate potential attacks on access control methods

Note: A media-rich presentation should include multimedia such as graphics, pictures, video clips, or audio.

Format your citations according to APA guidelines.

Submit your assignment.



CMGT/431 Week 4 Change Management Plan
CMGT/431 Week 4 Change Management Plan


CMGT/431 Week 4

Individual: Change Management Plan

Refer to NIST SP 800-53 (Rev. 4)for the 18 candidate security control families and associated security controls.

Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.

For this assignment, use the organization you chose in Week 1.


Part I: Mapping Vulnerabilities to Security Controls

Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization’s known vulnerabilities.

Create a 1-page spreadsheet in Microsoft® Excel® that identifies the following criteria for each family:
Control ID
Control Name
Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)


Part II: Security Controls Testing

Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.

Example of Security Controls Testing Table:


Part III: Penetration Testing and Vulnerability Scanning

Provide a 1-page description of penetration testing and vulnerability scanning processes.

Describe how they are used as part of the organization’s testing and assessment strategy.

Format your citations according to APA guidelines.

Submit your assignment.



CMGT/431 Incident Response Paper
CMGT/431 Incident Response Paper


CMGT/431 Week 5

Individual: Incident Response Paper

Cyber security tools are available to organizations requiring integration of its problem management, configuration management, and incident management processes. 

The CEO and CIO need you and your team to create an IRP and change management plan. These plans will help the organization choose the appropriate cyber security tool.


Part I: Incident Response Plan

Incident response is a disciplined methodology for managing the aftermath of a security breach, cyberattack, or some other security incident. An IRP provides an organization procedures that effectively limit the impact on the data, system, and business and reduces recovery time and overall cost. 

Create a 1- to 2-page IRP Microsoft Word for the organization you chose in Week 1. In your plan, ensure you:
Discuss roles and responsibilities.
Discuss the critical activities for each of the 5 phases in the incident response process.
List at least 3 cyber security tools that work together to monitor the organization’s network for malicious and abnormal activity.


Part II: Change Management Plan

Change management plans define the process for identifying, approving, implementing, and evaluating necessary changes due to new requirements, risks, patches, maintenance, and errors in the organization’s networked environment.

Create a 1- to 2-page Change Management Plan in Microsoft Word for your chosen organization. In your plan, ensure you discuss:
Roles and responsibilities
The use of swim lanes and callouts
Who should be involved in developing, testing, and planning
Who reviews and signs off on the change management requests

Briefly describe how a change management plan reduces the organization’s risk from known threats.


Part III: Cyber Security Tool Comparison

Create a 1- to 2-page table that compares two of the industry standard tools that integrate incident management and change management. 

Recommend the best tool for the organization to the CEO and CIO.

Explain how it maintains compliance with the organization’s regulatory requirements.

Format your citations according to APA guidelines.

Submit your assignment.