CMGT/431 Week 1

All Options listed below are Included in the Week 1 tutorial purchase!

Individual: Encryption Methodologies to Protect an Organization’s Data Paper

Includes Option #1

Includes Option #2

Includes Option #3

Includes Option #4

Companies are susceptible to losing customer data to cyber-attackers and human errors, so organizations must properly protect their data and network.  In this assignment, you will create an Encryption Policy for CIO review. Use the organization you chose in the discussion Classifying an Organization's Sensitive Data.

Write a 2- to 2½-page policy, and ensure you:

• List the organization’s sensitive data that must be protected.
• Complete a matrix that compares the asymmetric and symmetric encryption methodologies (PKI, TLS, SSL) for protecting data within the network.
• Describe at least 2 primary threats that could compromise the organization’s data.
• Describe the encryption methodologies that should be implemented to protect the organization’s sensitive data.

Format your citations according to APA guidelines.

Submit your assignment

Includes Week 1 LABS

Exercise 1. Restricting Local Accounts

Exercise 2. Reviewing an Authorization Letter for Penetration Testing

Exercise 2. How to Observe SHA-Generated Hash Value

Exercise 3. How to OpenSSL to Create a public/Private Key Pair

Week 1 Discussion Question

Organizations need to know the value of their data to find the best way to protect it. The data must be categorized according to the organization’s level of concern for confidentiality, integrity, and availability. The potential impact on assets and operations should be known in case data, systems, and/or networks are compromised (through unauthorized access, use, disclosure, disruption, modification, or destruction).

Choose an organization from the Health Care, Finance, or Education sector to study throughout this course. 

Based on your chosen organization, ensure you:

• Discuss the organization’s data.
• Discuss the organization’s categorization of the data based on the Standards for Security Categorization of Federal Information and Information Systems. 

CMGT/431 Week 2

Individual: Security Vulnerability Report

Includes Option #1

Includes Option #2

A security vulnerability report identifies the areas of the organization that are at risk of losing data, outages, etc. Typically, organizations categorize the report to focus on specific areas and highlight the level of risk per area. Based on the vulnerability report, organizations are able to plan appropriately for budgeting and resource improvements. Write a 2½- to 3 ½-page security vulnerability report in Microsoft Word based on the organization you chose in Week 1. An internal review of your organization was previously conducted and found the following vulnerabilities:

• A formal Password Policy has not been developed that meets your organization’s regulatory requirements.
• The organization only uses single factor authentication using weak passwords.
• Vulnerability Severity: High
• Impact: Threats could easily guess weak passwords allowing unauthorized access.
• Software configuration management does not exist on your organization’s production servers.
• There are different configurations on each server and no operating system patching schedule.
• Vulnerability Severity: Moderate
• Impact: With ad hoc configuration management, the organization could inadvertently or unintentionally make changes to the servers that could cause a self-imposed denial of service.
• An Incident Response Plan has not been developed.
• There is not a formal process for responding to a security incident.
• Vulnerability Severity: High
• Impact: In the event of a security incident, an ad hoc process could allow the security incident to get worse and spread throughout the network; the actual attack may not be recognized or handled in a timely manner giving the attacker more time to expand the attack.

Consider people, processes, and technology that can be exploited by the source of a threat.

Include recommended countermeasures to mitigate the impacts and risks of the vulnerabilities.

Format your citations according to APA guidelines.

Submit your assignment.

Includes Week 2 LABS

Securing  Network Architecture and  Securing Network Components

Secure Communications and Network Attacks

Supporting Activity: Cryptography
Complete the Written Lab exercise below from Ch. 6, CISSP (ISC)2 Certified Information Systems Security Professional Official Study Guide:
    • Encrypt the message "I will pass the CISSP exam and become certified next month"

        using columnar transposition with the keyword SECURE
    • Decrypt the message "F R Q J U D W X O D W L R Q V B R X J R W L W" using the Caesar

        ROT3 substitution cipher.
Submit the lab using the Assignment Files tab.

CMGT/431 Week 3

Note: Both Word doc and PowerPoints are included in tutorial purchase because some Instructors are requesting a presentation and some want it in a Word document.

Individual: Authentication and Authorization Methodologies

Includes 3-page paper in Word - Option #1

Once a user is authenticated in an organization’s network, that user is authorized to access certain data based on the information security principle of least privilege. 

Your CEO and CIO need options for the organization’s authentication and authorization methodologies. Recommendations should include how to mitigate the impact and risks from vulnerabilities.

Write a 3-page Authentication and Authorization Methodologies Paper in Microsoft Word based on the organization you chose in Week 1. Include in the paper:

• Descriptions of at least 3 roles employed in the organization you chose in Week 1
• Descriptions of at least 3 common attacks against access control methods, including the password policy vulnerability as described in the vulnerability report
• Countermeasures to reduce vulnerabilities and mitigate potential attacks on access control methods

Note: A media-rich presentation should include multimedia such as graphics, pictures, video clips, or audio.

Format your citations according to APA guidelines.

Submit your assignment.

Authentication and Authorization Methodologies Presentation

Includes PowerPoint Presentation - Option #1

Includes PowerPoint Presentation - Option #2

Includes PowerPoint Presentation - Option #3

Includes PowerPoint Presentation - Option #4

Includes PowerPoint Presentation - Option #5

Once a user is authenticated in an organization’s network, that user is authorized to access certain data based on the information security principle of least privilege. 

Your CEO and CIO need options for the organization’s authentication and authorization methodologies. Recommendations should include how to mitigate the impact and risks from vulnerabilities.

Create an 9- to 11-slide, media-rich presentation in Microsoft® PowerPoint® for the organization you chose in Week 1, and ensure you provide:
Descriptions of at least 3 roles employed in the organization you chose in Week 1
Descriptions of at least 3 common attacks against access control methods, including the password policy vulnerability as described in the vulnerability report
Countermeasures to reduce vulnerabilities and mitigate potential attacks on access control methods

Note: A media-rich presentation should include multimedia such as graphics, pictures, video clips, or audio.

Format your citations according to APA guidelines.

Submit your assignment.

Includes Week 3 LABS - uCertify

1. Drag the access control types to match them with their descriptions.

2. Drag the authorization mechanisms to match them with their descriptions.

3. Drag the authentication services to match them with their descriptions.

4. Drag the types of attack to match them with their descriptions.

5. Drag the social engineering attacks to match them with their descriptions

Includes Week 3 Performance-based LABS uCertify (Screenshots)

Discussion Question
Effective Controls of Health Care Information
Write a >150-word short-answer response to the following:

What are three controls that would be effective in protecting health care information?
For each item, describe the risk in your own terms and how the controls address that risk. Also, discuss how applicable the same risks and controls are to other organizations.

CMGT/431 Week 4

Refer to NIST SP 800-53 (Rev. 4) for the 18 candidate security control families and associated security controls.

Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.

For this assignment, use the organization you chose in Week 1.

Part I: Mapping Vulnerabilities to Security Controls

Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization’s known vulnerabilities.

Create a 1-page spreadsheet in Microsoft Excel that identifies the following:

• Family (2 points each - 10 points total)
• Criteria for each family: (8 points each - 40 points total)
• Control ID
• Control Name
• Vulnerability
• Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)
• Security Controls Testing (10 points each - 50 points total)
• Testing Procedure - describe the testing procedure that will mitigate the vulnerability.
• Testing Procedure Type (Interview, Observation, Technical Test, or Combination).

Part II: Penetration Testing and Vulnerability Scanning

Provide answers to the following question in a Word document. Format the Document with your name and the class at the top, list the questions followed by your answers. The questions are worth 10 points each.

o Describe penetration testing.
o Describe vulnerability scanning.
o How do penetration testing and vulnerability scanning differ from each other?
o How are penetration testing and vulnerability scanning used as part of the organization’s testing and assessment

    strategy?
o How should IT Teams handle the results from penetration testing and vulnerability scanning?

Submit your assignment.

Part II: Security Controls Testing

Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. 

Annotate whether the testing procedure is an interview, observation, technical test, or a combination. Example of Security Controls Testing Table:

Part III: Penetration Testing and Vulnerability Scanning

Provide a 1-page description of penetration testing and vulnerability scanning processes.

Describe how they are used as part of the organization’s testing and assessment strategy.

Format your citations according to APA guidelines. Submit your assignment.

Includes Week 4 CMGT/431 Connect the Idea Quiz

1. Drag the component of security assessment program to its description. Each component may be associated with more than one description.
2. Click to select the factors to consider when scheduling security controls for review.
3. Click to select the phases of the penetration testing, and then drag them into the correct order.
4. Fill in the blanks by selecting the appropriate terms related to penetration test from the lists.
5. Drag the network discovery scanning technique to the matching description.
6. Drag the SCAP (Security Content Automation Protocol) component to the matching description.
7. Select the port number of the protocols from the lists.
8. Fill in the blank by selecting the appropriate value from the list to analyze the test coverage of a software.
9. Drag the type of software testing to its description.
10. Drag the type of interface from the bottom onto its description.
11. Click to select metrics required to monitor key performance and risk indicators.
12. Drag the type of intrusion detection system (IDS) from the bottom onto its description. Each type may be associated with more than one description.
13. Select the steps involved in managing incident response from the lists.
14. Fill in the blanks by dragging the appropriate type of attack from the bottom onto their correct boxes.
15. Select the types of log from the lists.
16. Drag the type of DLP system from the bottom onto its description. Each type may be associated with more than one description.

Includes Week 4 uCertify LABS

Configuring User Access Control Setting

Scanning Ports Using Metasploit

Conducting Vulnerability Scanning using Nessus

Using nMap for scanning

CMGT/431 Week 5

Individual: Incident Response Paper

Includes Option #1

Includes Option #2

Includes Option #3

Includes Option #4

Includes Option #4

Cyber security tools are available to organizations requiring integration of its problem management, configuration management, and incident management processes. 

The CEO and CIO need you and your team to create an IRP and change management plan. These plans will help the organization choose the appropriate cyber security tool.

Part I: Incident Response Plan

Incident response is a disciplined methodology for managing the aftermath of a security breach, cyberattack, or some other security incident. An IRP provides an organization procedures that effectively limit the impact on the data, system, and business and reduces recovery time and overall cost. 

Create a 1- to 2-page IRP Microsoft Word for the organization you chose in Week 1. In your plan, ensure you:

• Discuss roles and responsibilities.
• Discuss the critical activities for each of the 5 phases in the incident response process.
• List at least 3 cyber security tools that work together to monitor the organization’s network for malicious and abnormal activity.

Change management plans define the process for identifying, approving, implementing, and evaluating necessary changes due to new requirements, risks, patches, maintenance, and errors in the organization’s networked environment.

Create a 1- to 2-page Change Management Plan in Microsoft Word for your chosen organization. In your plan, ensure you discuss:

• Roles and responsibilities
• The use of swim lanes and callouts
• Who should be involved in developing, testing, and planning
  Who reviews and signs off on the change management requests
• Briefly describe how a change management plan reduces the organization’s risk from known threats.

Create a 1- to 2-page table that compares two of the industry standard tools that integrate incident management and change management. 

Recommend the best tool for the organization to the CEO and CIO.

Explain how it maintains compliance with the organization’s regulatory requirements.

Format your citations according to APA guidelines.

Submit your assignment.

Includes Connect the Idea LABS

1. Drag the concept for implementing need to know and least privilege to its description.

2. Select the methods of protecting information throughout its life cycle from the lists.

3. Drag the virtual asset within SDx to its description.

4. Drag the type of service model to its description.

5. Click to select the steps for creating and deploying baseline images, and then drag them into the correct order.\

6. Fill in the blank with the appropriate term.

7. Select the steps involved in managing incident response from the lists.

8. Drag the type of intrusion detection system (IDS) from the bottom onto its description. Each type may be associated with more than one descritpion.

9. Fill in the blanks by dragging the appropriate type of attack from the bottom onto their correct boxes.

10. Select the types of log from the lists.

11. Drag the type of DLP system from the bottom onto its description. Each type may be associated with more than one description.

12. Click to select the steps within an effective patch management program, and then drag them in the correct order.

13. Drag the steps used in the incident response management process from the bottom onto the appropriate placeholders.

Also, Includes Screenshots for the following u-Certify LABS:

From the desktop, open Firefox.

In the address bar, type IP address as 192.168.137.18 and press Enter.

At the Login page, verify Username as admin and click SIGN IN.

In the pfSense.localdomain - Status: Dashboard window, under the pfSense dashboard, at the upper right corner, click the menu () icon and navigate to Firewall > Rules.

In the pfSense.localdomain - Firewall: Rules: WAN window, scroll down and click the Add rule to the top of the list  icon.

In the pfSense.localdomain - Firewall: Rules: Edit window, verify Action is selected as Pass and scroll down, under Source, from the Source list, select WAN address.

Click Display Advanced and under Source Port Range, from the Source Port Range list, select HTTP (80).

Click Display Advanced and under Source Port Range, from the Source Port Range list, select FTP (21).

Click Save and in the pfSense.localdomain - Firewall: Rules: WAN window, click Apply Changes.