280 likes | 293 Views
For more course tutorials visit<br>www.tutorialrank.com<br><br>CMGT 431 Week 4 Lab<br>CMGT 431 Week 5 Lab<br>CMGT 431 Week 1 Encryption Methodologies to Protect an Organizationu2019s Data Paper<br>CMGT 431 Week 1 Discussion Classifying an Organizationu2019s Sensitive Data<br>CMGT 431 Week 2 Discussion Secure Network Architecture<br>
E N D
CMGT 431 Entire Course (New Syllabus) For more course tutorials visit www.tutorialrank.com CMGT 431 Week 4 Lab CMGT 431 Week 5 Lab CMGT 431 Week 1 Encryption Methodologies to Protect an Organization’s Data Paper CMGT 431 Week 1 Discussion Classifying an Organization’s Sensitive Data
CMGT 431 Week 2 Discussion Secure Network Architecture CMGT 431 Week 2 Security Vulnerability Report CMGT 431 Week 3 Discussion Authentication Methodologies CMGT 431 Week 3 Individual Authentication and Authorization Methodologies Presentation
CMGT 431 Week 4 Discussion Audit Process CMGT 431 Week 4 Testing and Assessment Strategies CMGT 431 Week 5 Discussion Incident Response Plan CMGT 431 Week 5 Individual Incident Response Paper CMGT 431 Week 1 Threat Model CMGT 431 Week 2 Security Vulnerability Report (2 Papers) CMGT 431 Week 3 Audit Process Presentation (2 PPT)
CMGT 431 Week 4 Prevention Measures for Vulnerabilities (2 Papers) CMGT 431 Week 5 Learning Team Risk Management & Security Plan (2 PPT) CMGT 431 Week 5 Information Systems Security Implementation Recommendation (1 Paper and 1 PPT) CMGT 431 Week 2 Network Architecture CMGT 431 Week 3 Testing and Assessment Strategies CMGT 431 Week 4 Change Management Plan ============================================== CMGT 431 Week 1 Discussion Classifying an Organization’s Sensitive Data For more course tutorials visit
www.tutorialrank.com Respond to the following in a minimum of 175 words: Organizations need to know the value of their data to find the best way to protect it. The data must be categorized according to the organization’s level of concern for confidentiality, integrity, and availability. The potential impact on assets and operations should be known in case data, systems, and/or networks are compromised (through unauthorized access, use, disclosure, disruption, modification, or destruction). Choose an organization that you are familiar with to study throughout this course. You can use your own employer or another organization. I do encourage you to choose one that you have some experience with as there are significant differences and requirements between the different vertical markets. Based on your chosen organization, ensure you: Discuss the organization’s data. What types of data does it have? Is any of the data subject to regulatory security requirements (FERPA, HIPPA, GDPR, etc.) Is some of the data used or generated outside of the US? Discuss the organization’s categorization of the data based on the Standards for Security Categorization of Federal Information and Information Systems.
============================================== CMGT 431 Week 1 Encryption Methodologies to Protect an Organization’s Data Paper For more course tutorials visit www.tutorialrank.com Week 1 Encryption Methodologies to Protect an Organization’s Data Paper Assignment Content Companies are susceptible to losing sensitive data in many ways, including cyber-attackers and human errors, so it is important for organizations to properly protect their data and network.
In this assignment, you will create an executive summary of your organization's Security Policy for your CSO's (Chief Security Officer) review. Use the organization you chose in the discussion Classifying an Organization's Sensitive Data to frame the recommendations and information that needs to be protected. For example, a company in the Healthcare industry will have patient information that falls under the HIPAA regulations. Write a 2- to 3-page executive summary. Make sure to include the following items: o List the organization’s sensitive data categories that must be protected. o Describe how you are mitigating at least 2 primary threats that could compromise the organization’s data. o Describe how encryption should be implemented to protect the organization’s sensitive data.
Format your assignment and all references and citations according to APA guidelines. Given that this is an academic paper, additional research outside of the class materials to support the assertions in the document is expected. Submit your assignment in Microsoft Word format. ============================================== CMGT 431 Week 2 Discussion Secure Network Architecture For more course tutorials visit www.tutorialrank.com Respond to the following in a minimum of 175 words: It has been stated that an organization’s success securing its assets builds on top of business infrastructure, which includes the appropriate policies, procedures, and processes. Typically this would include business and operational processes, physical and virtual security components and last but by no means least, a secure systems and
network infrastructure. Pick one of these elements and share with the class some of your research. Describe how the component works in an overall cybersecurity architecture. Take care to describe how it provides defense to protect the organization’s data, network, and assets. Explain how the component is secured and how its security interacts with the other elements in the overall infrastructure and how it protects the organization. Cite all sources that you used for your research. ============================================== CMGT 431 Week 2 Security Vulnerability Report For more course tutorials visit www.tutorialrank.com
Individual: Security Vulnerability Report A security vulnerability report identifies the areas of the organization that are at risk of losing data, outages, etc. Typically, organizations categorize the report to focus on specific areas and highlight the level of risk per area. Based on the vulnerability report, organizations are able to plan appropriately for budgeting and resource improvements. Write a 2½- to 3 ½-page security vulnerability report in Microsoft Word based on the organization you chose in Week 1. An internal review of your organization was previously conducted and found the following vulnerabilities: A formal Password Policy has not been developed that meets your organization’s regulatory requirements. The organization only uses single factor authentication using weak passwords. Vulnerability Severity: High Impact: Threats could easily guess weak passwords allowing unauthorized access.
Software configuration management does not exist on your organization’s production servers. There are different configurations on each server and no operating system patching schedule. Vulnerability Severity: Moderate Impact: With ad hoc configuration management, the organization could inadvertently or unintentionally make changes to the servers that could cause a self-imposed denial of service. An Incident Response Plan has not been developed. There is not a formal process for responding to a security incident. Vulnerability Severity: High Impact: In the event of a security incident, an ad hoc process could allow the security incident to get worse and spread throughout the network; the actual attack may not be recognized or handled in a timely manner giving the attacker more time to expand the attack.
Consider people, processes, and technology that can be exploited by the source of a threat. Include recommended countermeasures to mitigate the impacts and risks of the vulnerabilities. Format your citations according to APA guidelines. Submit your assignment. ============================================== CMGT 431 Week 3 Discussion Authentication Methodologies
For more course tutorials visit www.tutorialrank.com Respond to the following in a minimum of 175 words: Authentication ensures only authorized users are allowed into an organization’s network. As threats become more sophisticated, it is critical to have strong authentication in place from the policy, process, and technology perspective. Research identification and authorization, comparing and contrasting their strengths and weaknesses. Describe the various mechanisms for implementing authentication to access a network. Why is single factor authentication not enough protection in today’s network environment? What are some of the newer methods that address this deficiency? Discuss how integration of Identity-as-a-Service (IDaaS) might be used to improve authentication capabilities in your chosen organization. Due Monday Reply to at least 2 of your classmates. Be constructive and professional in your responses. Cite your sources for all research and analysis.
Bottom of Form ============================================== CMGT 431 Week 3 Individual Authentication and Authorization Methodologies Presentation For more course tutorials visit www.tutorialrank.com Individual Authentication and Authorization Methodologies Presentation Once a user is authenticated in an organization’s network, that user is authorized to access certain data based on the information security principle of least privilege.
Your CEO and CIO need options for the organization’s authentication and authorization methodologies. Recommendations should include how to mitigate the impact and risks from vulnerabilities. Create an 9- to 11-slide, media-rich presentation in Microsoft® PowerPoint® for the organization you chose in Week 1, and ensure you provide: Descriptions of at least 3 roles employed in the organization you chose in Week 1 Descriptions of at least 3 common attacks against access control methods, including the password policy vulnerability as described in the vulnerability report Countermeasures to reduce vulnerabilities and mitigate potential attacks on access control methods
Note: A media-rich presentation should include multimedia such as graphics, pictures, video clips, or audio. Format your citations according to APA guidelines. Submit your assignment. ============================================== CMGT 431 Week 4 Discussion Audit Process For more course tutorials visit www.tutorialrank.com Respond to the following in a minimum of 175 words:
Organizations contract or hire individuals or consulting companies with specific skills to conduct internal audits. This is done to ensure their organizations are following their documented policies, procedures, and processes. In addition, federal mandates placed on organizations require continuous audits, leading organizations to contract outside auditors to work with their internal auditors and determine the health of the organization. These audits can take many forms, including financial (SOX), organizational (ISO 9001) or Security (ISO 27000, PCI DSS Compliance, etc.) Identify the internal and external processes used for IT Security audits for the organization you researched in Week 1. What are the differences between internal and external audits? ============================================== CMGT 431 Week 4 Lab For more course tutorials visit www.tutorialrank.com CMGT 431 Week 4 Lab ==============================================
CMGT 431 Week 4 Testing and Assessment Strategies For more course tutorials visit www.tutorialrank.com Refer to NIST SP 800-53 (Rev. 4) [https://nvd.nist.gov/800-53] for the 18 candidate security control families and associated security controls. Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.
For this assignment, use the organization you choose. Part I: Mapping Vulnerabilities to Security Controls Choose 5 distinct security control families as specified in NIST SP 800- 53 (Rev. 4) that are most applicable to your organization’s known vulnerabilities. Create a 1-page spreadsheet in Microsoft® Excel® that identifies the following criteria for each family: Control ID Control Name
Vulnerability Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation) Part II: Security Controls Testing Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination. Example of Security Controls Testing Table: Example of Security Controls Testing Table
Part III: Penetration Testing and Vulnerability Scanning Provide a 1-page description of penetration testing and vulnerability scanning processes. Describe how they are used as part of the organization’s testing and assessment strategy.
Format your citations according to APA guidelines. ============================================== CMGT 431 Week 5 Discussion Incident Response Plan For more course tutorials visit www.tutorialrank.com Respond to the following in a minimum of 175 words: An incident response plan (IRP) is a set of procedures to help an organization detect, respond to, and recover from security incidents. List the roles and responsibilities that are included in an IRP. Pick one that you think is critical to the successful response for your chosen organization to a security incident and discuss it in detail on how it helps contain the threat. Discuss how your organization (from Week 1) might respond to at least one cyberattack. Is the organization ready for an attack and if not what needs to be changed to make it more ready?
Due Monday Reply to at least 2 of your classmates. Be constructive and professional in your responses. Please cite all your research used in your analysis. ============================================== CMGT 431 Week 5 Individual Incident Response Paper For more course tutorials visit www.tutorialrank.com Individual Incident Response Paper Cyber security tools are available to organizations requiring integration of its problem management, configuration management, and incident management processes.
The CEO and CIO need you and your team to create an IRP and change management plan. These plans will help the organization choose the appropriate cyber security tool. Part I: Incident Response Plan Incident response is a disciplined methodology for managing the aftermath of a security breach, cyberattack, or some other security incident. An IRP provides an organization procedures that effectively limit the impact on the data, system, and business and reduces recovery time and overall cost.
Create a 1- to 2-page IRP Microsoft Word for the organization you chose in Week 1. In your plan, ensure you: Discuss roles and responsibilities. Discuss the critical activities for each of the 5 phases in the incident response process. List at least 3 cyber security tools that work together to monitor the organization’s network for malicious and abnormal activity. Part II: Change Management Plan Change management plans define the process for identifying, approving, implementing, and evaluating necessary changes due to new
requirements, risks, patches, maintenance, and errors in the organization’s networked environment. Create a 1- to 2-page Change Management Plan in Microsoft Word for your chosen organization. In your plan, ensure you discuss: Roles and responsibilities The use of swim lanes and callouts Who should be involved in developing, testing, and planning Who reviews and signs off on the change management requests Briefly describe how a change management plan reduces the organization’s risk from known threats.
Part III: Cyber Security Tool Comparison Create a 1- to 2-page table that compares two of the industry standard tools that integrate incident management and change management. Recommend the best tool for the organization to the CEO and CIO. Explain how it maintains compliance with the organization’s regulatory requirements.
Format your citations according to APA guidelines. Submit your assignment. ============================================== CMGT 431 Week 5 Lab For more course tutorials visit www.tutorialrank.com CMGT 431 Week 5 Lab ==============================================