SEC 280 Entire
Course New
Principles Info
System Security
Click Link Below To Buy:
Contact Us:
Hwcoursehelp@gmail.com
SEC
280 Entire Course Principles Info System Security
A+
NEW
SEC 280 Case Studies Week 1-6
SEC 280 Case Study Week 1 Ping
Sweeps and Port Scans
Your boss has just heard about some
nefarious computer activities called ping sweeps and port scans. He wants to
know more about them and what their impact might be on the company. Write a
brief description of what they are, and include your assessment of whether the
activities are something to worry about or not. This assignment requires two to
three pages, based upon the APA style of writing.
Preview:
One main security threat is the
reconnaissance attack, which includes the two main types of threat that can
affect a company’s network — ping sweeps and port scans. These are the
unauthorized discovery of systems, which can lead to…
SEC 280 Case Study Week 2
Information Security Officer
You are the Information Security
Officer at a medium-sized company (1,500 employees). The CIO asks you to
explain why you believe it is important to secure the Windows and Unix/Linux
servers from known shortcomings and vulnerabilities. Explain to your CIO what
you can do to make sure the network infrastructure is more secure.
Preview:
The company has a network of Windows
and Linux servers, business products, and network management tools.
Employees use mobile devices with business applications installed for higher
productivity. In this regard, the IT network has to function at its
optimum best so that the business functions smoothly. However, network security
risk is a…
SEC 280 Case Study Week 3 ABC
Institute
ABC Institute of Research has
sensitive information that needs to be protected from its rivals. The Institute
has collaborated with XYZ Inc. to research genetics. The information must be
kept top secret at any cost. At ABC Institute, the researchers are unsure about
the type of key (asymmetric or symmetric) to use. Please formulate a possible
solution, and describe the advantages and disadvantages of any solution
employed.
This assignment requires two to
three pages in length, based upon the APA style of writing.
Preview:
There is much information available
in the digital form. Some of it is personal; some public; and some are
confidential and sensitive in nature. It is important to protect such
information so that its confidentiality, integrity, and availability are not
compromised upon. It has to be protected throughout the lifecycle of
information creation, modification, storage, and disposal. If it falls
into the wrong hands, it can be…
SEC 280 Case Study Week 4 Computer
Security
Case Study
Computer security is not an issue
for organizations alone. Anyone whose personal computer is connected to a
network or the Internet faces a potential risk of attack. Identify all the
potential security threats on a personal computer. Identify some of the
techniques an attacker might employ to access information on the system.
This assignment requires two to
three pages in length, based upon the APA style of writing.
Use transition words; a thesis
statement; an introduction, body, and conclusion; and a reference page with at
least two references. Use double-spaced, Arial font, size 12.
Preview:
Nearly18 million people in the
United States were victims of identity theft, which mainly targeted people’s
credit cards and bank accounts (Williams, 2015). There are a lot of malicious
attacks on personal computers. These attacks can make the computer unusable and
also compromise the user’s confidential information, as well as that of the
network they are connected to. Hackers constantly…
SEC 280 Case Study Week 5 An
Information Security Engineer
Case
Study
You have just been hired as an
Information Security Engineer for a large, multi-international corporation.
Unfortunately, your company has suffered multiple security breaches that have
threatened customers’ trust in the fact that their confidential data and financial
assets are private and secured. Credit-card information was compromised by an
attack that infiltrated the network through a vulnerable wireless connection
within the organization. The other breach was an inside job where personal data
was stolen because of weak access-control policies within the organization that
allowed an unauthorized individual access to valuable data. Your job is to
develop a risk-management policy that addresses the two security breaches and
how to mitigate these risks.
This assignment requires two to
three pages in length, based upon the APA style of writing.
Use transition words; a thesis
statement; an introduction, body, and conclusion; and a reference page with at
least two references. Use double-spaced, Arial font, size 12.
Preview:
Risk is the negative effect of an
event or action or the probability of the event or action and its impact.
On the other hand, risk management is the process of identifying and
calculating the effect of the negative impacts, taking steps to avoid or mitigate
risks, and accepting and managing risks that cannot be avoided or
mitigated. The organization should have a…
SEC 280 Case Study Week 6 Gem
Infosys
Case
Study
Gem Infosys, a small software
company, has decided to better secure its computer systems after a malware
attack shut down its network operations for 2 full days. The organization uses
a firewall, three file servers, two Web servers, one Windows 2008 Active
Directory server for user access and authentication, ten PCs, and a broadband
connection to the Internet. The management at Gem needs you to formulate an
incident-response policy to reduce network down time if future incidents occur.
Develop an incident-response policy that covers the development of an
incident-response team, disaster-recovery processes, and business-continuity
planning. This assignment requires two to three pages in length, based
upon the APA style of writing.
Preview:
In the technology industry, a
company is never 100% secure against unauthorized access, virus attacks,
malware attacks, hacking, disasters, and theft of software and hardware. It is
therefore important to have an action plan ready to manage incidents that attack
the system. An action plan to manage the…
SEC 280 Quiz Week 1-6
SEC 280 Quiz Week 1
(TCO 1) Ensuring that an individual
is who he or she claims to be is the function of _____.
Confidentiality
Integrity
Availability
Authentication
Nonrepudiation
(TCO 1) Background checks, drug
testing, retirement, and termination are elements found in what type of policy?
Due diligence
Human resources
Equal opportunity
Privacy
(TCO 1) What is an elite hacker?
A hacker with a high level of
technical ability
A hacker who is wealthy and who is
politically motivated
A hacker who has elitist ideas and
hacks for political purposes
A hacker who searches for scripts
and ready-made tools to use for attacks
(TCO 1) What is a port scan?
It identifies what ports can be used
to smuggle information across borders
It identifies ports that are open
and services that are running
It identifies the USB, parallel, and
serial ports that can be used to connect to the system
It identifies the IP addresses of
computers on the network
(TCO 1) Who is Kevin Mitnick?
He used social engineering,
sniffers, and cloned cell phones to gain unauthorized access to networks
belonging to Motorola, Novell, Fujitsu, and Sun Microsystems
He made bank transfers from St.
Petersburg using the Citibank cash-management system
He gained access to a loop carrier
system operated by NYNEX and cut off FAA control tower and emergency services
He developed the Love Bug love-letter
virus that spread to 45 million people
(TCO 1) When information is
disclosed to individuals who are not authorized to see it, a _____ has been
suffered
Loss of confidentiality
Loss of integrity
Loss of functionality
Loss of availability
(TCO 1) What is the most common name
for the first large-scale attack on the Internet, which occurred in November of
1988?
The Code Red Worm
The Morris Worm
The Slammer Worm
The Jester Worm
(TCO 1) Each of the infected systems
became part of what is known as a bot network, which could be used to cause a
DoS attack on a target or to forward spam e-mail to millions of users as a
result of the _____.
Slammer Worm
Morris Worm
Conficker
Melissa Worm
(TCO 1) As the level of
sophistication of attacks has increased, _____.
The level of knowledge necessary to
exploit vulnerabilities has increased
The level of knowledge necessary to
exploit vulnerabilities has decreased
The level of skill necessary to
exploit vulnerabilities has increased
The amount of exploit software
available on the Internet has decreased
(TCO 1) When users are unable to
access information or the systems processing information, they may have
suffered a_____.
Loss of confidentiality
Loss of integrity
Loss of functionality
Loss of availability
SEC 280 Quiz Week 2
(TCO 2) Pretty good privacy (or PGP)
is _____.
A privacy group that fights
against the government
A common encryption method for
e-mail
A password-management system
A method of securing an
operating-system kernel
(TCO 2) All of the following are techniques
used by a social engineer except _____.
When an attacker replaces a blank
deposit slip in a bank lobby with one containing his account number
When an attacker calls up the IT
department posing as an employee and requests a password
When an attacker runs a brute-force
attack on a password
When an attacker sends a forged
e-mail with a link to a bogus website that has been set to obtain personal
information
(TCO 2) When creating a password,
users tend to use _____.
All capital letters
Passwords that are too long
Names of family members, pets, or
teams
Numbers only
(TCO 2) What is PKCS?
One of the standards used in
implementing a public-key infrastructure
A method of private cryptography
used by the military
A method of encrypting e-mail from
the IRS
The method of encryption that used a
40 bit encryption key
(TCO 8) Which law mandates
that information that is no longer needed must be properly disposed of, either
by burning, pulverizing, or shredding?
FCRA
PCI DSS
FACTA
GBLA
(TCO 8) The Wassenaar Arrangement
can be described as which of the following?
An international arrangement on
export controls for conventional arms as well as dual-use goods and
technologies
An international arrangement on
import controls
A rule governing the import of
encryption in the United States
A rule governing the export of
encryption in the United States
(TCO 8) What do you call a law
that is based on previous events or precedents?
Statutory law
Administrative law
Common law
Blue law
(TCO 8) Which of the following is a
standard that provides guidance and the level of expected
protection on the elements of a credit-card transaction that needs
protection?
FCRA
PCI DSS
FACTA
GBLA
(TCO 8) The Electronic
Communications Privacy Act (ECPA) of 1986 _____.
Implements the principle that a
signature, contract, or other record may not be deleted
Denies legal effect, validity, or
enforceability solely because it is in electronic form
Addresses a myriad of legal privacy
issues that resulted from the increasing use of computers and other technology
specific to telecommunications
Makes it a violation of federal law
to knowingly use another’s identity
Is a major piece of legislation
affecting the financial industry and containing significant privacy provisions
for individuals
(TCO 8) A video rental store shares
its customer database with a private investigator. The rental store may have
violated which law?
COPPA
VPPA
FERPA
CFAA
SEC 280 Quiz Week 3
(TCO 4) The difference between
centralized and decentralized infrastructures is _____.
That the key pairs and certificates
do not have a set lifetime in centralized infrastructures
That the location where the
cryptographic key is generated and stored is different
That the network administrator sets
up the distribution points in centralized infrastructures
That, in a decentralized
infrastructure, the certificate may have an extended lifetime
(TCO 4) Agents intercept
an encrypted message. They use various techniques to try to
decipher the plain-text message. This is an example of _____.
Desteganographying
Decrypting
Uncrypting
Cryptanalysis
(TCO 4) The cipher that replaces
each letter of the alphabet with a different letter (not in sequence) is
a _____.
Shift cipher
Substitution cipher
Transposition cipher
Vigenère cipher
(TCO 4) Why construct and
implement a PKI?
To eliminate certificate authorities
To provide identification to
individuals and to ensure availability
To provide a higher level of trust
than can be obtained through other applications and protocols
To enable a centralized
directory to store the registered certificate and to distribute private
keys to users who request them
(TCO 4) Which of the following
is a critical concept common to all PKIs?
Cryptographic hardware is required
for PKI construction
The server that centrally stores the
keys should not be available
The private key must be computer
generated and centrally stored
Private keys must remain private
(TCO 4) The encryption method based
on the idea of using a shared key for the encryption and decryption of data
is _____.
A hashing function
Symmetric encryption
Asymmetric encryption
Elliptical-curve encryption
(TCO 4) Attackers need a certain
amount of information before launching their attack. One common place to find
information that could be useful to the attacker is to go through the
trash of the target. The process of going through a target’s trash is known in
the community as _____.
Trash rummaging
Garbage surfing
Piggy diving
Dumpster diving
(TCO 4) A special mathematical
function that performs one-way encryption is called _____.
Asymmetric encryption
Transposition cipher
A hashing function
Multiple encryption
(TCO 4) A trust domain is defined as
_____.
The agreed upon, trusted third party
A scenario where one user needs
to validate the other’s certificate
A construct of systems,
personnel, applications, protocols, technologies, and policies that work
together to provide a certain level of protection
A scenario in which the
certificate’s issuer and the subject fields hold the same information
(TCO 4) Encrypting a message by
simply rearranging the order of the letters is a function of the _____.
Shift cipher
Substitution cipher
Transposition cipher
Vigenère cipher
SEC 280 Quiz Week 4
(TCO 3) What is Certification
Authority?
A third party that issues digital
certificates
An auditing firm that ensures
encryption security
A certified professional who
audits systems for security
A third party that encrypts
information for people
(TCO 3) Which of the following is
not a network topology?
Star
Ring
Integrated
Mixed
(TCO 3) A Class _____ address
supports 65,000 hosts on each of 16,000 networks and allows two sections of the
IP address to be devoted to host addressing.
A
B
C
D
(TCO 3) What is Wired Equivalent
Privacy (WEP)?
A method used to encrypt
wireless communications in an 802.11 environment
A signal that jams other wireless
devices attempting to access the system
A method to change encryption
standards during a transmission
An encryption method used to secure
bank passwords
(TCO 3) Which of the following is a
benefit that Network Address Translation (NAT) provides?
Compensates for the lack of IP
addresses
Allows devices using two different
protocols to communicate
Creates a DMZ
Translates MAC addresses to IP
addresses
(TCO 3) Unfortunately, hackers abuse
the ICMP protocol by using it to _____.
Send Internet worms
Launch denial-of-service (DoS)
attacks
Steal passwords and credit-card
numbers
Send spam
(TCO 3) What is PKCS?
One of the standards used in
implementing a public-key infrastructure
A method of private cryptography
used by the military
A method of encrypting e-mail from
the IRS
The method of encryption that uses a
40-bit encryption key
(TCO 5) In addition to “What users
know,” “What users have,” and “What users are,” what did the author add
for authenticating a user?
“What users should have”
“What users should think”
“What users can argue they should
be”
“What users do”
(TCO 5) The three major components
of the SSH protocol are the_____.
Transport Layer Protocol, User
Authentication Protocol, and Connection Protocol
User Datagram Protocol, User
Authentication Protocol, and Connection Protocol
Transport Layer Protocol, User
Encryption Protocol, and Connection Protocol
User Datagram Protocol, User
Encryption Protocol, and Connection Protocol
(TCO 5) Which protocol enables the
secure transfer of data from a remote PC to a server by creating a VPN across a
TCP/IP network?
PPPP
PPTP
PTPN
PPTN
SEC 280 Quiz Week 5
(TCO 6) The best fire extinguisher
for petroleum products is a_____.
Class A
Class B
Class C
Class D
(TCO 6) When a biometric is scanned
and allows access to someone who is not authorized, it is called a _____.
False negative
False positive
True negative
True positive
(TCO 6) A new breed of IDS
that is designed to identify and prevent malicious activity from harming a
system is called _____.
Preemptive IDS
Preventive IDS
Active IDS
Dynamic IDSA
(TCO 6) The best fire extinguisher
for wood, paper, and cloth fires is a _____.
Class A
Class B
Class C
Class D
(TCO 6) Multifactor authentication
is all of these except _____.
“What you are”
“What you have”
“What you know”
“What you calculate”
(TCO 6) _____ are applications
designed to detect, log, and respond to unauthorized network or host use,
both in real time and after the fact.
Windows Operating Systems
Intrusion-detection systems (IDSs)
Firewalls
Twisted-wire pairs
(TCO 6) Media can be divided into
three categories: _____.
Paper, plastic, and cloth
Magnetic, optical, and electronic
Confidential, integrity, and
authority
Red, yellow, and blue
(TCO 6) What does a host-based
IDS monitor?
A single system
Networks
Physical intrusions into facilities
A system and all its surrounding
systems
(TCO 6) Egress
filtering _____.
Scans incoming mail to catch SPAM
Scans outgoing mail to catch SPAM
Scans messages for specific
words or phrases
Filters out POP traffic
(TCO 6) _____ are characterized by
the use of a laser to read data stored on a physical device.
Authentication rules
FTP sites
Modems
Optical media
SEC 280 Quiz Week 6
(TCO 3) An attack where the attacker
captures a portion of a communication between two parties and retransmits it at
another time is called a _____ attack.
Smurf
Denial-of-service
Viral
Replay
(TCO 3) The art of “secret writing”
is called _____.
Spoofing
Smurfing
Cryptography
Cryptanalysis
(TCO 3) Making data look
like they came from a different source is called _____.
Sniffing
A man-in-the-middle attack
A replay attack
Spoofing
(TCO 5) Malicious code that is scripted
to send itself to other users is known as a _____.
Virus
Worm
Trojan
Logic bomb
(TCO 5) What is the primary reason
for the spread of the ILOVEYOU worm?
Network firewalls failed
Systems did not have the appropriate
software patch
Automatic execution, such as
Microsoft Outlook’s preview pane
The virus-scan software was not
updated
(TCO 5) Which of the following
is not one of the three primary e-mail protocols?
SMTP
SNMP
POP3
IMAP
(TCO 5) A worm is a type of virus
that _____.
Is scripted to send itself to other
systems
Is designed to crawl in under a
firewall
Buries itself between the kernel and
the Application Layer of the operating system
Is passed through e-mails with a
subject heading that has the word “worm” in it
(TCO 6) ActiveX refers to
a _____.
Collection of APIs, protocols, and
programs developed by Microsoft to automatically download and execute code over
the Internet
Library of security protocols for
Microsoft’s Internet Explorer
Patch to fix a vulnerability that
hackers exploit where the user downloads an MP3 file and the buffers of the
sound card are overwritten
Method of blocking java scripts that
come from non-Microsoft websites
(TCO 6) With the RSA and
Diffie-Hellman handshakes, _____.
The server and the client agree on
what type of browser to use
Parameters are agreed upon and
certificates and keys are exchanged
Parameters are agreed upon so that
java scripts cannot execute inside the client system
Office applications are able to
e-mail secure documents
(TCO 6) Which are the most common exploits
used to hack into a system?
Buffer overflows
Birthday attacks
Weak-key attacks
Man-in-the-middle attacks
SEC 280 Final Exam
(TCO 2) What is XKMS?
Key Management Specification, which
defines services to manage PKI operations within the Extensible Markup Language
(XML) environment
An XML standard for e-mail
encryption
An XML standard that is used for
wireless data exchange
A primary XML standard that is for
application development
(TCO 2) All of the following are
techniques used by a social engineer EXCEPT for which one?
An attacker replaces a blank deposit
slip in a bank lobby with one containing his own account number
An attacker calls up the IT
department posing as an employee and requests a password reset
An attacker runs a brute-force attack
on a password
An attacker sends a forged e-mail
with a link to a bogus website that has been set to obtain personal information
(TCO 2) Attackers need a certain
amount of information before launching their attack. One common place to find
information is to go through the trash of the target to find information that
could be useful to the attacker. This process of going through a target’s trash
is known in the community as _____
Trash rummaging
Garbage surfing
Piggy diving
Dumpster diving
(TCO 2) What are the SSL and
TLS used for?
A means of securing application
programs on the system
To secure communication over the
Internet
A method to change from one form of
PKI infrastructure to another
A secure way to reduce the amount of
SPAM a system receives
(TCO 2) What are the security risks
of installing games on an organization’s system?
There are no significant risks
Users can’t always be sure where the
software came from and it may have hidden software inside of it.
The users may play during work hours
instead of during breaks
The games may take up too much
memory on the computer and slow down processing, making it difficult to work
(TCO 2) What is the ISO 17799?
A standard for creating and
implementing security policies
A standard for international
encryption of e-mail
A document used to develop physical
security for a building
A document describing the details of
wireless encryption
(TCO 3) A(n) _____ is a network
typically smaller in terms of size and geographic coverage, and consists of two
or more connected devices. Home or office networks are typically classified as
this type of network
Local-area network
Office-area network
Wide-area network
(TCO 3) What is the main difference
between TCP and UDP packets?
UDP packets are a more widely used
protocol
TCP packets are smaller and thus
more efficient to use
TCP packets are connection oriented,
whereas UPD packets are connectionless
UDP is considered to be more
reliable because it performs error checking
Internal-area network
(TCO 3) Unfortunately, hackers abuse
the ICMP protocol by using it to _____.
Send Internet worms
Launch denial-of-service (DoS)
attacks
Steal passwords and credit card
numbers
Send spam
(TCO 3) Which transport layer
protocol is connectionless?
UDP
TCP
IP
ICMP
(TCO 3) Which of the following is a
benefit provided by Network Address Translation (NAT)?
Compensates for the lack of IP
addresses
Allows devices using two different
protocols to communicate
Creates a DMZ
Translates MAC addresses to IP
addresses
(TCO 3) Which transport layer protocol
is connection oriented?
UDP
RCP
IS
ICMP
(TCO 3) Which of the following is an
example of a MAC address?
00:07:H9:c8:ff:00
00:39:c8:ff:00
00:07:e9:c8:ff:00
00:07:59:c8:ff:00:e8
(TCO 4) All of the following
statements sum up the characteristics and requirements of proper private key
use EXCEPT which one?
The key should be stored securely
The key should be shared only with
others whom you trust
Authentication should be required
before the key can be used
The key should be transported
securely
(TCO 4) It is easier to implement,
back up, and recover keys in a _____.
Centralized infrastructure
Decentralized infrastructure
Hybrid infrastructure
Peer-to-peer infrastructure
(TCO 4) When a message sent by a
user is digitally signed with a private key, the person will not be able to
deny sending the message. This application of encryption is an example of
_____.
Authentication
Nonrepudiation
Confidentiality
Auditing
(TCO 4) Outsourced CAs are different
from public CAs in what way?
Outsourced services can be used by
hundreds of companies
Outsourced services provide
dedicated services and equipment to individual companies
Outsourced services do not maintain
specific servers and infrastructures for individual companies
Outsourced services are different in
name only. They are essentially the same thing
(TCO 4) Cryptographic algorithms are
used for all of the following EXCEPT _____.
Confidentiality
Integrity
Availability
Authentication
(TCO 6) A hub operates at which of
the following?
Layer 1, the physical layer
Layer 2, the data-link layer
Layer 2, the MAC layer
Layer 3, the network layer
(TCO 6) Alice sends an e-mail that
she encrypts with a shared key, which only she and Bob have. Upon receipt, Bob
decrypts the e-mail and reads it. This application of encryption is an example
of _____.
Confidentiality
Integrity
Authentication
Nonrepudiation
(TCO 6) The following are steps in
securing a workstation EXCEPT _____.
Install NetBIOS and IPX
Install antivirus
Remove unnecessary software
Disable unnecessary user accounts
(TCO 8) Which of the following is a
characteristic of the Patriot Act?
Extends the tap-and-trace provisions
of existing wiretap statutes to the Internet, and mandates certain
technological modifications at ISPs to facilitate electronic wiretaps on the
Internet
A major piece of legislation
affecting the financial industry, and also one with significant privacy
provisions for individuals
Makes it a violation of federal law
to knowingly use another’s identity
Implements the principle that a
signature, contract, or other record may not be deleted
Denies legal effect, validity, or
enforceability solely because it is electronic form
(TCO 8) The Wassenaar Arrangement
can be described as which of the following?
An international arrangement on
export controls for conventional arms as well as dual-use goods and
technologies
An international arrangement on
import controls
A rule governing import of
encryption in the United States
A rule governing export of
encryption in the United States
(TCO 8) What is the Convention on Cybercrime?
A convention of black hats who trade
hacking secrets
The first international treaty on
crimes committed via the Internet and other computer networks
A convention of white hats who trade
hacker prevention knowledge
A treaty regulating international
conventions
(TCO 8) The electronic signatures in
the Global and National Commerce Act _____.
Implement the principle that a
signature, contract, or other record may not be denied legal effect, validity,
or enforceability solely because it is electronic form
Address a myriad of legal privacy
issues resulting from the increased use of computers and other technology
specific to telecommunications
Make it a violation of federal law
to knowingly use another’s identity
Are a major piece of legislation
affecting the financial industry, and contains significant privacy provisions
for individuals
(TCO 2) Give an example of a hoax
and how it might actually be destructive
(TCO 2) What are the various ways a
backup can be conducted and stored?
Backups should include the
organization’s critical data, and…
(TCO 2) List at least five types
of disasters that can damage or destroy the information of an organization
(TCO 2) List the four ways backups
are conducted and stored.
Full back up, differential backup,…
(TCO 2) List at least five types of
disasters that can damage or destroy the information of an organization.
Flood, chemical spill…
(TCO 2) Your boss wants you to give
him some suggestions for a policy stating what the individual user
responsibilities for information security should be. Create a bulleted list of
those responsibilities.
Do not divulge sensitive information
to individuals…
(TCO 3) What is the difference
between TCP and UDP?
UDP is known as a connectionless
protocol, as it has very few…
(TCO 3) List three kinds of
information contained in an IP packet header
A unique identifier, distinguishing
this packet from other packets…
(TCO 4) What are the laws that
govern encryption and digital rights management?
Encryption technology is used to
protect digital…
(TCO 5) Describe the laws that
govern digital signatures
Digital signatures have the same…
(TCO 6) What are some of the
security issues associated with web applications and plug-ins?
Web browsers have mechanisms to
enable…
(TCO 6) What are the four common methods
for connecting equipment at the physical layer?
Coaxial cable, twisted-pair…
(TCO 6) Describe the functioning of
the SSL/TLS suite
SSL and TLS use a combination of
symmetric and…
(TCO 6) Explain a simple way to
combat boot disks
Disable them or… them in the…
(TCO 7) What are some ethical issues
associated with information security?
Ethics is the social-moral
environment in which a person makes…
(TCO 9) What are password and domain
password policies?
Password complexity policies are
designed to deter brute force attacks by increasing the number of possible
passwords…
SEC 280 Discussions Week 1-2-3-4-6-7
All Posts 187 Pages
Week 5 is not included
SEC 280 Exposing Your Data on the
Internet and Security Practices Discussions Week 1 All Posts 29 Pages
SEC 280 Exposing Your Data on the
Internet Discussions 1 Week 1 All Posts 16 Pages
Have you or someone you know been
the victim of computer fraud because of information about them being data mined
on the Internet? Have you been subject to harassment or major inconvenience
because of eMarketers’ data-mining activities? Do you think companies should
collect information about you and share that information without your explicit
knowledge? Why or why not? Feel free to comment on the responses of your
colleagues here!…
SEC 280 Security Practices
Discussions 2 Week 1 All Posts 13 Pages
Because of what they hear on the
radio and read in the paper, lots of people who connect their systems to the
Internet rush out and buy the latest copies of firewalls and virus-protection
software and begin tinkering without first considering what they’re protecting
themselves against. Is this a good idea? Instead, what should they do
first? What are they doing wrong?…
SEC 280 Security Policies and Laws
and Ethics Discussions Week 2 All Posts 28 Pages
SEC 280 Security Policies
Discussions 1 Week 2 All Posts 15 Pages
The executive committee for your
company needs some help determining if any changes are needed to the
existing security policies and procedures. Describe the types of security
policies and procedures that your organization has and how effective you feel
they are. How can they be compromised by internal personnel?…
SEC 280 Laws and Ethics Discussions
2 Week 2 All Posts 13 Pages
Ethical issues in corporate
governance now influence security issues through the stricter management
controls surrounding corporate financial-data integrity under Sarbanes-Oxley. Let’s
discuss these issues….
SEC 280 Asymmetric Versus Symmetric
Encryption and Trust Models Discussions Week 3 All Posts 28 Pages
SEC 280 Asymmetric Versus Symmetric
Encryption Discussions 1 Week 3 All Posts 15 Pages
Discuss or describe how asymmetric
encryption allows PKI to function. Also, how does symmetric encryption work to
protect files?…
SEC 280 Trust Models Discussions 2
Week 3 All Posts 13 Pages
Let’s compare and contrast the
hierarchical trust model, the peer-to-peer trust model, and the hybrid trust
model….
SEC 280 Network Security and Remote
Access Discussions Week 4 All Posts 25 Pages
SEC 280 Network Security Discussions
1 Week 4 All Posts 13 Pages
Networks present a lot of
opportunities for security challenges. What type of network are you on,
and what security elements are employed? Are they effective? Why or
why not?…
SEC 280 Remote Access Discussions 2
Week 4 All Posts 12 Pages
Aren’t we employing remote access
with the school? How does this environment work for access,
authentication, and the working environment? How is your organization
setup? …
SEC 280 Attacks and Malware and
Identity Theft Discussions Week 6 All Posts 33 Pages
SEC 280 Attacks and Malware
Discussions 1 Week 6 All Posts 20 Pages
There are many ways an organization
or individual can be attacked through the use of software. Currently,
what are the most popular ways these attacks are being implemented? What
defenses are being implemented?…
SEC 280 Identity Theft Discussions 2
Week 6 All Posts 13 Pages
This one is significant, and we need
to understand the laws involved with identity theft, privacy, and
cybercrime. Therefore, what are the main laws, and how do they affect us
if a breach occurs?…
SEC 280 Mitigating Risk and Incident
Handling Discussions Week 7 All Posts 24 Pages
SEC 280 Mitigating Risk Discussions
1 Week 7 All Posts 12 Pages
Your CEO says to you, “You mentioned
that risks always exist. If I take enough measures, can’t I eliminate risks?”
Explain why risks always exist. What are some of the ways you can quantify
risk in order to determine how and where to take measures e.g. spend money?…
SEC 280 Incident Handling
Discussions 2 Week 7 All Posts 12 Pages
Let’s start the week by discussing
the incident-handling process. Risk management involves the process of
understanding vulnerabilities and providing the appropriate level of security
to handle the possibilities. When an incident occurs, we need to effectively
identify how it occurred and what we will do to see that it is less likely to
occur in the future. Who are the members of the IRT?…
No comments:
Post a Comment