...Student Lab Manual © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION Student Lab Manual © Jones & Bartlett Learning, LLC © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT Auditing IT Infrastructures for Compliance © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION IS4680 © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett Learning, LL NOT FOR SALE OR DISTRIBUT © Jones & Bartlett Learning, LLC NOT FOR SALE OR DISTRIBUTION © Jones & Bartlett©Learning, LLC Learning, LLC, an Ascend Learning Company Bartlett Current Version Date: 11/21/2011 © Jones & Learning, LLC Copyright 2013 by Jones & Bartlett www.jblearning.com! NOT FOR SALE OR DISTRIBUTION ...
Words: 30948 - Pages: 124
...and combine them into one final report. These reports will consist of: - The two auditing frameworks or hardening guidelines / security checklists used by the DoD. - How a security assessment addressing modern day risks, threats, and vulnerabilities throughout the 7-domains of a typical IT infrastructure can help an organization achieve compliance. - How to gather and obtain needed information to perform a GLBA Financial Privacy & Safeguards Rules compliance audit and what must be covered. - The top workstation domain risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to prevent these issues from happening. - The top LAN – to – WAN risks, threats, and vulnerabilities which will not only include possible causes, but mitigations as to how we can prevent these issues from happening. - The top Remote Access Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. - The top Systems / Application Domain risks, threats, and vulnerabilities as well as ways to mitigate these types of issues. Part 1: Purpose: The purpose of part 1 for this lab is to develop an executive summary in regards to either the two auditing frameworks or hardening guidelines/security checklists used by the DoD. For this, I have chosen to discuss the two auditing frameworks. Background: A little background about the AF (Auditing Framework) for the DoD is that it provides a foundation for developing and representing...
Words: 2140 - Pages: 9
...Auditing Standard 5: Information Technology General Controls Testing This assignment addresses Objective 1: Overall Security, in Chapter 11: Auditing Computer-based Information Systems. It requires testing some form of access authorization control, typically called an IT General Control (IT GC). You will find posted on the course site AS 5 PowerPoint presentation. Please review as you do this assignment. Chapter 11 also plays a part in this assignment. Required: A. Select a resource that is subject to access authorization control to access a resource. The resource can be anything, including hard assets or soft (information) assets. Also, it could be a non-financial or financial (accounting) resource. Examples: Access to a dorm or an apartment building, access to controlled parking lots, buildings (such as a hospital, especially outside normal hours of operation, including weekends), cafeteria, a controlled ATM facility, library or lab facilities, computer operating room, a restricted event, class rooms (such as BA 111), fitness center. It could even be something quite unique. For example, on the back of my credit card, in place of the signature, I have “Request ID.” I could track all charge card transactions and track failures to ask for my ID, that is, incidences where I used the card but the provider of products or services did not request my ID (some businesses do not care if the charge is less than $25). Another example: Compliance test of a check on...
Words: 880 - Pages: 4
...Chemical Inventory Management System David Acker Auburn University Risk management and Safety Abstract Managing chemical inventories at colleges and universities is one of today’s major challenges for higher education. This is especially true for large, diverse, research-oriented institutions like Auburn University. Knowing what chemicals are on site, their hazard potential, who is responsible for them, and where they are located is essential to maintaining a safe campus. Additionally, Federal and State regulations dealing with hazardous waste, chemical security, and emergency preparedness have become more stringent in recent years, requiring greater accountability from colleges and universities. These safety and regulatory compliance imperatives, along with issues of environmental sustainability and cost containment, drive the need for effective chemical inventory management in the university environment. In order to achieve effective chemical inventory management at Auburn University, Risk Management and Safety (RMS) has implemented a Chemical Inventory Management System (CIMS). The technological core of the CIMS is a chemical tracking database that provides realtime, discreet (to the individual container) monitoring of chemical inventories. The database has the capacity to accurately link the chemical container to hazard data, location, user, and acquisition date. Personnel, equipment, and budgetary resources were required to support the implementation phase, and ongoing...
Words: 4990 - Pages: 20
...| | | | |[pic]www.csudh.edu | | |[pic] | |[pic] |College of Natural and Behavioral Sciences | | |Department of Computer Science | | |http://csc.csudh.edu | |Course Title: |Communication Systems Security | |Course Number: |CTC 362 | |Instructor Name: | Mehrdad S. sharbaf, ph.d. msharbaf@csudh.edu, Office: tba, phone: tba, office Hours: tba | |Date: |Spring Semester, 2016 | |Course Length: ...
Words: 1433 - Pages: 6
... Students have two options. They can order from the EPCC campus bookstore, or they can order from the publishers shopping portal (www.shopjblearning.com). Below are the bundle breakdowns and options: OPTION 1: Purchase at EPCC Bookstore: Printed Access Code (For Bookstore) Print Bundle: a. Print Text + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07445-1 Bookstore sets student price: eBundle: a. eBook Rental + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07444-4 Bookstore sets student price: OPTION 2: JONES & BARTLETT: E-mailed Access Code (For Student). Students can go to: www.shopjblearning.com, enter the ISBN in the Search field, and then Add to Cart- proceeding through the checkout process. Print Bundle: b. Print Text + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07440-6 Approx. cost to the student: $170 eBundle: b. eBook Rental + Virtual Lab Access/eLab Manual ISBN: 978-1-284-07439-0 Approx. cost to the student: $150 c. Virtual Lab Access/eLab Manual ONLY ISBN: 978-1-284-07446-8 Approx. cost to the student: $117 B. Required Materials 1. Internet Access to utilize the online Virtual Lab Environment. 2. USB Flash Drive– minimum 4GB (Gigabyte).(Note: You do not...
Words: 1345 - Pages: 6
...Unit 8 Lab 8: Auditing the Remote Access Domain for Compliance Larry Sanchez IS4680 5/12/2014 Remote Access Domain, when using this you are access resources that our outside you organizational resources to access your organizations network. A lot of this accessing of resources compromises of sensitive data. This makes it a lot more accessible to attackers or hackers due to the perimeter of the network being so far extended and the attackers or hackers could be able to find a breach in the network perimeter. Having a weak VPN that has no layers of security can and will give hackers or attackers the window of opportunity that they need to get to our network. We need to watch what kind of software that our user's are using. If our remote users are using different software than what we have at our company headquarters than there could be a possible risk. The software can be suspicious, especially if the user downloaded it from the Internet. the software in question could lead to incoming viruses and worms that can affect our network. This can create holes in the security that has been set up. Configuration settings can lead a user to let in viruses and worms also. If the remote user does know how to set up their configuration settings on their machines than anything that they send or receive can be a potential risk, threat, and vulnerability to our network. Once an employee takes their laptop home they are no longer protected by the organizations firewalls. This can...
Words: 716 - Pages: 3
...Auditing 1/26/15 Enron Enron began as Northern Natural Gas in 1932. In 1979 the company reorganized and became InterNorth. InterNorth was in the business of creating energy products such as natural gas and plastics. Later InterNorth merged into what was known as Enron with the new CEO Kenneth Lay running the show. He then began moving the headquarters to Houston, where they began selling off assets to limit their losses initially. The misleading financial accounts began when Jeffrey Skilling wanting to hide their losses. He and Andrew Fastow used special purpose entities to off load liabilities to those company to keep their main business looking as if they were profiting. Which intern made them look as though their business is successful and made their stocks increase because investors saw that the business was profiting not failing. A way that they were able to show the company as profitable was transferring debits and losses to offshore businesses that made it look as though on the books they were profiting and to make those unprofitable parts of the company disappear into an offshore business. To hide their losses in the trading business Skilling used mark-to-market accounting. Mark-to-market accounting is used in the security business but what Skilling did was use it for everyday business. Doing this let them write out what they thought a certain venture would be making in the future, without having to have actually made a dime. This let Enron show on the books...
Words: 2227 - Pages: 9
...ITT Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110...
Words: 2305 - Pages: 10
...ITT Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications ...
Words: 4114 - Pages: 17
...personnel, nurses, doctors, insurance agents, case managers and many more. The Health/Insurance Portability and Accountability Act of 1996 (HIPAA) was created to safeguard patients’ medical data security and privacy. HIPAA incorporates requirements that allow for a comprehensive review that will show anyone who has looked at confidential medical patient information. HIPAA is structured to provide a complete security access and auditing for Oracle database information. This framework designates data access points such as User Access Control, System Administration, Object Access and Data Changes that should be monitored and controlled. An accurate HIPAA compliant security execution assures all such access areas are plainly outlined and that applicable security measures along with audit controls are in place. This paper will review and describe these controls as they apply to an Oracle database instance used for medical data. Keywords: HIPAA database, database encryption requirements, database, database security requirements, database design, database compliance, database...
Words: 4360 - Pages: 18
... Task 4 | | | Monica DeWitt | | | Current Compliance Status The hospital is compliant in with the National Patient Safety Goals (NPSG) in the following areas: staff is using 2 identifiers when providing care, correctly transfusing patients, maintaining a healthy patient care environment by complying with the Center for Disease Control (CDC) and World Health Organization (WHO) hand hygiene guidelines, continuing evidence-based best practice to prevent or reduce the risk of catheter-associated urinary tract infections (CAUTI), identifying patients at risk for suicide. Within the rest of the accreditation requirements the facility was compliant with the following elements: EM-emergency management HR-Human Resources IC-Infection Prevention and Control IM-Information Management MS-Medical Staff PI-Performance Improvement RI-Rights and Responsibilities of the Individual TS-Transplant Safety Trends of noncompliance within the healthcare system From the list of recorded finding there are several trends identified in which the hospital is will need to address to meet the Joint Commission (JC) standards. The list is divided into direct and indirect impact. There are 4 indirect impact issues that need to be addressed and 1 direct impact issue. Indirect Impact Trends Verbal Orders-Verbal orders are not being authenticated within the 48 hours on several units. The hospital audits should show a 100% compliance regarding verbal orders. The...
Words: 1189 - Pages: 5
...manageable Vulnerabilities can be mitigated All affect the CIA triad Not all threats are intentional Confidentiality, integrity, accessibility = CIA Starting on pg 161 DAC- only as secure as the individuals understanding. Access determined by owner. MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it. Non DAC- third party determines the permissions. Role based- pg 166. Access determined on the job of the user. Rule based- variation of DAC. Rules are created and access is based on the rules created. Week of 4/17/13 Starts on pg 146 Project- search SSCP CBK on the library under 24/7 Each of the 7 domains, vulnerabilities in each, security used in each to control, For lab 5--- Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp. Will need 3 machines. Student, Target, ubuntu 1 Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows. Command prompt from student to ubuntu. Try to log in. Do questions. Question 9, focus on SSH and what traffic you are getting. Assignments— Week of 5/1/13 Acronyms- Pg263 BCP- Business Continuity Plan DRP- Disaster Recovery Plan Pg266 BIA- Business Impact analysis Pg256 SRE ARO ALE Pg258 Dealing with risk BCP A plan designed to help an organization continue to operate during and after a disruption Covers...
Words: 907 - Pages: 4
...Riordan Corporate Compliance Plan LAW/531 June 11, 2012 James Mc Phail Riordan Corporate Compliance Plan Riordan Manufacturing, Inc. Riordan Manufacturing is a global and international company that produces and sells plastic parts for the beverage manufacturing industry, automotive industry, aircraft manufacturers, and fan manufacturers. Riordan owns four major facilities in the United States Albany, Pontiac, Michigan, and Georgia. In addition, one joint venture located in China, in the town of Hangzhou. Riordan headquartered in San Jose, California is responsible for the creation of new designs, research, and development. The company employs 550 people worldwide, with annual earnings of $46 million. Enterprise liability Riordan currently maintains a corporate compliance plan. However, the company should improve the governance system to manage, control, and protect the company stakeholder’s assets efficiently against potential legal threats. Riordan should implement a strong corporate governance meeting structure that will allow conformance and compliance of new regulations and legal requirements. The implementation of procedures and corporate policies will help the employees to focus and will prevent compliance violations. Both officers and employees must comply with applicable laws and guidelines provided in the corporate policies. Regular reviews of the following governance committees will help to manage the liability of the directors...
Words: 2043 - Pages: 9
...IT255 Introduction to Information Systems Security [Onsite] Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Credit hours: 4 Contact hours: 50 (30 Theory Hours, 20 Lab Hours) Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security 400 Level Capstone Project IS418 IS404 Access Control, Authentication & KPI IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications Securing Linux Platforms & Applications 300 Level IS305 Managing Risk in Information Systems ...
Words: 4296 - Pages: 18