Premium Essay

Intro to Information Security Notes

In:

Submitted By stryker401
Words 907
Pages 4
Responses on port 80= a web service is running. HTTP
Port 443- HTTPS
To run port scans all you need is access to the LAN and/or subnet
Technet.microsoft.com/en-us/security/advisory
Mitigate vulnerabilities
Threats are things you have to respond to effectively.
Threats are controllable
Risks are manageable
Vulnerabilities can be mitigated
All affect the CIA triad
Not all threats are intentional
Confidentiality, integrity, accessibility = CIA

Starting on pg 161
DAC- only as secure as the individuals understanding. Access determined by owner.
MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it.
Non DAC- third party determines the permissions.
Role based- pg 166. Access determined on the job of the user.
Rule based- variation of DAC. Rules are created and access is based on the rules created.

Week of 4/17/13
Starts on pg 146
Project- search SSCP CBK on the library under 24/7
Each of the 7 domains, vulnerabilities in each, security used in each to control,

For lab 5---
Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp.
Will need 3 machines.
Student, Target, ubuntu 1
Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows.
Command prompt from student to ubuntu. Try to log in.
Do questions. Question 9, focus on SSH and what traffic you are getting.
Assignments—

Week of 5/1/13
Acronyms-
Pg263
BCP- Business Continuity Plan
DRP- Disaster Recovery Plan
Pg266
BIA- Business Impact analysis
Pg256
SRE
ARO
ALE
Pg258
Dealing with risk

BCP A plan designed to help an organization continue to operate during and after a disruption Covers all functions of a business, IT systems, facilities, and personnel Generally includes

Similar Documents

Premium Essay

It/244 Final

...Information Security Policy Gennie Diamond Axia College of University of Phoenix IT/244 – Intro to IT Security October 10, 2010 Executive Summary The goals of this information security policy will be to state the principles and guidelines for protecting the confidentiality, integrity, and availability of sensitive information and resources for XYZ Energy. This policy will set forth requirements for securing the network’s confidential information and data communications infrastructure, in addition to defining detailed policies in the areas of physical security, access control, and network security. Assumptions of the security plan defines physical security at each site for the environment around the network including entry control at each facility, the need and responsibilities of security staff, and issues around security in common areas. Information system security defines workplace protection and guidelines for storage, protection, and maintenance of hardware and network equipment. Access control policies address user enrollment and all network access privileges, along with identification and authentication process policies. Finally, network policies are defined for granting and managing network access while still protecting sensitive company data. Project constraints can include, but are not limited to, availability of resources needed to provide appropriate security for each defined security goal; time restraints for meeting these goals;...

Words: 1790 - Pages: 8

Premium Essay

Un and Its Relevancy

...reform to deal with challenges such as human rights, peaceful conflict resolution, terrorism, and genocide? Discuss with reference to course readings and lecture notes. Intro: * The UN was established at the end of ww2 * Its main purpose: maintaining international peace and security * Un charter: refers to the needs and interests of peoples * The UN remains to be relevant however it tends to be flawed in many ways possible Although there are many flaws to the UN, it remains to be relevant due to the crucial consolidating role it played in, promotion and development of public international law, defence of the universality of human rights, dissemination of new ideas about peace and security, advocacy of plans against poverty, protection of the environment, protects 22m refugees and hosts to 7,500 meetings a year in Geneva alone. Although we do have political order since the presence of the UN, such political order might not be good because due to its flaws, the UN’s unstable trust and legitimacy is what keeps Yes we do have political order, but that might not be good because trust and legitimacy is what keeps the institution moving on the path all states can depend on. However, Most of the UN's political operations, including peacekeeping, answer to the Security Council. Security Council made up 15 states. Decisions to be made by majority of 9 out of 15.  The ones who get things done veto 5 five permanent members have Veto (the US, Britain...

Words: 500 - Pages: 2

Premium Essay

Security Considerations: Kudler Fine Foods Loyalty Program

...Initiation Phase During the initiation phase of the Loyalty Points project, the development team must store one to one interviews with key stakeholders in a secure location. The key deliverables in this stage are the business requirements document (BRD) and the project charter. Hence, the project manager (PM) must store these notes and documents in a secure location. If the documents are in electronic format, having a full disk encryption technique like Secure Disk from Seagate Technologies or a file encryption program like PGP Desktop would be an acceptable choice to cipher all documents in the event an inside or outside attacker stole any hardware during the initiation phase project documentation of the loyalty points program. (Conklin et. al., 2012) Planning Phase In the planning phase of the loyalty points program, JAD session notes between stakeholders and the development team along with the work breakdown structure (WBS), Data Flow Diagrams (DFD), and system flow charts will be the key deliverables for this phase. Like the initiation phase, the PM must consider what medium to store JAD, WBS and DFD documents. If the PM stores these documents in electronic format, using a full disk or file encryption program in tandem with username/password combination for the laptop or desktop OS would be a good layered defense for user authentication to gain access to these project documents. (Conklin et. al., 2012) If the deliverables are in hard copy, having the copies...

Words: 1182 - Pages: 5

Free Essay

Computer Ethics

...Computer Ethics Angel L Rivera CIS106020VA016-1146-001 (Intro to Info Technology) Prof MERRITT, JENNIFER 8.7.2014 1-Describe two (2) potential computer ethics issues associated with holding computers hostage. A- Computer Crime: Attacks on Software through Back Doors or Trojan Horses- The intruder creates a malicious code just like they would to create other types of malware. The code is specifically designed to take control of your computer and then hijack all of your files. The files are then placed in an encrypted format so you no longer have access to them. B- Computer Crime: Attacks on People - Sabotage/Destruction of Data
-If you fail to pay, the intruder is capable of creating additional malicious code that will destroy the content of your PC a little bit at a time until you pay up. Another type of ransomware presents itself in the form of a Trojan, which scans all of your PC's directories and drives, and then automatically encrypts all of your files so you cannot access them. The Trojan places the finishing touch on the intrusion by leaving a ransom note. 2-Propose two (2) methods that computer users could use to prevent this type of attack. A- Your best defense is to not click on e-mail attachments from unknown sources and avoid clicking anything in a pop up window that you receive while browsing the Internet. B- Make sure your anti-malware software has the latest and greatest definition files so that it is prepared for the current batch...

Words: 512 - Pages: 3

Free Essay

Helllloo

...Educators (lab) BIO 101 Biology in Your World BIO 111* Understanding Bio Sys Through Inq. (lab only) BIO 121* General Biology I (lab) BMS 100 Concepts & Issues in the Life Sciences BMS 105 Concepts & Lab in the Life Sciences (lab) BMS 110* Intro to Biomedical Sciences (lab) BMS 111* Intro to Lab in Biomedical Sci (lab only) GLG 115 Life of the Past Physical Sciences (3-5 credit hours) AST 113 Modern Astronomy AST 114 Survey of Astronomy AST 115 Basic Astronomy (lab) CHM 107 Chemistry for the Citizen CHM 108* Chemistry for the Citizen Lab CHM 116* Fundamentals of Chemistry CHM 117* Fundamentals of Chemistry Lab GLG 110 Principles of Geology (lab) GLG 171 Environmental Geology GRY 135 Principles of Weather & Climate (lab) GRY 142 Introductory Physical Geography (lab) PHY 100 Survey of Physics (lab) PHY 101* Physics by Inquiry for Educators (lab) PHY 123* Introduction to Physics I (lab) PHY 203* Foundations of Physics I (lab) 4(3-3) 3(3-0) 1(0-2) 4(3-3) 4(4-0) 4(3-2) 4(3-2) 1(0-2) 3(3-0) 3(3-0) 4(4-0) 4(3-2) 3(3-0) 1(0-2) 4(4-0) 1(0-2) 4(3-2) 3(3-0) 4(3-2) 4(3-2) 4(3-2) 4(2-6) 4(3-2) 5(4-2) GEC 107 (no lab) GEC 106 (lab) HUMAN CULTURES 4 different course codes from these boxes Social & Behavioral Sciences (choose two, 6 credit hours) AGR 100 Food Security 3 ANT 125 Exploring Our Human Ancestry 3 CFD 155 Principles of Human Development 3 CFD 163 Relationships in...

Words: 999 - Pages: 4

Premium Essay

Hit-120

...Course Project: MCAS MIRAMAR FAMILY ADVOCACY CENTER HIT 120- Introduction to Health Information Technology December 12, 2012 Course Project: MCAS MIRAMAR FAMILY ADVOCACY CENTER Electronic health records (EHR) are health records that are generated by health care professionals when a patient is seen at a medical facility such as a hospital, mental health clinic, or pharmacy. The EHR contains the same information as paper based medical records like demographics, medical complaints and prescriptions. There are so many more benefits to the EHR than paper based medical records. Accuracy of diagnosis, quality and convenience of patient care, and patient participation are a few examples of the benefits of the HER system. MCAS MIRAMAR FAMILY ADVOCACY CENTER MCAS Miramar Family Advocacy Center, also known as FAP for the Family Advocacy Program, is a military mental health facility that is located in San Diego, California aboard the Marine Corps Base. It provides services to active duty military members and their immediate family members, veterans, and all other military beneficiaries. The mission of the Mental Health Directorate is to horizontally utilize mental health providers from differing disciplines to support the mission of NMCSD (Naval Medical Center San Diego) through the provision of a full range mental health services (Mental Health Services, 2011.) Mental health, substance abuse, sexual abuse prevention, domestic...

Words: 861 - Pages: 4

Premium Essay

Finance

...Requirements for Fall 2011, Spring 2012, Summer 2012 Undergraduate Program Office C140 PBB (319) 335-1037 http://tippie.uiowa.edu/undergraduate/ Finance 2011-12 This form is a planning tool only. To confirm specific graduation requirements, consult your degree audit on ISIS. I. General Education* (22-32 sh) Rhetoric Interpretation of Literature (req: completion of rhetoric) World Languages** Historical Perspectives International and Global Issues Values, Society, and Diversity Natural Sciences (lab not required) Social Sciences (excluding 6E:1, 6E:2) sh grade 4 3 0-10 3 3 3 3 3 Subtotal (I) ________ IV. Finance Major Requirements (20 sh) Required Major Courses* 6F:110 Financial Information Tech (coreq: 6F:100) (grade: S/F) 6F:111 Investment Management (prereq: 6F:100, coreq: 6F:110) 6F:117 Corporate Finance (prereq: 6F:100, coreq: 6F:110) 6A:120 Financial Acct and Reporting** (prereq: 6A:2) Choose three additional electives from the following: 6F:102 Principles of Risk Mgt & Insurance (coereq: 6F:100) 6F:103 Property and Liability Insurance (prereq: 6F:102); or 6F:104 Corp Fin Risk Mgt (prereq: 6F:102, coreq 6F:110); or 6F:105 Life and Health Insurance (prereq: 6F:102); or 6F:106 Employee Benefit Plans (prereq: 6F:102) 6F:108 Topics in Finance I (SP 09 or later, prereq: 6F:100) 6F:109 Topics in Finance II (prereq: 6F:100) 6F:112 Applied Equity Valuation (prereq: 6F:100) (req: 2.80 UI GPA). See Finance Department for special permission. sh grade 2 3 3 3 3 3 ...

Words: 1234 - Pages: 5

Free Essay

Essay

...The Cheesecake Factory Code of Conduct Veronica Linton Strayer University Professor Izzeldin Bakhit Intro to business 09/06/2014 Abstract The Overall Code of Ethics for any Cheese Cake Factory employee whether you are an executive officer, senior financial officer, director or a staff member will always have a productive influence on the company’s ability to have continued success. It is very vital that the business upholds the correct standards and ethics for each department with regard to keeping the respect for our employees and our faithful patrons. This material will explain the areas of our code of conduct that are important to our business with emphasis on why it should be significant to our business. We will also go in detail of how our business can make sure that our employees follow the rules that are put into action. Finally The Cheese Cake Factory will also be more visible in our communities with inspiring more activities for our patrons which will be done in a socially receptive way. The Cheesecake Factory Code of Conduct The Code of ethics in which our company enforces has a high priority for keeping our company successful with maintaining the respect of our employees and keeping our exceptional customers happy. We place a high regard in our managers to making an outstanding effort to keep honesty along fair business practices in mind for the company. We make every effort to deter the wrong doing of employees with striving for continuous promotions...

Words: 986 - Pages: 4

Premium Essay

Confidentiality and Alton Logan

...Course Name: Intro to Legal Ethics Instructor: Brent Halbleib Assignment: Unit 3 Confidentiality and Attorney/Client Privilege Name: Donna Marie Brown Date: July 26, 2015 Possible Points: 100 Confidentiality and Attorney- Client Privilege Donna Marie Brown Kaplan University Confidentiality and the Alton Logan Case “Sometimes trying to make wrongful conviction right, creates an ethical tension for civil and criminal attorneys. With any kind of practice, but mostly with criminal defense, a lawyer may learn from a client that they committed a crime ascribed to someone else. When an innocent person is faced with conviction, imprisonment, or in some cases, the death penalty, and the attorney is mindful of the injustice occurring to a third party, the lawyer is still bound by the rules of confidentiality to honor their commitment to their client.” (Strutin, 2015) And this begins the case with Mr. Alton Logan. In 1982, Alton Logan was convicted of killing a security guard at a Chicago-area McDonalds. Even though the testimony that Logan was at home when the murder happened, the jury still found him guilty of first degree murder And to top it off, the two attorneys, Dale Coventry and Jamie Kunz, knew Logan was innocent. And how did this knowledge come about? Andrew Wilson, the attorneys’ client, admitted to the murder. The two attorneys who were representing Wilson, for killing two policemen, was told by Wilson that he was also guilty of killing the security guard at McDonalds...

Words: 1005 - Pages: 5

Premium Essay

Common Lab Tasks

...you will follow a series of step-by-step instructions designed to help you explore the environment and gather the information you need to successfully complete the deliverables. In each lab, you will perform identical steps, such as opening the virtual lab, logging in to another server, taking screen captures, and transferring files to your local computer. To avoid repeating steps in the lab itself, those common steps have been collected in this file. You may refer to this document at any time during your lab session. Though you may not be required to perform each of these steps in every lab, the Common Lab Steps are listed in the order that you are most likely to encounter them. As you review this list, you should pay attention to the logic and flow of the lab. This will help you to perform the lab procedures more quickly and more accurately. Note: The other virtual machines used in this environment may require as long as 10 minutes to complete their initialization processes (wake-up sequences) and load all required software. If you receive a connection error message, wait at least one minute before clicking on the Remote Desktop Connection icon to retry the connection. Virtual Lab Environment You will use the virtual lab environment to complete the learning activities in this lab manual. Note: The virtual lab environment, also called the Virtual Security Cloud Lab (VSCL) requires Java, Adobe Flash, and a compatible Web browser. The list of compatible browsers and required...

Words: 2387 - Pages: 10

Premium Essay

Common Lab Tasks

...you will follow a series of step-by-step instructions designed to help you explore the environment and gather the information you need to successfully complete the deliverables. In each lab, you will perform identical steps, such as opening the virtual lab, logging in to another server, taking screen captures, and transferring files to your local computer. To avoid repeating steps in the lab itself, those common steps have been collected in this file. You may refer to this document at any time during your lab session. Though you may not be required to perform each of these steps in every lab, the Common Lab Steps are listed in the order that you are most likely to encounter them. As you review this list, you should pay attention to the logic and flow of the lab. This will help you to perform the lab procedures more quickly and more accurately. Note: The other virtual machines used in this environment may require as long as 10 minutes to complete their initialization processes (wake-up sequences) and load all required software. If you receive a connection error message, wait at least one minute before clicking on the Remote Desktop Connection icon to retry the connection. Virtual Lab Environment You will use the virtual lab environment to complete the learning activities in this lab manual. Note: The virtual lab environment, also called the Virtual Security Cloud Lab (VSCL) requires Java, Adobe Flash, and a compatible Web browser. The list of compatible browsers and required...

Words: 2388 - Pages: 10

Premium Essay

Online Register

...(last 30 min Authorization, JDBC discussion/quiz) (Chapters 4 and 5) ER Design (Chapter 7) Session 10:30 – Continues.. 11:00 (last 30 min discussion/quiz) 10:30 – 11:00 Session Continues.. (last 30 min discussion/quiz) 13:00 – 14:00 Lab 3: Advanced SQL Outerjoins, DDL: integrity constraints, authorization Lab 4: ER Design Tutorial (Last 45 mins for solutions discussion, broadcast) Lab 5: Normalization Tutorial (Last 45 mins for solutions discussion, broadcast) 17:0017:15 No Session 13:00 – 14:00 17:0017:15 Setting up Moodle (Abhilash K.S.) No Session Normalization (Chapter 8) 13:00 – 14:00 17:0017:15 Holiday Day / Date 09:00 – 10:30 Building Web Applications, Storage Servlets, Sessions, Application Security (Chapters 9, 10)...

Words: 591 - Pages: 3

Free Essay

Syllabus Esl0305

...Writing. 2012 edition – Source Book. Garnet Books, 2012 Slaght, John, Paddy Harben and Anne Pallant. English for Academic Study: Reading and Writing. American Edition – Course Book, 2009 Supplementary Materials: See attached Reading List Online Resources: Dictionary: http://dictionary.reference.com/ Purdue Online Writing Laboratory: http://owl.english.purdue.edu/owl/ WordReady: Academic English. Garnet Education. http://www.garneteducation.com/Book/629/WordReady.html Course Content: A. Reading Strategies as applied to General Education readings 1. Predicting/pre-reading 2. Surveying 3. Using graphic organizers 4. Recognizing syntactic chunks 5. Annotating 6. Skimming and Scanning for specific information 7. Question generating and question answering 8. Speed reading 9. Self-monitoring 10. Collaborative reading 11. Summarizing or reading recall 12. Working with vocabulary in context B....

Words: 1228 - Pages: 5

Premium Essay

Disney Case

...CALIFORNIA STATE UNIVERSITY, FULLERTON MIHAYLO COLLEGE OF BUSINESS AND ECONOMICS DEPARTMENT OF MANAGEMENT Management 339 Dr. Gamini Gunawardane Principles of Management and Operations Fall 2012 COURSE OUTLINE Course Description Administrative processes in utility-creating business operations; decision making; planning; controlling; organizing; staffing; supporting business information systems; measuring and improving effectiveness; production processes, production operations and institutions in American and worldwide business. Prerequisites: All lower division business core courses or instructor's consent; corequisite Management Science 361 A. Course Objectives This course covers part of the body of knowledge known as Principles of Management and/or Organization Theory as well as the essentials of Operations Management (OM). The emphasis is on understanding the role of the Operations Managers in manufacturing and service organizations. The objective will be to learn relevant theories, concepts and techniques relevant to the activities of an Operations Manager and also learn solving OM problems. Teaching method This is a lecture/discussion course. As this course covers two subject areas, there are many topics and sub-topics to address. To make optimal use of time, the instructor will set up a broad, but clear, framework to cover a topic or a series of related topics and explain the core concepts. The best use of this approach can be made...

Words: 1136 - Pages: 5

Free Essay

Linux Lab

...For the exclusive use of C. Calina, 2015. Journal of Information Technology (2007) 22, 432–439 & 2007 JIT Palgrave Macmillan Ltd. All rights reserved 0268-3962/07 JIT016 palgrave-journals.com/jit Teaching case Modernization of passenger reservation system: Indian Railways’ dilemma Shirish C Srivastava1, Sharat S Mathur2, Thompson SH Teo1 1 School of Business, National University of Singapore, Singapore, Singapore; Centre for Railway Information Systems, Indian Railways, New Delhi, India 2 Correspondence: SC Srivastava, School of Business, National University of Singapore, 1 Business Link, Singapore, Singapore 117592, Singapore. Tel: þ 65 6516 3038; Fax: þ 65 6779 2621; E-mail: shirish@nus.edu.sg Abstract This teaching case discusses the challenges being faced by the technology managers at Indian Railways (IR) in the current scenario of a resurgent national economy coupled with increasing customer expectations. In the face of growing competition from road and low-cost airlines, to retain its customers, IR has responded by changing its business rules. The Railway Ministry expects a rapid response from Centre for Railway Information Systems (CRIS) to incorporate all these changes in the passenger reservation system (PRS). The old PRS, which is time-tested and reliable, and has been serving the customers’ needs for nearly two decades, is now proving to be relatively inflexible to match the rapidly changing business requirements. Although...

Words: 6480 - Pages: 26