...CCJS345: Introduction to Security Professor Michael A. Jackson Final Project: Case Study Presented by: James W. Johnson 04 November 2012 Table of Contents Introduction………………………………………………..……………………………………..iii Facility Overview……....…………….……………………………………………...……….......iv Current Crime Prevention and Security Measures in Place............................................................iv Physical Limitations.…………………………..…………….…………………………………….v Optional Physical Security………..………………........................................................................vi Information and Records Security………..………........................................................................vi Emergency and Response Planning...............................................................................................vii OSHA Standards and Violaton….…………………………………………….……………..….xiii Hiring Practices……………...….…………………………………………….……………..….xiii Legal Issues…..……………...….…………………………………………….……………..……ix Conclusion……………...….…………………………………………….……………..………...ix References…………………………………………………………………….……………..…….x Introduction The purpose of this paper is to design a security plan for the Maryland Public Safety Education and Training Center (MPSETC) that, at a minimum, identifies the facility assets requiring protection, the criticality of those assets, the various threats directed at the assets and the probability of loss...
Words: 3218 - Pages: 13
...Introduction to Computer Security CSE 3482 Introduction to Information/Computer Security Instructor: N. Vlajic, Winter 2014 Learning Objectives Upon completion of this material, you should be able to: • Describe the key security requirements of confidentiality, integrity and availability (CIA). • Describe the CNSS security model (McCumber Cube). • Identify today’s most common threats and attacks against information. • Distinguish between different main categories of malware. Required Reading Computer Security, Stallings: Chapter 1 Computer Security, Stallings: Chapter 6 Introduction • Information Technology – technology involving development & use of computer systems & networks for the purpose of processing & distribution of data in many organizations, information/data is seen as the most valuable asset categories of IT jobs: IT administrator - installs, maintains, repairs IT equipment IT architect - draws up plans for IT systems and how they will be implemented IT engineer - develops new or upgrades existing IT equipment (software or hardware) IT manager - oversees other IT employees, has authority to buy technology and plan budgets Introduction (cont.) • Information System – entire set of data, software, hardware, networks, people, procedures and policies that deal with processing & distribution of information in an organization each component has its own strengths, weaknesses, and its own security requirements information...
Words: 1194 - Pages: 5
...CSS150-1302B-04 Introduction to Computer Security Phase 3: Discussion Board 3 Networks, Cryptography, and Malicious Activity Professor: Shawn Murray June 5, 2013 In this paper I will discuss a malicious computer worm that spread rather quickly and affected thousands of people and targeted a company in Utah. I will discuss how the worm spread in detail. Lastly, I will discuss how to prevent / defend against such worms. On January 26, 2004 MyDoom, also known as W32.MyDoom@mm, Novarg, Mimail.R and Shimgapi was a computer worm that affected Microsoft Windows (wildammo.com, 2010). MyDoom in 2004 had set the record for spreading the fastest through email. It was said to be started by e-mail spammers through junk mail being sent. That was one way the worm was sent. MyDoom was also sent out as failure sent messages. One of the messages that MyDoom had sent out was “Andy; I’m just doing my job, nothing personal, sorry.” (wildammo.com, 2010). With messages such as that and sent failure / system error messages, one whom was not knowledgeable of such worms would foolishly open it. These messages including but not limited to the one mentioned above brought suspicion to a lot of people and it was believed that the maker of the worm was paid. To date, the author of MyDoom is not known. It is thought though that MyDoom was created in Russia by a programmer (wildammo.com, 2010). In the result of MyDoom globally internet access had slowed down...
Words: 622 - Pages: 3
...Assignment 1 [Due 11 September 2015, 4pm] Assignment should be submitted in the box 402-512 by the due date. Penalty will apply for late submission Question-1 The six month and one-year rates are 3% and 4% per annum with semi-annual compounding. Is 3.90% or 3.95% or 3.99% closest to the one-year par yield expressed with semi-annual compounding? (3 marks) Question-2 A company enters into a short futures contract to sell 50,000 units of a commodity for 70 cents per unit. The initial margin is $4,000 and the maintenance margin is $3,000. Explain what is the futures price per unit above which there will be a margin call? (3 marks) Question-3 The spot price of an investment asset is $30 and the risk-free rate for all maturities is 10% with continuous compounding. The asset provides an income of $2 at the end of the first year and at the end of the second year. What is the three-year forward price? (2 mark) Question-4 On March 1 a commodity’s spot price is $60 and its August futures price is $59. On July 1 the spot price is $64 and the August futures price is $63.50. A company entered into futures contracts on March 1 to hedge its purchase of the commodity on July 1. It closed out its position on July 1. What is the effective price (after taking account of hedging) paid by the company? (2 marks)...
Words: 256 - Pages: 2
...Kaplan University Unit 2 Assignment A Denial of Service (DoS) Attack is an attempt to disrupt a company’s network and services by preventing access to resources by users authorized to use those sources like a company’s employees and customers (Dulaney, 2009). When one person attempts this from a single system it is called a DoS attack, but when a group of nodes on a network simultaneously flood the site with attack packets it is called a Distributed Denial of Service attack or DDoS. These attacks are meant to disrupt the company’s website and gain access to its computers. To accomplish this, the Attacker will recruit vulnerable machines on separate networks, mainly ones not running antivirus through different scanning techniques and will then install an attack toolkit to the machine making it a Zombie or Slave (Patrikakis, Masikos, Zouraraki, 2004). Then the infected computer will look for other vulnerable computers in which it can install the attack toolkit using the same process and creating an army of computers (Patrikakis, Masikos, Zouraraki, 2004). Once this army is assembled the attacker can wake up all of the slave computers, now on his network and have them all send attack packets to the company’s IP address and can even use spoofed source IP address. This way the slave computers IP addresses are hidden so the victim cannot trace the attack back to them. This will combine a DDoS attack with a Spoofing attack. Protecting against DDoS attacks are difficult...
Words: 1012 - Pages: 5
...Identified at least three IT infrastructure domains affected by "Internal Use Only" data classification standard. THE SEVEN DOMAINS OF A TYPICAL IT INFRASTRUCTURE 1. User Domain defines the people who access an organization’s information system. 2. Work Station Domain is where most users connect to the IT infrastructure. It can be a desktop computer, or any device that connects to your network. 3. Local Area Network (LAN) DOMAIN is a collection of computers connected to one another or to a common connection medium. Network connection mediums can include wires, fiber optic cables, or radio waves. 4. LAN-TO-WAN DOMAIN is where the IT infrastructure links to a wide area network and the Internet. 5. Wide Area Network (WAN) DOMAIN connects remote locations. WAN services can include dedicated Internet access and managed services for customer’s routers and firewalls. Networks, routers, and equipment require continuous monitoring and management to keep WAN service available. 6. REMOTE ACCESS DOMAIN connect remote users to the organization’s IT infrastructure. The scope of this domain is limited to remote access via the Internet and IP communications. 7. System/Applications Domain an application domain is the CLR equivalent of an operation system’s process. An application domain is used to isolate applications from one another. This is the same way an operating system process works. The separation is required so that applications do not affect one another. This separation...
Words: 652 - Pages: 3
...Essay 1 What Is There to Worry About? An Introduction to the Computer Security Problem Donald L. Brinkley and Roger R. Schell This essay provides an overview of the vulnerabilities and threats to information security in computer systems. It begins with a historical presentation of past experiences with vulnerabilities in communication security along with present and future computer security experiences. The historical perspective demonstrates that misplaced confidence in the security of a system is worse than having no confidence at all in its security. Next, the essay describes four broad areas of computer misuse: (1) theft of computational resources, (2) disruption of computational services, (3) unauthorized disclosure of information in a computer, and (4) unauthorized modification of information in a computer. Classes of techniques whereby computer misuse results in the unauthorized disclosure and modification of information are then described and examples are provided. These classes are (1) human error, (2) user abuse of authority, (3) direct probing, (4) probing with malicious software, (5) direct penetration, and (6) subversion of security mechanism. The roles of Trojan horses, viruses, worms, bombs, and other kinds of malicious software are described and examples provided. In the past few decades, we have seen the implementation of myriads of computer systems of all sizes and their interconnection over computer networks. These systems handle and are required to protect...
Words: 13185 - Pages: 53
...Principles of Information Security Sherwin R. Pineda Introduction to Information Security Do not figure on opponents not attacking; worry about your own lack of preparation. Learning Outcomes 嗗Define information security 嗗Recount the history of computer security, and explain how it evolved into information security 嗗Define key terms and critical concepts of information security Introduction 嗗The History of Information Security –The 1960 –The 1970 to 80 –The 1990 –2000 to present The History of Information Security The need for computer security — that is, the need to secure physical locations, hardware, and software from threats arose during World War II when the first mainframes, developed to aid computations for communication code breaking were put to use The History of Information Security 嗗 Multiple levels of security were implemented to protect these mainframes and maintain the integrity of their data. 嗗 Access to sensitive military locations was controlled by means of badges, keys, and the facial recognition of authorized personnel by security guards. 嗗 The growing need to maintain national security eventually led to more complex and more technologically sophisticated computer security safeguards. The History of Information Security During these early years, information security was a straightforward process composed predominantly of physical security and simple document classification schemes. The primary threats to security were physical theft of...
Words: 1230 - Pages: 5
...Ken Hoge System Security Project Multi-layer Security Plan When working in the field of IT we must make sure all data can be accessed to the proper employees when the need it. We would love to know that all of the information we have in our database is safe and secure however the number of hackers online today is skyrocketing. Most of these hackers are from other countries such as China or Russia that are trying to gain access to important information of large corporations and government institutions. Some of these hackers have all the time in the world on their hands and are taking any steps they can think of to try and exploit or gain access to financial assets. The first and for most thing we need to do is setup a multi-layered security plan to be able to deal with any incoming online threats and attacks. Most hackers will start with and end user on a network since they are the leased experienced in technical security measures. An outside attack will typically come from some sort of email sent to the end user attempting to get them to click on some sort of link and have them enter login information or some other security details. We can typically setup security protocols for these employees such as password changes every 30 days and increased password strength techniques. This will prevent attackers from being able to log onto employee accounts. Next we can move to the gateway that is the networks first line of defense. This defense will consist...
Words: 349 - Pages: 2
...software and hardware. Interface design impacts the software life-cycle in that it should occur early; the design and implementation of core functionality can influence the user interface – for better or worse. Because it deals with people as well as computers, as a knowledge area HCI draws on a variety of disciplinary traditions including psychology, computer science, product design, anthropology and engineering. HC: Human Computer Interaction (4 Core-Tier1 hours, 4 Core-Tier2 hours) Core-Tier1 hours HCI: Foundations HCI: Designing Interaction HCI: Programming Interactive Systems HCI: User-cantered design & testing HCI: Design for non-Mouse interfaces HCI: Collaboration & communication HCI: Statistical Methods for HCI HCI: Human factors & security HCI: Design-oriented HCI HCI: Mixed, Augmented and Virtual Reality 4 4 Core-Tier2 hours Includes Electives N N HC/Foundations [4 Core-Tier1 hours, 0 Core-Tier2 hours] Motivation: For end-users, the interface is the system. So design in this domain must be interaction-focussed and human-centred. Students need a different repertoire of techniques to address this than is provided elsewhere in the curriculum. Topics: • • • Contexts for HCI (anything with a user interface: webpage, business applications, mobile applications, games, etc.) Processes for user-centered development: early focus on users, empirical testing, iterative design. Different measures for evaluation: utility, efficiency, learnability, user satisfaction. Strawman draft...
Words: 1936 - Pages: 8
...CJS 250 Full Course - Introduction to Security http://www.learnyourcourse.com/cjs-250/83-cjs-250-full-course.html CJS 250 Full Course - WEEK 1 CJS 250 Week 1 CheckPoint - Historical Laws and Security CJS 250 Week 1 Assignment - Allan Pinkerton CJS 250 Full Course - WEEK 2 CJS 250 Week 2 DQ: - 1 - Security gaps analysis for real-life locations CJS 250 Week 2 DQ: - 2 - Consider the definition of security given on pp. 71-72 of the text. Can any target environment ever be 100% stable or 100% predictable? Why or why not? Why does the author stress that security efforts for any target environment will be a “never-ending process” and that security objectives will change over time? How can complacency pose a problem for security professionals? CJS 250 Week 2 Appendix B - Threat and Risk Assessment CJS 250 Full Course - WEEK 3 CJS 250 Week 3 CheckPoint [Appendix C] - Risk Management CJS 250 Week 3 Assignment - Security Objective Components CJS 250 Full Course - WEEK 4 CJS 250 Week 4 DQ: - 1 - While it may be ideal for security planners to utilize or install the latest technology, it may not always be practical. How do you think a security professional can balance the limitations, such as budget or space, of a particular environment with the need for keeping abreast of the latest industry technology and trends? How much knowledge of technology do you think security professionals should have? How broad or detailed should that knowledge be? CJS 250 Week 4 DQ: -...
Words: 679 - Pages: 3
...Week 2 Essay Johnathan Terrance NT2580: Introduction to Information Security Brian Alley May 10, 2014 I have been given the task of designing a remote access control policy for establishing secure access between remote offices across several different states. Establishing this policy will protect the company and employees against attacks that may cost them tons of money and even their jobs. The policy will define several different security practices that employees need to adhere to in order to keep the network safe. These policies will be dictated through an AUP and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the AUP. Users will only be given access to files they need through the use of an ACL. This way if a password is breached the hacker will...
Words: 617 - Pages: 3
... See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux DISCLAIMER 1 – The following discussion is for informational and education purpose only. 2 – Hacking into private network without the written permission from the owner is Illegal and strictly forbidden. 3 – Misused could result in breaking the law so use it at your own risk. See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes Vulnerabilities Attack Overview ● We're going to learn how WiFi (802.11) works ● Start with terminology ● Types ● Vulnerabilities ● Attacking them ● Surprise demonstration of....:) See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes Vulnerabilities Attack Terminology ● ● AP - Access Point MAC – Media Access Control a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a) See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes Vulnerabilities Attack Terminology ● ● BSSID – Access Point's MAC Address ESSID - Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name,But Airodump-ng can guess it. See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes ...
Words: 2941 - Pages: 12
...IT255 Introduction to Information Systems Security Unit 5 Importance of Testing, Auditing, and Monitoring © ITT Educational Services, Inc. All rights reserved. Learning Objective Explain the importance of security audits, testing, and monitoring to effective security policy. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 2 Key Concepts Role of an audit in effective security baselining and gap analysis Importance of monitoring systems throughout the IT infrastructure Penetration testing and ethical hacking to help mitigate gaps Security logs for normal and abnormal traffic patterns and digital signatures Security countermeasures through auditing, testing, and monitoring test results IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 4 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 5 IT Security Audit Terminology Verification Validation Testing Evaluation IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved...
Words: 799 - Pages: 4
... See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux DISCLAIMER 1 – The following discussion is for informational and education purpose only. 2 – Hacking into private network without the written permission from the owner is Illegal and strictly forbidden. 3 – Misused could result in breaking the law so use it at your own risk. See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes Vulnerabilities Attack Overview ● We're going to learn how WiFi (802.11) works ● Start with terminology ● Types ● Vulnerabilities ● Attacking them ● Surprise demonstration of....:) See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes Vulnerabilities Attack Terminology ● ● AP - Access Point MAC – Media Access Control a unique id assigned to wireless adapters and routers. It comes in hexadecimal format (ie 00:11:ef:22:a3:6a) See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes Vulnerabilities Attack Terminology ● ● BSSID – Access Point's MAC Address ESSID - Access Point’s Broadcast name. (ie linksys, default, belkin etc) Some AP’s will not broadcast their name,But Airodump-ng can guess it. See-Security Mar 04 2013 – Wireless Hacking - Haifux Wireless Hacking – Haifux Introduction WiFi Classes ...
Words: 2941 - Pages: 12
