...IS3110 Lab 6 DAWOOD ALRUBAYE 1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities? Because you need to know which is most important and which is negligible. In some cases, protecting your infrastructure from a high priority threat is more important and so you may want to protect against that even if it leaves you vulnerable to low priority threats. This mainly just shows you which areas need your attention the most. 2. 2. Based on your executive summary produced in Lab #4 – Perform a Qualitative Risk Assessment for an IT infrastructure, what was the primary focus of your message to executive management? * Setting up security measures through various means. * Forcing users to update password every X number of days. * Educating users. * Firewalls * Anti-malware 3. Given the scenario for your IT risk mitigation plan, what influence did your scenario have on prioritizing your identified risks, threats, and vulnerabilities? 4. What risk mitigation solutions do you recommend for handling the following risk element? User inserts CDs and USB hard drives with personal photos, music, and videos on organization owned computers. * A good antivirus program and have all devices scanned as soon as they are plugged in. * Educate employees. * Disable optical drives/USB ports (if they are not needed) 5. What is security baseline definition? A baseline is a starting point or a standard. Within...
Words: 319 - Pages: 2
...IS3110 Lab #2: Assessment Worksheet Align Risk, Threats, & Vulnerabilities to COBIT P09 Risk Management Controls Student Name: _____________________________________________________________ 1. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), High/Medium/Low Nessus Risk Factor Definitions for Vulnerabilities) a. b. c. d. e. 2. For the above identified threats and vulnerabilities, which of the following COBIT P09 Risk Management control objectives are affected? • PO9.1 IT Risk Management Framework • PO9.2 Establishment of Risk Context • PO9.3 Event Identification • PO9.4 Risk Assessment • PO9.5 Risk Response • PO9.6 Maintenance and Monitoring of a Risk Action Plan 3. From the identified threats & vulnerabilities from Lab #1 – (List At Least 3 and No More than 5), specify whether the threat or vulnerability impacts confidentiality – integrity – availability: Confidentiality Integrity Availability a. b. c. d. e. 4. For each of the threats and vulnerabilities from Lab #1 (List at Least 3 and No More than 5) that you have remediated, what must you assess as part of your overall COBIT P09 risk management approach for your IT infrastructure? 5. For each of the threats and vulnerabilities from Lab #1 – (List at Least 3 – No More than 5), assess the risk impact or risk factor that it has on your organization in the following areas: a. Threat or Vulnerability #1: o Information...
Words: 469 - Pages: 2
...Toussaint Chivars IS3110/Lab2 8/16/2014 Align Risks, Threats & Vulnerabilities to COBIT Lab 2 1. List indentified threats & vulnerabilities Risk Factors from Lab1 a. Unauthorized access from public Internet High risk b. User destroys data in application and deletes files High risk c. Hacker penetrates your IT infrastructure and Medium risk gains access to your internal network d. Intra-office employee romance gone bad High risk e. Fire destroys primary data center Low 2. PO9.2 IT Establishment of Risk Context; PO9.3 Event Identification; PO9.4 Risk Assessment. 3. a. Unauthorized access from public Internet Integrity b. User destroys data in application and deletes files Availability c. Hacker penetrates your IT infrastructure and Confidentiality gains access to your internal network 4. The risks potential, the current protection level and the mitigation steps needed to prepare or reduce the risks/damages. 5. a. Threat vulnerability 1: unauthorized from public internet Information---firewall and encryption. Applications---only from recommended sources (applications with encryption, antivirus protection will be used. Infrastructure—Firewalls People---IT awareness training for all employees, monitoring from IT manager b. Threat or...
Words: 719 - Pages: 3
...hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110 NT1210 Structure and Introduction to ComputerLogic Networking IS3120 IS3110 NT1210 Network Risk Management...
Words: 2305 - Pages: 10
...Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination...
Words: 18421 - Pages: 74
