...Week 2 Essay Johnathan Terrance NT2580: Introduction to Information Security Brian Alley May 10, 2014 I have been given the task of designing a remote access control policy for establishing secure access between remote offices across several different states. Establishing this policy will protect the company and employees against attacks that may cost them tons of money and even their jobs. The policy will define several different security practices that employees need to adhere to in order to keep the network safe. These policies will be dictated through an AUP and signed by all employees with access to the network. The employees will also have to go through initial information security training before gaining access to the network. This training will also be required annually in order to maintain their access to the network. The AUP will dictate the requirements for passwords. The requirements will include an eight character alphanumeric password, two uppercase letters, two lowercase letters, two special characters, and two numbers. This will make it more difficult for the password to be breached. The AUP will also state that the company systems will only be used for work related purposes. All social networking sites and many other miscellaneous sites will be blocked. The user will also have to consent to monitoring when signing the AUP. Users will only be given access to files they need through the use of an ACL. This way if a password is breached the hacker will...
Words: 617 - Pages: 3
...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110 ...
Words: 2305 - Pages: 10
...8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework NT2580 Unit 7 Policy Definition and Data Classification Standard Home ITT Tech NT NT 2580 NT2580 Unit 7 Policy Definition and Data Classification Standard You have successfully unlocked this document. You have 24 more unlocks available. Was this document helpful? Yes Download Document https://www.coursehero.com/file/11610135/NT2580Unit7PolicyDefinitionandDataClassificationStandard/?timestamp=20150801105100 1/6 8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework Share and earn access CorporalStarViper9176 ITT Tech Follow 3 1787 302 https://www.coursehero.com/file/11610135/NT2580Unit7PolicyDefinitionandDataClassificationStandard/?timestamp=20150801105100 2/6 8/1/2015 NT2580 Unit 7 Policy Definition and Data Classification Standard : NT 2580 : ITT Tech : Homework VIEWS UNLOCKS 0 1 HELPFUL UNHELPFUL 0 0 About this Document SCHOOL ITT Tech COURSE NT 2580, Summer 2014 COURSE TITLE Introduction to Information Security PROFESSOR MR J TYPE Homework PAGES 1 WORD COUNT 206 Is this correct? Flag Get Help in NT 2580 https://www.coursehero.com/file/11610135/NT2580Unit7PolicyDefinitionandDataClassificationStandard/?timestamp=20150801105100 ...
Words: 487 - Pages: 2
...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report...
Words: 530 - Pages: 3
...NT2580 Introduction to Information Security STUDENT COPY: FINAL EXAM 30. What does risk management directly affect? a. Company investments b. Security policy framework c. Security controls d. Number of employees 31. Which of the following is a cipher that shifts each letter in the English alphabet a fixed number of? Positions, with Z wrapping back to A? a. Transposition b. Vigenere c. Caesar d. Vernam 32. Identify a security objective that adds value to a business. a. Revocation b. Authorization c. Anonymity d. Message authentication 33. Which of the following is an asymmetric encryption algorithm? a. AES b. 3DES c. RSA d. RC4 34. Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature. a. Nonrepudiation b. Integrity c. Authorization d. Access control 35. Which of the following is a mechanism for accomplishing confidentiality, integrity, authentication, and Nonrepudiation a. Cipher text b. Cryptography c. Access control d. Hashing 36. In which OSI layer do you find FTP, HTTP, and other programs that end users interact with? a. Application b. Network c. Physical d. Data Link 37. Identify the configuration that is best for networks with varying security levels, such general users, a group of users working on a secret research project, and a group of executives. a. Multilayered firewall b. Screened subnet firewall c. Border firewall d. Ordinary firewall 38...
Words: 606 - Pages: 3
...Paper NT2580 Introduction to Information Security May 20, 2013 Security Operations means the process of identifying critical information and subsequently analyzing friendly actions attendant to military operations and other activities to: a. identify those actions that can be observed by adversary intelligence systems; b. determine indicators that hostile intelligence systems might obtain that could be interpreted or pieced together to derive critical information in time to be useful to adversaries; and c. select and execute measures that eliminate or reduce to an acceptable level the vulnerabilities of friendly actions to adversary exploitation. [1] The need to connect and collaborate with partners, suppliers, customers, and employees anytime and anywhere has increased the difficulty of managing network and systems security. Organizations are challenged with the difficult and overwhelming task of securing and managing network systems, and keeping their desktops and servers up to date. Organizations want easy and efficient ways to maintain network security, manage updates, and, at the same time, reduce total costs for security management. When addressing security management and operations, administrators need to consider the following: • Security: Employees not only work from corporate offices, but from branch offices, home offices, or from the road. Managing access policies and security for remote connectivity requires flexibility...
Words: 536 - Pages: 3
...Richard Bailey Unit 8 lab 8.1 August 19, 2013 NT2580 Introduction to Information Security 1. So you can find the weekness and fix before it can be implamented on the server and goes live. 2. A reflective XSS attack a type of computer security vulnerability. It involves the web application dynamically generating a response using non-sanitized data from the client. Scripts, like JavaScript or VB Script, in the data sent to the server will send back a page with the script. 3. SQL Injections can be used to enter the database with administrator rights. Best way to avoid this is using Java in websites. 4. methods, including character scrambling and masking, numeric variance and nulling, rely on an array of built-in SQL Server system functions that are used for string manipulation. 5. Well co-ordinated and regulary audited security checks is the best way forword. 6. . There has been considerable debate comparing the security attributes of open source and proprietary software (Anderson, 2002). However, for a careful interpretation of the data, rigorous quantitative modeling methods are needed. The likelihood of a system being compromised depends on the probability that a newly discovered vulnerability will be exploited. Thus, the risk is better represented by the vulnerabilities which are not yet discovered and the vulnerability discovery rate rather than by the vulnerabilities that have been already discovered in the past and remedied by patches. ...
Words: 489 - Pages: 2
...Prerequisite or Corerequisite: NT1210 Introduction to Networking or equivalent Course Description: This course introduces operating principles for the client-server based networking systems. Students will examine processes and procedures involving the installation, configuration, maintanence, troublshooting and routine adminstrative tasks of popular desktop operating system(s) for standalone and network client computers, and related aspects of typical network server functions. Client-Server Networking I Syllabus Where Does This Course Belong? 1st QTR GS1140 NT1110 GS1145 Problem Solving Theory Computer Structure and Logic Strategies for the Technical Professional 2nd QTR NT1210 Introduction to Networking NT1230 Client-Server Networking I MA1210 College Mathematics I 3rd QTR NT1310 NT1330 MA1310 4th QTR PT1420 NT1430 EN1320 5th QTR PT2520 NT2580 EN1420 6th QTR NT2640 NT2670 CO2520 7th QTR NT2799 SP2750 Physical Networking Client-Server Networking II College Mathematics II Introduction to Programming Linux Networking Composition I Database Concepts Introduction to Information Security Composition II IP Networking Email and Web Services Communications Network Systems Administration Capstone Project Group Theory The follow diagram indicates how this course relates to other courses in the NSA program: 1 Date: 8/31/2012 Client-Server Networking I Syllabus NT2799 NSA Capstone Project NT2580 Introduction to Information Security NT2670 Email and Web Services ...
Words: 1834 - Pages: 8
...Impact of a Data Classification Standard Course Name & Number: NT2580 Introduction to Information Security Learning Objectives and Outcomes * You will learn how to determine the impact of a data classification standard on an organization's IT infrastructure. Assignment Requirements You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the “Internal Use Only” data classification standard of Richman Investments. Write this report addressing which IT infrastructure domains are affected by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. Your report will become part of an executive summary to senior management. Required Resources None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: Chicago Manual of Style * Length: 1–2 pages * Due By: Unit 2 Self-Assessment Checklist * I have identified at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. * In my report, I have included details on how those domains are affected. Internal Use Only The term “internal use only” is a term that refers to information or data that could also include communications are intended to stay within...
Words: 835 - Pages: 4
...Malicious Code Attack Harold Streat Jr (15813476) NT2580: Introduction to Information Security March 2, 2014 DeVon Carter Malicious Code Attack The Code Red virus didn't kill the Internet, but it did prove that there is a long way to go in the war against cyber-attacks, and, if the future is anything like the past, it is a war the good guys will never win (Burnett & Gomez, 2001). The Code Red worm is one example where knowledge of emerging vulnerabilities and implementation of security patches plus overall watchfulness of network activity could have saved many systems from falling prey to a well-publicized attack (Burnett & Gomez, 2001). The Code Red or Red Wiggler Worm, as it was known, was a self-replicating program designed to consume computer and network resources creating a Denial of Service (DoS) to the user community. The Code Red worm exploited a known vulnerability in Microsoft Windows NT and Windows 2000, popular operating systems in the business environment. The vulnerability was related to Internet Information Server (IIS), which runs on many Windows-based World Wide Web servers throughout the world. Code Red spread through several variants with mixed effectiveness. As the worm code was mutated, updated and re-released, infection rates increased (Burnett & Gomez, 2001). The worm began by scanning networks to identify hosts running IIS and accepting information on TCP port 80. Once a valid host was found, the...
Words: 520 - Pages: 3
...XP, Windows Vista, Windows 7, and Mac OS X, you must research and devise a plan to thwart malicious code and activity by implementing countermeasures and prevention techniques for dealing with viruses, worms, logic bombs, Trojan horses, and other related forms of intentionally created deviant code. Introduction Malicious software is written with the intent to damage or infect the system of Richman Investment. Malicious code or software is a threat to any internet-connected device or computer. The main goal of the attack is to affect one of the three information security properties which are Confidentiality, Integrity, and Availability. Confidentiality is affected if the malicious software is successful at disclosing private information. Integrity is compromised if the malware can modify database records either immediately or over a period of time. Availability is affected if malware can erase or overwrite files or inflict considerable damage to storage media. SSCP® Domain Affected Malicious Code and Activity This domain examines the types of Malicious Code and Activities that can threaten the confidentiality, integrity, and availability of a system or information. The SSCP is expected to be familiar with the various types of Malicious Code and know how to implement effective countermeasures to prevent malicious code from operating. The SSCP should also know how to detect, respond and recover from malicious activity on a system whether perpetrated by an internal...
Words: 953 - Pages: 4
...Travis Avery NT2580 Project Part 2 Purpose - This policy defines the security configurations users and Information Technology (IT) administrators are required to implement in order to ensure the integrity, availability, and confidentially of the network environment of Richmond Investments(R.I). It serves as the central policy document with which all employees and contractors must be familiar, and defines regulations that all users must follow. The policy provides IT managers within R.I. with policies and guidelines concerning the acceptable use of R.I. technology equipment, e-mail, Internet connections, network resources, and information processing. The policies and restrictions defined in this document shall apply to all network infrastructures and any other hardware, software, and data transmission mechanisms. This policy must be adhered to by all R.I. employees, temporary workers and by vendors and contractors working with R.I. Scope- This policy document defines the common security requirements for all R.I. personnel and systems that create, maintain, store, access, process or transmit information. This policy also applies to information resources owned by others, such as vendors or contractors of R.I., in cases where R.I. has a legal obligation to protect resources while in R.I. possession. This policy covers all of R.I. network systems which are comprised of various hardware, software, communication equipment and other devices designed to assist the R.I. in the creation...
Words: 598 - Pages: 3
...Unit 4 Assignment 2: Acceptable Use Policy Definition NT2580 The following acceptable use policy has been designed for Richman Investments and grants the right for users to gain access to the network of Richman Investments and also requires the user to follow the terms of use set forth for network access. Policy Guidelines * The use of peer to peer file sharing is strictly prohibited. This includes FTP. * Downloading executable programs or software from any websites, known or unknown, is forbidden. * Users are not allowed to redistribute licensed or copyrighted material without receiving consent from the company. * Introduction of malicious programs into networks or onto systems will not be tolerated. * Attempts to gain access to unauthorized company resources or information from internal or external sources will not be tolerated. * Port scanning and data interception on the network is strictly forbidden. * Authorized users shall not have a denial of service or authentication. * Using programs, scripts, commands, or anything else that could interfere with other network users is prohibited. * Sending junk mail to company recipients is prohibited. * Accessing adult content from company resources is forbidden. * Remote connections from systems failing to meet minimum security requirements will not be allowed. * Social media will not be accessible on company resources. * Internet...
Words: 263 - Pages: 2
...Class NT2580 Introduction to Information Security Unit 3 Discussion 1 1. For this company I would say that the 12 computers that they have should have passwords on all the computers. The reason why I say this is because they only people who should have access to these computers are they people who have the password or know the password. That is why this is the best protection for this construction company. This construction company will have a role-based access controls. This means with the uses that they have on site will have special groups based on the access they require for the company. 2. For this company since they all contact one another with smart phones and have 12 computers each and every one of these users should have an identification number as in a pin for each and every one of them that way they can all be able to be identified. On this company they are required to have a rule-based access controls. The reason why I require this for this company is cause each user is going to have access to a phone and computer which requires each and every one of them to have a pin in order for them to access their devices. That is why this access control is so important on these devices cause if they don’t know there pin then they will not be able to gain access. 3. For this company I would recommend that they use fingerprint technology for all these servers and employes. The reason why I say this is because for one thing there is too many employees to keep track...
Words: 624 - Pages: 3
...NT2580 Introduction to information security | 7 Domain of IT Infrastructure Security Plan | Project Part 1 | | | [Pick the date] | As described by Tipton and Henry, information security management establishes the foundation for a comprehensive security program to ensure the protection of an organization's information assets. Security management encompasses the administrative, technical, and physical controls necessary to adequately protect the confidentiality, integrity, and availability of the information assets in the IT Infrastructure. Each one of the domain of the typical IT Infrastructure needs a proper security controls to ensure the confidentiality, integrity, and availability (CIA Triad). The following are the overview of the seven Domains: User Domain This is the domain of users that access systems, application, and data. It is the information asset of the organization that will be available to a rightful user by authenticating the user by the acceptable use policy (AUP). It is also define that the user is the weakest link in an IT infrastructure, but by educating user of the sensitivity of the IT infrastructure in the security awareness, security control shall be enforced. Security control to this domain can also be enforced by defining and implement the user policy of the IT infrastructure. Workstation Domain This is the domain where users first connect to the IT infrastructure. Because of numerous threats, it is necessary to implement...
Words: 889 - Pages: 4
