...North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report on how the "Internal Use Only" data classification standard impacts...
Words: 530 - Pages: 3
...Dallas Benning NT2580 Unit 1 Assignment 2: Impact of a Data Classification Standard The “Internal Use Only” data classification standards will affect the user domain, the work station domain and the LAN domain. These three domains are the most basic infrastructure domains and the will cover all users in the company. The classification will cover the company telephone directory, employee training materials and internal policy manuals. The User Domain explains the people who have access to the company’s information. This domains will contain all of the user’s information and will enforce the policies that control what information each user is allowed to access. This domain can also be the greatest weakness in a system and needs to be carefully monitored. The Workstation domain is where users are verified and accounts are set up. They will need to have a user name and password assigned to them by the IT department before they can access any systems or data. Also, no personal devices or any forms of removable media will be allow on the network. There will also be policies in place to ensure that each employee only has access to the information that they need to perform their jobs. The LAN domain includes all physical elements of the LAN network. There must be strong security for this domain because it is the entry point to any WAN networks and makes accessing workstations far easier. Users must have background checks and be screened before given access to the physical...
Words: 290 - Pages: 2
...Mandie Brayley NT2580 – Intro to Info Sec Unit 1 Assignment 2: Impact of a Data Classification Standard When you hear Internal Use Only, the first thing that seems to pop into your head would be that any data transferred has to stay inside wherever the domains are. While there are seven IT infrastructure domains, there are only three that are actually affected by the “Internal Use Only” data standard. These domains are the user domain, workstation domain and the LAN domain. As with all infrastructures these domains have their own tasks and responsibilities. The user domain is the first layer of the IT infrastructure defense system. This domain is used to access systems, applications, data and more. You will also find the AUP or Acceptable Use Policy here. The AUP is a policy tells the user what they are and are not allowed to do with any organization-owned IT equipment. This domain is affected by the Internal Use Only standard because it is the first partition of the IT Infrastructure. After the user domain, we have the workstation domain. This domain is used to configure hardware and hardening systems. Hardening systems is the process of ensuring that controls are in place to handle any known threats. This process is done by ensuring that the infrastructure has all the latest software revisions, security patches, and systems configurations. But these aren’t the only things that go on in the domain, this is also where the antivirus files are verified. While...
Words: 453 - Pages: 2
...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system. * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation Domain ...
Words: 508 - Pages: 3
...NT2580 Unit 1 Assignment 2 Internal Use Only Here at Richmond Investments we need to ensure we meet a data classification standard when it comes to our employees accessing the internet from work provided computers and having access to privileged work related data. Under this standard we will implement standards for the LAN Domain, Workstation Domain, and the User Domain. For the LAN Domain we will need to secure the wiring closets, data centers, and computer rooms are secure. For access to these areas personnel will have to have the proper credentials and without them they will not be allowed access. We will need electronic door locks with a push button code. This would ensure that nobody can get into those rooms without that code. For the Workstation Domain we will require user name and passwords on all computers. This will ensure that access to the system will only be available to those that have already been added to the network by an IT Administrator. We will keep the computers up to date with current anti-virus software and regular monitoring. Only approved devices will be allowed to function with the workstations. This will eliminate possible outside threats from getting any data off the network in case they do gain access to an unlocked workstation. For the User Domain we will have an employee manual and acceptable use policy for all employees to follow. Each employee will be placed under the group in which they work for and only have access to the data that...
Words: 421 - Pages: 2
...NT2580 Unit 5 Assignment 1 Testing and Monitoring Security Controls Jose J Delgado Testing and Monitoring Security Controls A few different types of security events and baseline anomalies that might indicate suspicious activity. Different traffic patterns or influx in bandwidth usage can be considered suspicious activity. Also, services changing port usage, in turn creating variations in normal patterns. All sudden increase in overall traffic. This may just mean that your web site has been mentioned on a popular news site, or it may mean that someone is up to no good. A sudden jump in the number of bad or malformed packets. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Some routers collect packet-level statistics; you can also use a software network scanner to track them. Also large numbers of packets caught by your router or firewall's egress filters. Egress filters prevent spoofed packets from leaving your network, so if your filter is catching them you need to identify their source, because it is a clear sign that devices on your network have been compromised. Unscheduled reboots of server machines may sometimes signify that they are compromised as well. You should already be watching the event logs of your servers for failed logons and other security-related events. Log Files encompass complete records of all security events (logon events, resource access, attempted violations of policy, and changes...
Words: 524 - Pages: 3
... Bring this document with you each week Students are required to complete each assignment and lab in this course package on time whether or not they are in class. Late penalties will be assessed for any assignments or labs handed in past the due date. The student is responsible for replacement of the package if lost. Table of Contents Syllabus 2 Student Professional Experience 19 Graded Assignments and Exercises 23 Labs 47 Documenting your Student Professional Experience 57 ITT Technical Institute NT1310 Physical Networking Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 56 (34 Theory Hours, 22 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: NT1210 Introduction to Networking or equivalent Course Description: This course examines industry standards and practices involving the physical components of networking technologies (such as wiring standards and practices, various media and interconnection components), networking devices and their specifications and functions. Students will practice designing physical network solutions based on appropriate capacity planning and implementing various installation, testing and troubleshooting techniques for a computer network. Where Does This Course Belong? | | | NT2799 | | | | | | | | NSA Capstone | | | | | | | Project | | | | | NT2580 | | | NT2670 | NT2640 | | PT2520 | | Introduction to | | | | | | | | ...
Words: 10839 - Pages: 44