...Purpose This project provides you an opportunity to analyze risks, threats, and vulnerabilities and apply countermeasures in the information systems environment. Required Source Information and Tools To complete the project, you will need the following: 1. Access to the Internet to perform research for the project * Microsoft Windows How-To, including: * Optimize Windows for Better Performance: http://windows.microsoft.com/en-us/windows/optimize-windows-better-performance - optimize-windows-better-performance=windows-7 * http://windows.microsoft.com/en-us/windows-8/improve-performance-optimizing-hard-drive 8.1 * http://www.makeuseof.com/tag/7-quick-tips-hacks-optimize-windows-10-experience/ win 10 * Monitor Attempts to Access and Change Settings On Your Computer / To Turn On Auditing: http://windows.microsoft.com/en-us/windows7/monitor-attempts-to-access-and-change-settings-on-your-computer * What Information Appears in Event Logs? http://windows.microsoft.com/en-us/windows/what-information-event-logs-event-viewer - 1TC=windows-7 2. Course textbook Learning Objectives and Outcomes You will: * Explain how to assess risks, threats, and vulnerabilities * Evaluate potential outcomes of a malware attack and exposure of confidential information * Evaluate information systems security countermeasures * Explain how system hardening relates to a company’s IT security policy framework ...
Words: 665 - Pages: 3
...Purpose This project provides you an opportunity to analyze risks, threats, and vulnerabilities and apply countermeasures in the information systems environment. Required Source Information and Tools ------------------------------------------------- Web References: Links to Web references are subject to change without prior notice. These links were last verified on June 12, 2014. To complete the project, you will need the following: 1. Access to the Internet to perform research for the project * Microsoft Windows How-To, including: * Optimize Windows for Better Performance: http://windows.microsoft.com/en-us/windows/optimize-windows-better-performance - optimize-windows-better-performance=windows-7 * Monitor Attempts to Access and Change Settings On Your Computer / To Turn On Auditing: http://windows.microsoft.com/en-us/windows7/monitor-attempts-to-access-and-change-settings-on-your-computer * What Information Appears in Event Logs? http://windows.microsoft.com/en-us/windows/what-information-event-logs-event-viewer - 1TC=windows-7 2. Course textbook Learning Objectives and Outcomes You will: * Explain how to assess risks, threats, and vulnerabilities * Evaluate potential outcomes of a malware attack and exposure of confidential information * Evaluate information systems security countermeasures * Explain how system hardening relates to a company’s IT security policy framework * Analyze the purposes...
Words: 1575 - Pages: 7
...Riordan Network Design Project NTC/362 November, 2013 Riordan Network Design Project Riordan Manufacturing is a plastics manufacturing company that produces products such as beverage containers, custom plastic parts and plastic fans. Riordan was created in 1991 and was founded by Dr. Riordan. Riordan currently has a location in Hangzhou China and is moving that location to Shanghai China. This document will outline the network design, Project timeline, design approach, detailed design, current network topology, new network topology, security and plans for starting up new location and decommissioning the old location. Network Design Project Timeline Assignment | Timeline | Design Approach | Phase 1-Four Weeks | Detailed Design | Phase 1-Four Weeks | Current Network and Establishing New Network | Phase 2 6 weeks | Security Considerations | Phase 2 6 weeks | Decommissioning Old Facility | Phase 3 4 weeks | Old Equipment | Phase 3 4 weeks | Old and New Employees | Phase 3 4 weeks | Design Approach and Rationale Riordan Manufacturing is currently seeking to move the current location from Hangzhou China to Shanghai China. In order to successfully move the entire location to its new location we will setup the new location and get it up and running before we shut down the current location. In doing so we will need to purchase new hardware and software for the new location and also setup a new firewall...
Words: 1997 - Pages: 8
...Capstone Project Cover Sheet Capstone Project Title: ABC Inc. Firewall upgrade Report Student Name: Michael Wakefield Degree Program: BS- IT Security Mentor Name: Dave Huff Signature Block Student’s Signature Mentor’s Signature Table of Contents Capstone Summary 3 Review of Other Work 13 Rationale and Systems Analysis 19 Goals and Objectives 25 Project Deliverables 28 Project Plan and Timelines 30 Project Development…………………………………………………………………………………………………………………………….31 Additional Deliverables………………………………………………………………………………………………………………………….35 Conclusion…………………………………………………………………………………………………………………………………………….35 References 37 Appendix 1: Competency Matrix 38 Appendix 2: Cisco ASA 5555-X Firewall Specifications…………………………………………………………….40 Appendix 3: ABC Inc. Project Schedule…………………………………………………………………………………….44 Appendix 4: High-Availability Design Screenshots……………………………………………………………………45 Appendix 5: Screenshots of inside to outside access; outside to DMZ access; NAT rules and configurations; and performance graphs and performance results….........................................51 Capstone Report Summary Internet of Everything (IoE) and “Big Data” equates to competitive advantages to the modern business landscape. Numerous white papers are circulating on the Internet highlighting the business case supporting the IoE initiative. For instance, in a white paper conducted by Cisco Inc. on the Value Index of IoE in 2013 reported the following: ...
Words: 9337 - Pages: 38
...strong computer security is a nonnegotiable requirement for organizations doing business today. However, building security into an existing corporate culture is a complex undertaking. Every organization has a security culture, and each is as unique as the organization itself. Security culture can be collaborative or argumentative, structured or unstructured. Security can be an integral part of a process beginning at the project-definition stage, or a separate process added on to an existing project. It can be ingrained or reactive. Information security is the protection of information from a wide range of threats in order to ensure business continuity, minimize business risk, and maximize return on investments and business opportunities. Security issues are unknowingly generated via employees using consumer electronics in their homes. As more consumer communications and devices enter the corporate enterprise security professionals need to consider the risks for business security. Things to consider included IM, gmail, iphones, un-secure home networks, etc. Employees are using these devices at home and in the workplace. . The first and most important strategy is to align information security with business strategy. The higher the value, the bigger the target, the greater the damage and overall risk to the company. As business executives, we have to take risk Sometimes these choices are disquieting to a security team. If teams feel the risk of a particular project challenges security...
Words: 953 - Pages: 4
...Syllabus College of Information Systems & Technology NTC/362 Version 1 Fundamentals of Networking Copyright © 2013 by University of Phoenix. All rights reserved. Course Description This course provides a foundation in the basic telecommunications and networking technologies fundamental to the industry and to the broad field of telecommunications. Analog, digital, and radio frequency technologies are covered. Also covered in this course is an introduction to the OSI protocol model, network-switching systems, basics of wireless communications, and network security. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: · University policies: You must be logged into the student website to view this document. · Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Goleniewski, L. (2007). Telecommunications essentials. (2nd ed.) Boston, MA: Pearson. Panko, R. R., & Panko, J. L. (2011). Business data networks and telecommunication (8th ed.) Upper Saddle River, NJ: Prentice Hall All electronic materials...
Words: 2225 - Pages: 9
... | | |NTC/362 Version 1 | | |Fundamentals of Networking | Copyright © 2013 by University of Phoenix. All rights reserved. Course Description This course provides a foundation in the basic telecommunications and networking technologies fundamental to the industry and to the broad field of telecommunications. Analog, digital, and radio frequency technologies are covered. Also covered in this course is an introduction to the OSI protocol model, network-switching systems, basics of wireless communications, and network security. Policies Faculty and students/learners will be held responsible for understanding and adhering to all policies contained within the following two documents: • University policies: You must be logged into the student website to view this document. • Instructor policies: This document is posted in the Course Materials forum. University policies are subject to change. Be sure to read the policies at the beginning of each class. Policies may be slightly different depending on the modality in which you attend class. If you have recently changed modalities, read the policies governing your current class modality. Course Materials Goleniewski, L. (2007). Telecommunications essentials. (2nd...
Words: 2455 - Pages: 10
...Allen & Bose Insurance Services Firewall Security Project Business Requirement and proposed Solution Report CIS 343 July 10, 2013 Dr. Table of Contents Executive Summary 3 Introduction/Background and History 4 Issues faced and specific needs to be solved by installing upgrades 5 Projects Assumptions and Constraints 7 Business Requirement ….………………………..………………………………………..8 Definition of Terms ….……………………………..……………………………………..9 Project Scope...……………………………………..……………………………………10 References…………………………………………..……………………………………13 Executive Summary The objective of this paper is to educate both the senior management of Allen & Bose Insurance Inc. on the network security threats that exist with our current network design. The enclosed report presents an analysis on Allen & Bose Insurance Services current security posture and highlights the issues we have face over the past year as well as industry best practices and recommended updates we should make to our network security design that will protect the organization from the myriad of security threats that are out there. Introduction/Background and History Allen & Bose Insurance Services has become a dynamic and intricate player in the automotive and home insurance market. The company has grown from 25 employees in one office to over 225 employees in 3 offices. In the early days the computer systems that were used were on a close network of networked computing...
Words: 1848 - Pages: 8
...Technical Writing Project Cover Sheet Capstone Proposal Project Name: Upgrading ABC Inc. Internet Edge Student Name: Michael Wakefield Degree Program: Bachelor of Science IT-Security Mentor Name: Signature Block Student’s Signature Mentor’s Signature Table of Contents Capstone Proposal Summary 1 Review of Other Work 8 Rationale and Systems Analysis 16 Goals and Objectives 22 Project Deliverables 26 Project Plan and Timelines 27 References 28 Appendix 1: Competency Matrix 4 Capstone Proposal Summary Internet of Everything (IoE) and “Big Data” equates to competitive advantages to the modern business landscape. Numerous white papers are circulating on the Internet highlighting the business case supporting the IoE initiative. For instance, in a white paper conducted by Cisco Inc. on the Value Index of IoE in 2013 reported the following: In February 2013, Cisco released a study predicting that $14.4 trillion of value (net profit) will be at stake globally over the next decade, driven by connecting the unconnected –people-to-people (P2P), machine-to-people (M2P), and machine-to-machine (M2M) - via the Internet of Everything (IoE). Cisco defines the Internet of Everything as the networked connection of people, process, data, and things. The IoE creates new “capabilities, richer experiences, and unprecedented economic opportunity for businesses, individuals, and countries” (The Internet of Everything, Cisco, Inc. 2014). With such a...
Words: 5523 - Pages: 23
...IS 3220 IT Infrastructure Security Project Part 1: Network Survey Project Part 2: Network Design Project Part 3: Network Security Plan ITT Technical Institute 8/4/15 Project Part 1: Network Survey Network Design and Plan Executive Summary: We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these problems could be mitigated by appropriate education in “hacker thinking” for technical staff. We will take a look at our security on routers and switches to make sure there are no leakages of data traffic. OBJECTIVE We have identified that we have loss some major accounts to competitors whose bids have been accurately just under our bid offers by exact amounts. We also believe due to shared reporting and public Web site functions that our Web servers have been compromised and our RFP documents have been leaked to competitors which enabled them to under bid us. We want to mitigate Web threats in the future; we realize the web is a mission critical business tool. We want to purchase new products and services, that will give us an edge and better...
Words: 3355 - Pages: 14
...Cyber threats and attacks is a person/ persons who attempt unauthorized access to a control system device and/or network using a data communications pathway. (US-CERT, 2005) Over the past few years, we as a nation have seen a major increase in National Security threats in Cyberspeace. President Obama identified Cybersecurity as one of the most serious economic and national security challenges that we are currently facing. Federal government leaders admit to falling behind with the growing threat of attacks from hacker criminals. The government accountability office has identified weakness in security controls in almost all agencies for years but yet to have total control over the threats. One of the underlying causes of the weakness is that agencies fail to implement information security programs which include assessing and managing risks, developing and implementing security policies and procedures, and promoting security awareness. (Nextgov, 2009) In January 2008, President Bush introduced the Comprehensive National Cybersecurity initiative ( CNCI). The CNCI included a number of reinforcing methods that included 1.) Managing the Federal Enterprise Network as a single network enterprise with Trusted Internet Connections. This is headed by the Office of Management and Budget and the Department of Homeland Security, it covers the consolidation of the Federal Government’s external access points (including those to the Internet) 2.) Deploy an intrusion detection system of sensors...
Words: 538 - Pages: 3
...Service Request SR-rm-004, Part 3 “Riordan Manufacturing is a worldwide plastics manufacturer employing 550 persons with projected yearly earnings of $46 million. The company is entirely owned by Riordan Manufacturing Industries, a Fortune 1000 enterprise with revenues in excess of $1 billion.” (Baihaqi, 2009) Numerous facilities exits around the world and mainline developments take place in San Jose, California which is the headquarters of the company. Riordan has served a variety of customers such as automakers, different manufacturers, and the Department of Defense. Current Human Resource Information System The current information system keeps track of all personnel, their information, date of hire, tax exemptions, vacation hours, and organization information. Furthermore, the current system has been partnered with a financial system to aid with payroll functions. Any changes or input that needs to be generated will be requested from an employee’s manager and changes will be applied by payroll personnel. All documented training information is in an Excel worksheet maintained by training personnel. Same procedures go for recruiters with an addition of keeping all resumes and filled application in one centralized location. The Human Resource Department manages workmen’s compensation while following the same procedures as mentioned above. Any complaints or harassments will be handled by an employee relations personnel. Lastly, managers have been task with monitoring the Family...
Words: 2054 - Pages: 9
...IT 454 Security Management Plan Marshall Miller December 20, 2015 Table of Contents Section 1: Information Security Management 4 Intro to Organization 4 People 4 Physical Security 4 Training of Security 4 Information Technology Training 4 Technology 5 Project Manager Roles 5 Section 2: Security Program 6 Data Classification 6 Management Support 7 Hierarchy Reporting Structure 8 8 Section 3: Security Policies 10 Acceptable Use Policy 10 1. Overview 10 2. Purpose 10 3. Scope 11 4. Policy 11 5. Enforcement 13 6. Definitions 13 7. Implementation Date 13 Section 4: Security Policies 14 Risk Assessment 14 Quantitative Risk Analysis 14 Quantitative Risk Analysis 14 Methodologies 15 1. Transfer 15 2. Avoid 15 3. Reduce 15 4. Accept 16 Summary 16 Section 5: Controlling Risk 17 Administrative 17 Human Resources 17 Organizational Structure 17 Security Policies 18 Technical 18 Access Control 18 System Architecture 18 System Configuration 18 Physical 19 Heating and Air Conditioning 19 Fire 19 Flood 19 Summary 19 Bibliography 20 Section 1: Information Security Management Intro to Organization My organization is about a federally recognized business called JPPSO (Joint Personnel Property Shipment Office). JPPSO specializes in the shipping of military personnel goods. JPPSO works hand in hand with the United States Air Force to enforce the safe shipping of military household goods...
Words: 2755 - Pages: 12
...Unit Five Project Kaplan University Table of Contents 1. Abstract 2. Unit Five Project a. Part One: PCI Compliance Standards b. Part Two: Review Questions 3. References Abstract This project outlines customer credit card use and PCI compliance security standards. Categories that PCI compliance security standards are broken down to are provided in detail. Additionally, in the first part of the project, requirements that should be fulfilled by the owner in order to build and maintain secure networks, protect cardholder data, maintenance vulnerability management programs, implement strong access control measures, monitor and test networks, and maintain information security policies, are detailed herein. In the second part of the project, questions are raised and answered, concerning the information outlined on PCI’s potential role in bringing HGA’s mainframe data storage capabilities up to policy standards. Insights regarding HGA’s role in storing cardholder information, and HGA related software, are provided in question and answer format. Keywords: PCI, security, compliance, networks, HGA, policy, access, mainframe. Unit Five Project Part One: The considerable events here are use of credit card...
Words: 2093 - Pages: 9
...need is access to the LAN and/or subnet Technet.microsoft.com/en-us/security/advisory Mitigate vulnerabilities Threats are things you have to respond to effectively. Threats are controllable Risks are manageable Vulnerabilities can be mitigated All affect the CIA triad Not all threats are intentional Confidentiality, integrity, accessibility = CIA Starting on pg 161 DAC- only as secure as the individuals understanding. Access determined by owner. MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it. Non DAC- third party determines the permissions. Role based- pg 166. Access determined on the job of the user. Rule based- variation of DAC. Rules are created and access is based on the rules created. Week of 4/17/13 Starts on pg 146 Project- search SSCP CBK on the library under 24/7 Each of the 7 domains, vulnerabilities in each, security used in each to control, For lab 5--- Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp. Will need 3 machines. Student, Target, ubuntu 1 Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows. Command prompt from student to ubuntu. Try to log in. Do questions. Question 9, focus on SSH and what traffic you are getting. Assignments— Week of 5/1/13 Acronyms- Pg263 BCP- Business Continuity Plan DRP- Disaster...
Words: 907 - Pages: 4
