...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...achieve financial security and give back to their communities • Offer a broad range of financial products and services • More than $67 billion in assets under management • Ranked 342 on Fortune 500 list based on 2009 revenue of $6.514 billion Confidential – For Internal Use Only -2- Agenda • Creating Alignment with Business Capabilities • Case Study • Optimizing Investments: Governance -3- Agenda • Creating Alignment with Business Capabilities • Case Study • Optimizing Investments: Governance -4- Creating Alignment with Business Capabilities Evolution not Revolution Strategy Capability Process Capability Capability Capability People/ Organization People/ Organization Strategy Process Skills/Training Framework/Methodology Framework/Methodology 2006 2007 2008 2009 Developed Thrivent Capability Map Used capabilities to communicate common needs and project overlaps to achieve reuse savings. Defined roadmaps relevant to Thrivent Create a business architecture practice -5- Creating Alignment with Business Capabilities Business Capability Planning Strategies Vision 2011 Comp Redesign Member Access Points Service Strategy Integrated Fraternal Vision 2011 PMO Brand Member Experience (Lateral Mechanism) Fraternal Integration PAC (Lateral Mechanism) (Lateral Mechanism) Change Mgmt Roadmaps 2008 Q4 This Quarter 2009 Q3 Q4 Q1 Q2 Q3 Q4 Q1 2010 Q2 Q3 Q1 Q2 Strategy Components ...
Words: 3060 - Pages: 13
...Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report on how the "Internal Use Only" data classification standard impacts the seven domains of the investment firm's...
Words: 530 - Pages: 3
...IS 471 Policy Development and Security Issues Lab 4 (Due October 22, 2014) Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters. However, unless a company happens to be in the information security industry, the task of identifying, assessing, and categorizing the myriad of risks can be an overwhelming one. Thankfully, a company’s IT infrastructure can be divided in a logical manner to more easily sort the risks. These divisions are the seven IT domains. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. In this lab, you will identify known risks, threats, and vulnerabilities, and you will determine which domain of a typical IT infrastructure is affected. You will then discuss security policies to address each identified risk and threat within the seven domains of a typical IT infrastructure. You will next determine which appropriate security policy definition will help mitigate the identified risk, threat, or vulnerability. You will organize your results into a framework that can become part of a layered security strategy. Learning Objectives Upon completing this lab, you will be able to: • Identify risks, threats, and vulnerabilities commonly found in the seven domains of a typical IT infrastructure. Determine which domain is impacted by the risk, threat, or vulnerability. Determine...
Words: 1159 - Pages: 5
...Intro to Information Security Project Part 1 Listed below are some of the different layers of security that a Network Administrator or Security Administrator could implement on different domains in order to increase the strength of the servers against attacks. Many of these are universal implementations and can be applied to multiple types of servers / domains. To increase the security of a User Domain at the user level an administrator should apply Group Policy settings in order to require end-users to use complex passwords. This increases the strength of the authentication process and helps prevent easy password cracking techniques such as Brute Force. To help prevent the extraction of data on the next layer, Workstation Domains, workstations should be setup to have important data encrypted on the drive. In the event of data extraction or theft of the drive, this would ensure that the data could not be utilized. On the next layer, LAN Domains, it is important to implement spam filters in order to intercept and “weed out” potentially malicious incoming packets, connections, & emails to the server. It is also important to set Group Policy settings to initiate session timeouts for active sessions on the LAN and also on the WAN Domains. This will provide an extra layer of security if users walk away from their active workstations for an extended period of time. It will also help to secure the sessions from outside attacks if accidentally left open. Also, a good Network...
Words: 367 - Pages: 2
...architecture. But the definition of what architecture is, the titles that architects have, and the role of an architect vary widely from one organization to another. Business, IT, management, and even architects don’t necessarily know what a good architect does to add value in his or her organization. This Executive Report discusses the role of the architect and describes 10 activities that architects should perform to add value to projects. ABOUT CUTTER CONSORTIUM Access to the Experts Cutter Consortium is a unique IT advisory firm, comprising a group of more than 100 internationally recognized experts who have come together to offer content, consulting, and training to our clients. These experts are committed to delivering top-level, critical, and objective advice. They have done, and are doing, groundbreaking work in organizations worldwide, helping companies deal with issues in the core areas of software development and agile project management, enterprise architecture, business technology trends and strategies, innovation, enterprise risk management, metrics, and sourcing. Cutter offers a different value proposition than other IT research firms: We give you Access to the Experts. You get practitioners’ points of view, derived from hands-on experience with the same critical issues you are facing, not the perspective of a desk-bound analyst who can only make predictions and observations on what’s happening in the marketplace. With Cutter Consortium...
Words: 11157 - Pages: 45
...final year BSc (Hons) computing science project aiming to investigate biometric technologies and develop a fingerprint recognition application to allow logging of student attendance at lectures. The introduction offers some background to the project and establishes the aims and objectives of the project overall. Following on from the introduction, the literature review presents a critique of research material that provides the basis for the project. This material includes a number of texts, journals and research papers as well as additional information sourced from the Web. As drawn from the literature, the subject areas covered include; history and background to modern biometrics; technological, social, organisational and environmental influences; key technologies in the market today; design issues, including security, performance and testing. In chapter 3, attention turns to requirements analysis for the development of a fingerprint recognition system. The process follows a requirements engineering approach to development by formally establishing user requirements and allowing continuous requirements assessment throughout the project life-cycle. The design approach and methodology used to model the problem are also addressed here. Chapter 4 deals with high level design issues such as requirements engineering in the solution domain; assessment and selection of technology options; project management and implementation strategy and evaluation of user requirements. Acknowledgements...
Words: 5371 - Pages: 22
...IS 3220 IT Infrastructure Security Project Part 1: Network Survey Project Part 2: Network Design Project Part 3: Network Security Plan ITT Technical Institute 8/4/15 Project Part 1: Network Survey Network Design and Plan Executive Summary: We have been engaged in business for some time, and have been very successful, however we need to re-examine our network configuration and infrastructure and identify that our network defenses are still reliable, before we make any changes. We need to take a hard look at our current configuration of host, services and our protocols within our organization. Data from a large number of penetration tests in recent years show most corporate networks share common vulnerabilities. Many of these problems could be mitigated by appropriate education in “hacker thinking” for technical staff. We will take a look at our security on routers and switches to make sure there are no leakages of data traffic. OBJECTIVE We have identified that we have loss some major accounts to competitors whose bids have been accurately just under our bid offers by exact amounts. We also believe due to shared reporting and public Web site functions that our Web servers have been compromised and our RFP documents have been leaked to competitors which enabled them to under bid us. We want to mitigate Web threats in the future; we realize the web is a mission critical business tool. We want to purchase new products and services, that will give us an edge and better...
Words: 3355 - Pages: 14
...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...
Words: 18421 - Pages: 74
...Active Directory Design Guide Thursday, 25 February 2010 Version 2.0.0.0 Baseline Prepared by Microsoft Prepared by Microsoft Copyright This document and/or software (“this Content”) has been created in partnership with the National Health Service (NHS) in England. Intellectual Property Rights to this Content are jointly owned by Microsoft and the NHS in England, although both Microsoft and the NHS are entitled to independently exercise their rights of ownership. Microsoft acknowledges the contribution of the NHS in England through their Common User Interface programme to this Content. Readers are referred to www.cui.nhs.uk for further information on the NHS CUI Programme. All trademarks are the property of their respective companies. Microsoft and Windows are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. © Microsoft Corporation 2010. All rights reserved. Disclaimer At the time of writing this document, Web sites are referenced using active hyperlinks to the correct Web page. Due to the dynamic nature of Web sites, in time, these links may become invalid. Microsoft is not responsible for the content of external Internet sites. Page ii Active Directory – Design Guide Prepared by Microsoft, Version 2.0.0.0 Last modified on 26 February 2010 Prepared by Microsoft TABLE OF CONTENTS 1 2 Executive Summary ..............................................................................................
Words: 43732 - Pages: 175
...THE INTER-SESSIONAL PANEL OF THE UNITED NATIONS COMMISSION ON SCIENCE AND TECHNOLOGY FOR DEVELOPMENT 15-17 December 2010 Geneva UGANDA CONTRIBUTION " ICT POLICIES, STRATEGIES AND INITIATIVES PUT IN PLACE IN UGANDA " The views presented here are the participants’ and do not necessarily reflect the views and the position of the United Nations or the United Nations Conference on Trade and Development i ICT POLICIES, STRATEGIES AND INITIATIVES PUT IN PLACE IN UGANDA NITA‐U 11/2/2010 ii Table of Contents 1 2 Table of Contents ………………………………………………………………………………………………………………………………………………….iii INFORMATION COMMUNICATION TECHNOLOGY (ICT) STRATEGIES…………………………………………………………………….1 2.1 3 Creation of the Ministry of ICT……………………………………………………………………………………………………………………..1 AGENCIES UNDER MINISTRY OF ICT………………………………………………………………………………………………………………….....1 3.1 National Information Technology Authority‐Uganda……………………………………………………………………………………1 Functions of the Authority ........................................................................................................................ 1 Initiatives ................................................................................................................................................... 2 3.1.1 3.1.2 3.2 Uganda Communications Commission (UCC)………………………………………………………………………………………………..3 Initiatives ...............................................................................................................
Words: 3997 - Pages: 16
...Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms & Applications 300...
Words: 4114 - Pages: 17
...Your proposal may include, but you are not limited to the following item listing. Before each class meeting, please provide a paragraph or more on each item on the list. Your group should send this information to me via email at billbaig@gmail.com in addition to your team leader approved status report and time cards. These assignments will count as individual skills assessment grade, which is 15% of your overall grade in this class. Feel free to make additions or edits as needed, but make sure if you omit anything of this list, you are able to provide proper justification for it. Do not just provide list of hardware or software directly from the web. Be sure to thoroughly research and make appropriate recommendation based on your studies of various hardware/software. In addition, a diagram for each list item is recommend, illustrating precisely your recommendations for the provided case study. All information presented in your proposal MUST have in-text citations and a work cited section for the references used in your proposals. EVERYTHING SUBMITTED SHOULD DIRECTLY RELATE TO THE PRESENTED CASE STUDY AND NO COPYRIGHT MATERIAL! The recommended order to accomplish this proposal is as follows: Week 2 • LAN and WAN requirements – explain the LAN and WAN infrastructure of the doctor’s office network • Wiring – type of wire, length, cost, outside contractor, etc • Network Diagrams – current network infrastructure and proposed network • Network Hardware – routers, switches...
Words: 1078 - Pages: 5
...Disseminating Organizational IT Security and Troubleshooting Best Practices Patrick Peck CIS329: Administering Desktop Clients Professor Cynthia Orth Strayer University 17 March 2013 Disseminating Organizational IT Security and Troubleshooting Best Practices The organization being analyzed here is a video store that works within a semi-commercial area of a metropolitan city. The video store aims to enhance its overall IT infrastructure and increase security of the videos/hardware/software through the implementation of useful IT infrastructures. The problem, thus, is that there is no real information technology security measure employed in the video shop in terms of user authentication and similar processes. There is very little awareness of the necessary IT security measures amongst the current management heads which is why they need an effective IT security plan and structure to implement to ensure there is no copyright infringement and stealing from their shop. The problem of having no IT infrastructure within the video store is that it directly affects all products and videos that are at the disposal of the customers online as well as on-site. The guidelines associated to the informational security strategy should incorporate contingency actions which will facilitate the video shop to endure any discrepancy or calamity and tackle it audaciously. Actions like incorporating data storage and extraction with the use of data-warehousing and data-mining techniques...
Words: 2912 - Pages: 12
...This multi layered security plan will provide a brief overview the strategies to be implemented to each level of the information technology infrastructure. The IT infrastructure consist of seven domains User, Workstation, LAN, WAN, LAN-to-WAN, Remote Access, and Systems/Applications. However, we are going to outline the five we feel would be the most important for our beginning stage mitigating potential attacks. I) User Domain – Employees accessing the organization’s information system. a. Having a development of acceptable use policy (AUP) what employees can access or not. b. Any violations of the AUP will result in that offender’s termination. c. The best practice to introducing the AUP is ensuring that all employees read, understand, and sign an agreement. d. This will hold the employee accountable. II) Workstation Domain – the employee or users connecting to the network. e. hardening and configuring the system provide a defense against any vulnerabilities. f. Ensuring that the patching of software revision, and system configurations constantly monitored and conducted on a regular basis. g. The frequency of such will be determined by management. Suggesting that Desktop Support will be responsible for this layer of defense. III) WAN Domain – Connecting remote locations. h. Use VPN tunneling for end-to-end secure IP communications. i. Configure routers and network firewalls to use stateful packet...
Words: 386 - Pages: 2
