...Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief report on how the "Internal Use Only" data classification standard impacts the seven domains of the investment firm's...
Words: 530 - Pages: 3
...Unit Plans Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions...
Words: 1409 - Pages: 6
...Unit 1 Assignment 2: Impact of a Data Classification Standard Course Name & Number: NT2580 Introduction to Information Security Learning Objectives and Outcomes * You will learn how to determine the impact of a data classification standard on an organization's IT infrastructure. Assignment Requirements You are a networking intern at Richman Investments, a mid-level financial investment and consulting firm. Your supervisor has asked you to draft a brief report that describes the “Internal Use Only” data classification standard of Richman Investments. Write this report addressing which IT infrastructure domains are affected by the standard and how they are affected. In your report, mention at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. Your report will become part of an executive summary to senior management. Required Resources None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: Chicago Manual of Style * Length: 1–2 pages * Due By: Unit 2 Self-Assessment Checklist * I have identified at least three IT infrastructure domains affected by the “Internal Use Only” data classification standard. * In my report, I have included details on how those domains are affected. Internal Use Only The term “internal use only” is a term that refers to information or data that could also include communications are...
Words: 835 - Pages: 4
...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system. * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation Domain ...
Words: 508 - Pages: 3
...Dallas Benning NT2580 Unit 1 Assignment 2: Impact of a Data Classification Standard The “Internal Use Only” data classification standards will affect the user domain, the work station domain and the LAN domain. These three domains are the most basic infrastructure domains and the will cover all users in the company. The classification will cover the company telephone directory, employee training materials and internal policy manuals. The User Domain explains the people who have access to the company’s information. This domains will contain all of the user’s information and will enforce the policies that control what information each user is allowed to access. This domain can also be the greatest weakness in a system and needs to be carefully monitored. The Workstation domain is where users are verified and accounts are set up. They will need to have a user name and password assigned to them by the IT department before they can access any systems or data. Also, no personal devices or any forms of removable media will be allow on the network. There will also be policies in place to ensure that each employee only has access to the information that they need to perform their jobs. The LAN domain includes all physical elements of the LAN network. There must be strong security for this domain because it is the entry point to any WAN networks and makes accessing workstations far easier. Users must have background checks and be screened before given access to the physical...
Words: 290 - Pages: 2
...The Classifier’s Handbook TS-107 August 1991 THE CLASSIFIER'S HANDBOOK Table of Contents (Also See The Introduction to the Position Classification Standards.) PREFACE ..................................................................................................................................................... 3 CHAPTER 1, POSITION CLASSIFICATION STANDARDS........................................................................ 4 DEVELOPMENT OF STANDARDS ......................................................................................................... 5 FORMAT OF STANDARDS ..................................................................................................................... 5 CHAPTER 2, THE FACTOR EVALUATION SYSTEM ................................................................................ 7 THE STRUCTURE OF FES...................................................................................................................... 7 FES FACTORS......................................................................................................................................... 7 EVALUATING A POSITION USING FES ................................................................................................ 9 FES EVALUATION STATEMENT.......................................................................................................... 13 FACTOR LEVEL RELATIONSHIPS ............................................................................
Words: 16205 - Pages: 65
...Unit 1 Assignment 2: Impact of a Data Classification Standard The "Internal Use Only" data classification standard at Richman Investments includes basic IT infrastructure domains such as User Domain, Workstation Domain, and the LAN Domain. This will surround all users and their workstations, as well their access to the internet and company server databases and any information in between. The User Domain identifies the people who access an organization's information system. One way would be to implement what’s called an acceptable use policy or (AUP) to define what each user can and cannot do with any company information if they have access to it. That also goes for any outside company or third-party representatives to agree and comply with the AUP. All users must be properly identified and sign this AUP before gaining any access to the company network. It is best to avoid security policy violations. The Workstation Domain includes all computers and workstations that are approved on the company network. Only approved devices can be used at a workstation or within the network. Any devices not approved or any unauth will be issued by the company for official use only. To access any workstation, a user will need to be first verified, then setup with an account to be logged in with a username and password assigned by the IT departments set by Richman Investments. All systems will undergo regular updates and be provided with anti-virus and anti-malware software for system...
Words: 304 - Pages: 2
...William Burns-Garcia NT 2580 Unit 1 Assignment 2 Re: Impact of a Data Classification Standard Per your request, I have included information regarding the data classification standards designed for Richman investments. This report will include information that pertains to the IT infrastructure domains and how they are affected. Though there are several, I want to concentrate on three of the most vulnerable. 1. User Domain: Of all domains, this can be the most vulnerable as it usually affects any user on the network. Most companies should have an Acceptable Use Policy (AUP) with standards that can be monitored at any time. Not only does this policy affect internal users, it should also be enforced by any outside vendors such as, off-site IT support. There should be on-going information sessions to remind users of AUP. 2. Workstation Domain: Every person with access to the network of Richman Investments must have authorized personal credentials to use a workstation assigned to them. A few exceptions can be Major IT administration and authorized upper management. A change password should be implemented no less than 45-60 days on Richman’s network. Administrative passwords should also be changed no less than 30-45 days, Since Administrative access has the most immediate vulnerability. 3. LAN Domain: The Local Area Network (LAN), which includes most things in the computer closet that helps all devices connect to the network. This domain can be vulnerable because...
Words: 364 - Pages: 2
...Birla Institute of Technology, Mesra, Ranchi, Jharkhand, India Syllabus of Master of Urban Planning [MUP] Programme |FIRST SEMESTER | |NO. |SUBJECT |L. |T. |S. |Units | |MUP1101 |History of Human Settlement & Planning Principles |3 |0 |0 |1.0 | |MUP1103 |Housing & Community Planning |3 |0 |0 |1.0 | |MUP1105 |Planning Theory and Techniques |3 |0 |0 |1.0 | |TRS1017 |GIS with introduction to Remote Sensing |3 |0 |0 |1.0 | | Sessional / Laboratory subjects | |MUP1102 |Planning Studio / Workshop I (With Field study) |0 |0 |12 |1.5 | |MUP 1104 |Urban Design |0 |0 |4 ...
Words: 6033 - Pages: 25
...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability...
Words: 3379 - Pages: 14
...Assignment Questions for Harvard Cases 3. Hilton Manufacturing Company In Exhibit 3 of the case, change the description for estimating variable portion of "Compensation" and use 5% of direct labor cost rather than 5% of direct labor and indirect labor cost as indicated in that Exhibit 3. Again, DO NOT USE 5% of DL and IDL costs. A product cost is itself a product of a cost accounting system. To use product cost information in decision making, a manager must understand the nature of the cost measurement system that has been used to estimate a product cost and be able to evaluate whether or not the product cost at hand is appropriate for the decision which is about to be made. A second objective is to provide practice in considering whether or not assumptions about cost behavior are critical to decisions and to expand the notion of contribution beyond the simple idea of price minus variable cost per unit. A third objective introduces the concept of breakeven analysis, not by focusing on the point where no profit is earned but rather as a tool to consider whether or not one of two price points might be preferred. Finally, the last assignment question invites you to consider factors that lead to profitability. You begin your analysis by focusing on two issues raised in the assigned questions. The first is whether the decision not to drop Product 103 as of January 1, 2004 was wise. In addition, you are asked to analyze what would have been the impact on profit...
Words: 1312 - Pages: 6
...Mandie Brayley NT2580 – Intro to Info Sec Unit 1 Assignment 2: Impact of a Data Classification Standard When you hear Internal Use Only, the first thing that seems to pop into your head would be that any data transferred has to stay inside wherever the domains are. While there are seven IT infrastructure domains, there are only three that are actually affected by the “Internal Use Only” data standard. These domains are the user domain, workstation domain and the LAN domain. As with all infrastructures these domains have their own tasks and responsibilities. The user domain is the first layer of the IT infrastructure defense system. This domain is used to access systems, applications, data and more. You will also find the AUP or Acceptable Use Policy here. The AUP is a policy tells the user what they are and are not allowed to do with any organization-owned IT equipment. This domain is affected by the Internal Use Only standard because it is the first partition of the IT Infrastructure. After the user domain, we have the workstation domain. This domain is used to configure hardware and hardening systems. Hardening systems is the process of ensuring that controls are in place to handle any known threats. This process is done by ensuring that the infrastructure has all the latest software revisions, security patches, and systems configurations. But these aren’t the only things that go on in the domain, this is also where the antivirus files are verified. While...
Words: 453 - Pages: 2
...IT-255 unit 1 assignment 2: impact of a data classification standard Hello everyone at Richman investments, I was s asked to write a brief report that describes the "internal use only" data classification standard of Richman investments. I will list a few of the IT infrastructure domains that are affected by the standard and how they are affecting the domain and their security here at Richman investments. * User domain The user domain defines the people who access an organizations information system. In the user domain you will find an acceptable use policy (AUP). An AUP defines what a user can and cannot do with organization-owned IT assets. It is like a rulebook that the employees must follow. Failure to follow these rules can be grounds for termination. The user domain is the weakest link in an IT infrastructure. Anybody who is responsible for computer security understand what motivates someone to compromise an organization system, application, or data. Now I am going to list risk and threats commonly found in the user domain and plans you can use to prevent them. Lack of user awareness - solution - conduct security awareness training, display security awareness posters, insert reminders in banner greeting, and send email reminders to employees. Security policy violation- solution - place employee on probation, review AUP and employee Manuel, discuss during performance review. Employee blackmail or extortion- solution - track and monitor abnormal employee behavior...
Words: 681 - Pages: 3
...Impact of a Data Classification Standard | Unit 1 Assignment | Domain This Domain is where only one user will have entrance to it. This can be configured to internal usage only. By default, the IT department tries to sustain a certain level of Security for this, so that nobody can enter from the outside, only the IT Department may grant access privilege for Remote Access. The User Domain will enforce an acceptable use policy (AUP) to define which user can and cannot do with any company data that he or she has access to. Also, every user on the company is responsible for the safekeeping of the environment. 2. LAN Domain The Local Area Network Domain is a group of computers that are all connected to a single LAN domain. The LAN Domain is a collection of computers connected to each another or to a common medium. All LAN domains have data closets, physical elements of the LAN, and logical elements as designated by authorized personnel. It involves strong security and access controls. This domain can access company-wide systems, applications, and data from anyplace within the LAN. The LAN support group is in control of maintaining and securing the domain. The biggest threat to the LAN domain is an Un-authorized access to anything on the network. For example: LAN, the systems, and data. One thing we can do is require strict security protocols for this domain, such as disabling all external access ports for the workstation. This would cause a no access...
Words: 358 - Pages: 2
...CIA triad Not all threats are intentional Confidentiality, integrity, accessibility = CIA Starting on pg 161 DAC- only as secure as the individuals understanding. Access determined by owner. MAC- access determined by data classification itself. data itself has a classification. Need to be cleared to the level of the data security. Also has a “need to know” aspect to it. Non DAC- third party determines the permissions. Role based- pg 166. Access determined on the job of the user. Rule based- variation of DAC. Rules are created and access is based on the rules created. Week of 4/17/13 Starts on pg 146 Project- search SSCP CBK on the library under 24/7 Each of the 7 domains, vulnerabilities in each, security used in each to control, For lab 5--- Make 4 types of connections. 2 secure 2 not secure. telnet, securenet, ssh, and ftp. Will need 3 machines. Student, Target, ubuntu 1 Wireshark setting to capture a file in promiscuous mode on student. Do an FTP to target windows. Command prompt from student to ubuntu. Try to log in. Do questions. Question 9, focus on SSH and what traffic you are getting. Assignments— Week of 5/1/13 Acronyms- Pg263 BCP- Business Continuity Plan DRP- Disaster Recovery Plan Pg266 BIA- Business Impact analysis Pg256 SRE ARO ALE Pg258 Dealing with risk BCP A plan designed to help an organization continue to operate during and after a disruption Covers all functions of a business, IT systems, facilities, and...
Words: 907 - Pages: 4