Details of this Paper

Saint COm510 full course (all discussion + assignment + exercises +exams)

Description

solution


Question

Question;Module 1 CaseRead Reading #8 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Post your question in the Module 1 Discussion Board no later than Thursday 11:59 PM EST/EDT.Respond to at least two questions posted by your fellow students by no later than Sunday 11:59 PM EST/EDT.Module 2 CaseRead Reading #2 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Module 3 CaseRead Reading #3 inReadings and Cases in the Management of Information Security. On the discussion board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Module 4 CaseRead Reading #7 inReadings and Cases in the Management of Information Security. On the discussion board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Remember to Incorporate the Saint Leo core value of integrity into your question.Module 5 CaseRead Reading #5 inReadings and Cases in the Management of Information Security. On the discussion board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Module 6 CaseRead Reading #6 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Module 7 CaseRead Reading #11 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Discussion QuestionRead Reading #8 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Module 1 Summary PapeSummary Paper:Using sources such as the Internet;newspaper, magazine, journal, or Saint Leo online library resources;find a recent article (less than six months old) on cyber attack or on;an information security breach. Submit at least a 1,000 word summary of;the article. Describe the issue and cause, and give recommendations for;how such an incident can be prevented in the future. The source of the;article must be cited following APA format.Please upload this in the Drop box bin named "Module 1 Summary Paper".Project Description;Carry out a security self-assessment of an;organization using the NIST Special Publication 800-26 as a;guide. This may be your current or previous;employer or your own organization. You must seek;permission from the individual responsible for the;information security of that organization.;The SP 800-26 document is a self-assessment guide;to assess the IT system of an organization. This;document is no longer available from NIST but it;is contained in Appendix A at the end of the textbook;starting at page 505. You may use this appendix as;a guide. I recommend that you use primary areas;such as Management controls, Operational controls;Technical controls, etc., as a guide to assess a;system.;A new publication, SP 800-53A ?Guide for;Assessing the Security Controls in Federal Information;Systems,? is available for download from the NIST;website at: http://csrc.nist.gov. At the moment this;document is in draft form. Those of you who are;working or are experienced in Federal IT Systems may;use this publication as an alternative to SP;800-26.;Basically you have a choice of using SP 800-26 or;53A.;Report;Write a report based on the self-assessment of an;organization. It should be 4-5 pages long, 12 point;character size, single line spacing, and 1?;margins (left, right, top, and bottom). It is recommended that;you do not use the actual name of the organization;in the report, use a title, such as ?ABC Inc.? Your;report should include a brief description of the;organization, nature of the business, analysis of the;results, and recommendations for improvement in;the form of an action plan.;You;should also prepare a PowerPoint presentation (10-;15;slides) explaining the results and recommendations;of your assessment to senior management of the organization.;Deliverables;1.;Word document containing report;2. PowerPoint;file containing presentationMidterm;Question 1.;1.;The process that develops, creates, and implements strategies for the accomplishment of objectives is called ____.;(Points: 5);leadingcontrollingorganizingplanning;Question 2.;2.;implements and oversees the use of controls to reduce risk.;(Points: 5);Risk assessmentIncident responseRisk managementNetwork security administration;Question 3.;3.;Which of the following is an advantage of the user support group form of training?;(Points: 5);usually conducted in an informal social settingformal training plancan be live, or can be archived and viewed at the trainee's conveniencecan be customized to the needs of the trainee;Question 4.;4.;Which of the following is the first step in the process of implementing training?;(Points: 5);identify training staffidentify target audiencesidentify program scope, goals, and objectivesmotivate management and employees;Question 5.;5.;occurs when a control provides proof that a user possesses the identity that he or she claims.;(Points: 5);IdentificationAuthenticationAuthorizationAccountability;Question 6.;6.;According to the C.I.A. triangle, the three desirable;characteristics of information are confidentiality, integrity, and ____.;(Points: 5);accountabilityavailabilityauthorizationauthentication;Question 7.;7.;Which of the following is a definite indicator of an actual incident?;(Points: 5);unusual system crashesreported attackpresence of new accountsuse of dormant accounts;Question 8.;8.;Which of the following certifications is considered among the most prestigious for security managers?;(Points: 5);CISSPCISAGIACSecurity +;Question 9.;9.;The COSO framework component ____, based on the establishment;of objectives, assists in the identification and examination of valid;risks to objectives as well as information.;(Points: 5);Control environmentRisk assessmentControl activitiesInformation management;Question 10.;10.;A medium-sized organization has ____.;(Points: 5);a larger security staff than a small organizationa larger security budget than a small organization1,000 to 10,000 computerslarger security needs than a small organization;Question 11.;11.;The ____ component of an EISP defines the organizational;structure designed to support information security within the;organization.;(Points: 5);Information Technology Security Responsibilities and RolesNeed for Information Technology SecurityReference to Other Information Technology Standards and GuidelinesInformation Technology Security Elements;Question 12.;12.;The IRP is usually activated ____.;(Points: 5);before an incident takes placewhen an incident is detectedonce the DRP is activatedonce the BCP is activated;Question 13.;13.;is the process of measuring against established standards.;(Points: 5);BaseliningBenchmarkingTargetingProfiling;Question 14.;14.;is the quality or state of being whole, complete, and uncorrupted.;(Points: 5);IntegrityAuthorizationSecurityConfidentiality;Question 15.;15.;Very large organizations have ____ computers.;(Points: 5);100 to 1,0001,000 to 5,00010,000 to 50,000more than 10,000;Question 16.;16.;A(n) ____ is a detailed description of the activities that occur during an attack.;(Points: 5);attack rosterattack profileattack messageattack diagnostic;Question 17.;17.;Identification is typically performed by means of a(n) ____.;(Points: 5);audit loguser namecryptographic certificateaccess control list;Question 18.;18.;The COSO framework component ____ includes the policies and procedures to support management directives.;(Points: 5);Control environmentRisk assessmentControl activitiesInformation management;Question 19.;19.;Defining the scope of an ISMS is part of which phase of the BS7799 Part 2 Plan-Do-Check-Act cycle?;(Points: 5);PlanDoCheckAct;Question 20.;20.;A(n) ____ security policy provides detailed, targeted;guidance to instruct all members of the organization in the use of;technology-based systems.;(Points: 5);issue-specificenterprise informationsystem-specificinformation;Question 21.;21.;Internal ISMS audits are conducted during the ____ phase of the Plan-Do-Check-Act cycle.;(Points: 5);PlanDoCheckAct;Question 22.;22.;control tools evaluate the efficiency and effectiveness of business processes.;(Points: 5);FinancialBehavioralInformationOperational;Question 23.;23.;Which of the following is a disadvantage of user support groups?;(Points: 5);relatively inflexibleresource intensive, to the point of being inefficientcentered on a specific topic or productsoftware can be very expensive;Question 24.;24.;Corrective or preventive action is taken during the ____ phase of the Plan-Do-Check-Act cycle.;(Points: 5);PlanDoCheckAct;Question 25.;25.;To ensure ____, an organization must demonstrate that it is;continuously attempting to meet the requirements of the market in which;it operates.;(Points: 5);policy administrationdue diligenceadequate security measurescertification and accreditation;Question 26.;26.;When users call an organization with problems with their;computers, the network, or an Internet connection, they speak with the;(Points: 5);security officershelp desk personnelsecurity stafferssecurity consultants;Question 27.;27.;Communications security involves the protection of an organization's ____.;(Points: 5);employeesphysical assetstechnologydata network devices;Question 28.;28.;evaluates patches used to close software vulnerabilities;and acceptance testing of new systems to assure compliance with policy;and effectiveness.;(Points: 5);Systems testingRisk assessmentIncident responsePlanning;Question 29.;29.;A risk assessment is performed during the ____ phase of the SecSDLC.;(Points: 5);implementationanalysisdesigninvestigation;Question 30.;30.;An identified weakness of a controlled system is known as a ____.;(Points: 5);liabilitythreatvulnerabilityfault;Question 31.;31.;Which of the following is NOT a question you should ask when considering best practices for your organization?;(Points: 5);Do you have a similar customer base as the target?Is your organization structure similar to the target?Do you face similar challenges as the target?Are you in a similar industry as the target?;Question 32.;32.;Best business practices are also known as ____.;(Points: 5);recommended practicesuniversal practicesindustry practicesbest models;Question 33.;33.;The ____ layer of the bull's-eye model consists of computers;used as servers, desktop computers, and systems used for process control;and manufacturing systems.;(Points: 5);PoliciesNetworksApplicationsSystems;Question 34.;34.;A ____ is a value or profile of a performance metric against;which changes in the performance metric can be usefully compared.;(Points: 5);targetframeworkbenchmarkbaseline;Question 35.;35.;Which of the following is true about a hot site?;(Points: 5);It is an empty room with standard heating, air conditioning, and electrical service.It includes computing equipment and peripherals with servers but not client workstations.It duplicates computing resources, peripherals, phone systems, applications, and workstations.All communications services must be installed after the site is occupied.;Question 36.;36.;The DRP is usually managed by the ____.;(Points: 5);CEOCIOCISOIT community of interest;Question 37.;37.;Operational plans are used by ____.;(Points: 5);managerssecurity managersthe CISOthe CIO;Question 38.;38.;A SDLC-based project that is the result of a carefully developed strategy is said to be ____.;(Points: 5);employee-drivenplan-drivensequence-drivenevent-driven;Question 39.;39.;A disadvantage of creating a number of independent ISSP documents is that the result may ____.;(Points: 5);overgeneralize the issuessuffer from poor policy disseminationskip over vulnerabilitiesbe written by those with less complete subject matter expertise;Question 40.;40.;A joint application development team can survive employee turnover by ____.;(Points: 5);having as few employees in the team as possiblehaving as many employees in the team as possibledocumenting the processes and procedures used by the teamhaving all the members work independentlyFinal examQuestion 1.1.Which of the following is a subprocess of the unfreezing process in Lewin's change model? (Points: 5) cognitive redefinitionrealization that a new method is the best waycreation of psychological safety or overcoming learning anxietyimitation and positive or defensive identification with a role modelQuestion 2.2.A _____ is an example of the "something you are" authentication mechanism. (Points: 5) fingerprintpasswordsmart cardsignature pattern recognitionQuestion 3.3.A security technician usually reports to a person with a ____ level of authority. (Points: 5) CIOCFOCEOCISOQuestion 4.4.The;certification program is an option for individuals who wish to;take the CISSP or SSCP exams before obtaining the requisite experience;for certification. (Points: 5) TICSASCPMCSE(ISC)? AssociateQuestion 5.5._____ allow only specific packets with a particular source, destination, and port address to pass through it. (Points: 5) dynamic packet filtering firewallspacket filtering firewallsstateful inspection firewallsapplication-level firewallsQuestion 6.6.The analysis team presents its proposed mitigation plans to the _____ group. (Points: 5) information technologysenior managementinformation securitymiddle managementQuestion 7.7._____ is the third generation of firewalls. (Points: 5) stateful inspection firewallapplication-level firewalldynamic packet filtering firewallpacket filtering firewallsQuestion 8.8.The _____ team is involved in the operational area management knowledge process. (Points: 5) middle managerssenior managersinformation securityindependent consultantsQuestion 9.9.;work on special projects for organizations, and are self-employed;people with their own contractual obligations and security requirements.;(Points: 5) ConsultantsContractorsBusiness partnersTemporary workersQuestion 10.10._____ is the most critical success factor for security risk evaluations. (Points: 5) selecting the analysis teamscoping the OCTAVE Methodgetting senior management sponsorshipselecting participantsQuestion 11.11.The ____ is a division of the NSA, and provides a wide variety of information security solutions for cyber defense. (Points: 5) IADNIPCFBICIAQuestion 12.12.In;a cost-benefit analysis, the _____ is the value to the organization of;using controls to prevent losses associated with a specific;vulnerability? (Points: 5) costbenefitloss expectancyasset valueQuestion 13.13.Deliberate software attacks include worms, denial of service, macros, and ____. (Points: 5) unknown loopholespiracybugsvirusesQuestion 14.14.The;Public Company Accounting Reform and Investor Protection Act demands;that the CEO and ____ assume direct and personal accountability for the;completeness and accuracy of a publicly traded organization's financial;reporting and record-keeping systems. (Points: 5) CIOCISOCFOCOOQuestion 15.15.;is the primary and dominant cryptographic authentication and encryption;framework for security development within the TCP/IP family of protocol;standards. (Points: 5) Secure Hypertext Transfer ProtocolSecure ShellIP SecuritySecure Sockets LayerQuestion 16.16.An;information security project wrap-up is usually a procedural task that;would be assigned to a ____ staff member or an information security;manager. (Points: 5) low-levelCOOmid-levelCIOQuestion 17.17.Which of the following is not an example of a disaster recovery plan? (Points: 5) data recovery proceduresreestablishment of lost service proceduresinformation gathering proceduresshut down proceduresQuestion 18.18.In;keeping with the requirements of the Public Company Accounting Reform;and Investor Protection Act, the executives in an organization rely on;the expertise of the ____ to ensure that the systems used to report and;record information are sound. (Points: 5) COOCISOCFOComptrollerQuestion 19.19._____ technical controls defend against threats from outside of the organization. (Points: 5) security planningpolicy and laweducation and trainingfirewallQuestion 20.20.A(n) _____ is a valuable tool in managing an intrusion detection system. (Points: 5) port scanneragentfirewallconsolidated enterprise managerQuestion 21.21.In;the US military classification scheme, ____ refers to information;assets that would adversely affect US national interests if lost;misused, or made available to sources with unauthorized access. (Points;5) Confidential DataSensitive But UnclassifiedTop Secret DataSecret DataQuestion 22.22.Which;of the following is NOT part of the Implementing Controls phase of the;Microsoft Security Risk Management program? (Points: 5) seek holistic approachorganize by defense-in-depthdevelop risk scorecardall of these are part of this phaseQuestion 23.23.Enacted in 1999, the Gramm-Leach-Bliley Act addresses ____ issues. (Points: 5) bankingtrade secretscryptographyprivacyQuestion 24.24.Which of the following is a software asset type? (Points: 5) test equipmentcustom applicationnetworking devicesdesktopsQuestion 25.25.When it is developed, the CIFI body of knowledge is expected to cover ____. (Points: 5) tracebackinformation security governanceresponse managementrisk managementQuestion 26.26.Which law governs the federal agency use of personal information? (Points: 5) The Telecommunications Deregulation and Competition Act of 1996Computer Security Act of 1987USA Patriot Act of 2001Federal Privacy Act of 1974Question 27.27.____ should not be allowed to wander freely in and out of buildings. (Points: 5) ConsultantsBusiness partnersService contractorsTemporary workersQuestion 28.28.Which of the following is a domain of the CompTIA Security+ exam? (Points: 5) general security conceptsbusiness risk managementIS audit processdisaster recovery and business continuityQuestion 29.29.Which access controls are structured and coordinated with a data classification scheme? (Points: 5) mandatory access controlsdiscretionary access controlsrole-based controlsnondiscretionary controlsQuestion 30.30.The ____ was enacted to prevent abuse of information while employed elsewhere. (Points: 5) Electronic Communications Privacy Act of 1986Public Company Accounting Reform and Investor Protection Act of 2002Economic Espionage Act of 1996Financial Services Act of 1999Question 31.31.In phase 3 of the OCTAVE Method, the creation of mitigation plans occurs during the _____ process. (Points: 5) development of a protection strategyrisk analysiscreation of threat profilesidentification of key componentsQuestion 32.32.The identification of a system of interest occurs during the _____. (Points: 5) identification of relative prioritiesidentification of key componentscreation of threat profilesevaluation of selected componentsQuestion 33.33.Which;of the following characteristics currently used today for;authentication purposes is not considered truly unique? (Points: 5) fingerprintsirisretinaID CardsQuestion 34.34.Which of the following best describes the incident response plan? (Points: 5) actions undertaken by an organization during an attackrecovery preparationsstep-by-step rules to regain normalcystrategies to limit business losses before and during a disasterQuestion 35.35.;firewalls are simple network devices that examine all incoming and;outgoing packet headers, selectively allowing or rejecting packets.;(Points: 5) packet filteringstateful inspectionDMZproxyQuestion 36.36.Which of the following is a responsibility of an information security department manager? (Points: 5) offering technical information security consulting services to network administratorsrunning vulnerability identification software packagespreparing post-mortem analyses of information security breachestraining Access Control System administrators to set up firewallsQuestion 37.37.Which official determines which package best serves the needs of the organization? (Points: 5) VP of Human ResourcesCFOCIO or CISOCOOQuestion 38.38.;are software programs or hardware/software appliances that allow;administrators to restrict content that comes into a network. (Points;5) port scannerspacket sniffersvulnerability scannerscontent filtersQuestion 39.39.From;Schwartz et al., information security positions can be categorized as;those that define, those that build, and those that ____. (Points: 5) implementdesignadministeroperateQuestion 40.40._____ is a biometric authentication system that is considered to be least secure. (Points: 5) keystroke pattern recognitionsignature recognitionretina pattern recognitionfingerprint recognition

 

Paper#36389 | Written in 18-Jul-2015

Price : $127
SiteLock