CS651_KristineCameron_Final

Countermeasures come in a variety of sizes, shapes, and levels of complexity. This document endeavors to describe a range of strategies that are potentially applicable to life in education organizations. In an effort to maintain this focus, those countermeasures that are unlikely to be applied in education organizations are not included here. If after your risk assessment, for example, your security team determines that your organization requires high-end countermeasures like retinal scanners or voice analyzers, you will need to refer to other security references and perhaps hire a reliable technical consultant.

Computer Science Pick one security law that most interests you with an emphasis on the areas that impact information security and assurance. Write a 1 page summary that includes what it is, what is its purpose/relevance, why is it important, who or what it applies to, ramnifications if not followed, and impact on information and assurance.

A number of authorities in the field of information technology security are of the opinion that businesses might significantly improve their levels of protection by employing individuals who have previously worked as hackers in the capacity of consultants. Is that what you consider to be the case? Is this an acceptable reason or an unacceptable one?

- There are many types of cybersecurity liability policies covering a host of eventualities. What insurance you should buy depends on your business model and your company board's risk appetite. For this discussion, pick one of the five cybersecurity laws, regulations, or policies you wrote about in the Module 5 assignment, and discuss what types of insurance you would recommend in case your company fails at compliance for that requirement. Discuss the risk-reward trade offs, and explain why you think your insurance recommendation is worth the cost.

Susan is the lead investigator for a security incident and realizes that she will not be able to complete her investigation without causing severe disruption to the business. The action she feels she must take exceedsthe authority granted to her under the incident response plan. What should Susan do? a)Shut down all business operations immediately until she develops a plan b)Take the action immediately to protect the business c)Discount the action as a possibility because it exceeds her authority d)Consult with higher levels of management

Chain Link Consulting is an information technology consulting company that focuses on system security concerns. When the company's president asks you to assist her with the preparation of a presentation for a group of potential clients at a trade show meeting next month, you say "yes." First and foremost, she would like you to examine system security concerns in light of all six security levels. Afterwards, she wants you to come up with a list of methods that Chain Link might evaluate a client's security procedures in order to obtain an accurate evaluation of their level of exposure.It was her way of making the situation more intriguing by saying that it was fine to be imaginative in your ideas, but that you should avoid proposing anything that would be unlawful or immoral. Example: It might be OK to pretend as a job candidate with phony references to see whether they were being reviewed, but it would be inappropriate to steal a lock and access the computer room to check on things.Your…

What are the types of traditional security Model?

The majority of individuals concur that creating proper security rules and consistently implementing them are necessary actions to take. An explanation of why creating, implementing, and maintaining security rules is so important.

Discuss the security implicationsFrom the perspective of your department and management level, discuss the implications of a security breach in the company's infrastructure (all forms - human, technology etc.) 1.      Suggest TWO reasons why such breaches could occur and state how they can be avoided.   Based on the above requirements above, critique the below discussion: A security breach is the loss of management, compromising, illicit public disclosure, unapproved acquiring, or acquisition, or any similar event in which sensitive data is accessed or potentially obtained by someone other than an authorized user, or in which a verified user accesses privately apparent data with a purpose other than that for which it is approved.A cyberattack and data breach at Trading could have a negative effect on the company's bottom line. It might harm your company's reputation and cause customers to lose faith in you. And both large and small businesses may be impacted by this. Furthermore, a…

Book title: Cybersecurity Essentials - Charles J. BrooksChapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 1. Policy creation sample ofmanaging access to authorized devices and resources based on the following items (NIST PR.AC-1). 2. Method creation sample of controlling physical access to secured assets (NIST PR.AC-2). 3. Action plan creation sample of informing and training general employees (NIST PR.AT-1). 4. Plan sample of helping privileged users understand their job roles and responsibilities (NIST PR.AT-2). (Refer to screenshot for reference)

Book title: Cybersecurity Essentials - Charles J. Brooks Chapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 2. Inventory creation sample of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). 3. Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3). 4. Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). (Refer to screenshot for reference)

Choose two principles of the Security Paradigm and describe each by giving an example based on your experiences as IT personel.

define each concept and explain how it contributes to the development of security mechanisms that may be used to achieve desired security policies in companies.

The following are some examples of how a security framework may help with security infrastructure design and deployment. The definition and operation of information security governance are ambiguous. Who in the firm should be in charge of long-term planning?

Physical security is highly distinct from other forms of security in how much and how frequently it is different from other security types. We need to know what the most serious physical security risks of our day are, so we can defend ourselves. Do they make themselves known to the broader public in any way?

explain why each principle is vital to security and how it facilitates the creation of security mechanisms that may be used to achieve desired security policies in companies.

Having policies in place can mitigate the risk of physical security breachesC-suites and SBOs (Small Business Owners) indicated external threats from vendors or contractors(25% C-suites; 18% SBOs) and physical loss or theft of sensitive information (22% C-suites, 19%SBOs) are the top information security threats facing their business.Yet, the number of organizations with a known and understood policy for storing and disposing ofconfidential paper documents adhered to by all employees has declined 13% for C-suites (73% in 2019to 60% in 2020) and 11% for SBOs (57% in 2019 to 46% in 2020).In addition, 49% of SBOs have no policy in place for disposing of confidential information on end-of-lifeelectronic devices.While the work-from-home trend has risen over the years, the COVID-19 pandemic abruptly launchedemployees into work-from-home status, many without supporting policies.77% of C-suites and 53% of SBOs had employees who regularly or periodically work off-site. Despitethis trend, 53% of…

To learn more about your institution's security rules, look them up on the intranet or website. Is there a corporate security policy somewhere? Where have you come across security rules that are tailored to address a particular problem? What agency or department is in charge of issuing or coordinating all of these policies, or are they dispersed across the organization? Use the framework provided in this chapter to determine whether or not the policies you found in the preceding exercise are complete. What are the omissions in these areas?

Book title: Cybersecurity Essentials - Charles J. BrooksChapter 1 - Infrastructure security in the Real world From the information provided in the first scenario, consider the National Institute of Standards and Technology (NIST) functions detailed in this section and observe how they relate to each category. 1. Which steps could be put in place to recover from actions intended to access, disable, degrade, or destroy the assets that has been previously identified (NIST RC.RP-1)? (Refer to screenshot for reference)

PurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…

3. As a security officer, you have been requested to assist the company’s recruitment officer with the drafting of a new employee recruitment security protocol that the organization intends to adopt for all recruitment purposes in the future. Provide a brief but comprehensive document which must cover the most important security areas the organization needs to focus on when recruiting new employees.

true or false 4. The security policy develops over time and is a living document that the company and security officer must review and update at regular intervals.

Case study 1 Chapter 7 - Investigating Theft Act Assuming you are an agent with the Federal Bureau of Investigation, do the following: 1. Plan and coordinate an investigation in a manner that would not arouse suspicion from Cummings and Baptiste. 2. Create a vulnerability chart to coordinate the various elements of the possible fraud. 3. Assuming your investigation used surveillance and/ or covert investigation techniques, what types of surveillance and/or covert operations would you use? How would technology play a role in this part of the investigation? 4. Finally, how would analysis of physical evidence help in this investigation? What types of physical evidence would be especially helpful?

PurposeThis course project is intended to assess your ability to identify, design, and organize information technology (IT) security policies.Learning Objectives and OutcomesSuccessful completion of this project will ensure that you can develop draft IT security policies for an organization and apply learning constructs from the course. By the end of this project, you will be able to do the following:Evaluate compliance laws relevant to the U.S. Department of Defense.Assess policy frameworks appropriate for an organization in a given scenario.Evaluate security controls and standards for the seven domains of a typical IT infrastructure.Develop DoD-compliant policies for an organization’s IT infrastructure.Required Source Information and ToolsWeb References: Links to Web references in this document and related materials are subject to change without prior notice. These links were last verified on January 4, 2022. The following tools and resources will be needed to complete this…

Deployment of information security requirements must be able to address the most critical vulnerabilities at what stage do this steps happen or conducted? * Your answer

Explain, contrast, and compare two security architectural models.

The Operations Security Process consists of the following steps: Step 1: Identification of Critical InformationStep 2: Analysis of ThreatsStep 3: Analysis of VulnerabilitiesStep 4: Assessment of RisksStep 5: Application of Countermeasures    If you were the information security manager of university and you were asked to applythe five steps of Operations Security Process to the university. Explain how should you apply these stepsand what are your expected outcomes for each step?

Book title: Cybersecurity Essentials - Charles J. Brooks Chapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 1. Inventory creation sample of physical assets (devices and systems) within the organization (NIST ID.AM-1)? 2. Inventory creation sample of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). 3. Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3). 4. Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). (Refer to screenshot for reference)

The Operations Security Process consists of the following steps: Step 1: Identification of Critical Information Step 2: Analysis of Threats Step 3: Analysis of Vulnerabilities Step 4: Assessment of Risks Step 5: Application of Countermeasures If you were the information security manager of University of Hafr AIBatin, and you were asked to apply the five steps of Operations Security Process to the university. Explain how should you apply these steps and what are your expected outcomes for each step?