It255 Assignment1

In: Other Topics

Submitted By pipenhot1
Words 332
Pages 2
Chapter 1 Assessment

1. Information security is specific to securing information, whereas information systems security is focused on the security of the systems that house the information. A)True

2. Software manufacturers limit their liability when selling software using End user licensing agreements. A)

3. The Availability tenet of information systems security is concerned with the recovery time objective. C)

4. Encrypting data on storage devices or hard drives is a main strategy to ensure data integrity. B) False

5. Organizations that require customer-service representatives to access private customer data can best protect customer privacy and make it easy to access other customer data by blocking out customer private data details and allowing access only to the last four digits of Social Security numbers or account numbers. B)

6. The User Domain is t6he weakest link in an IT infrastructure E)

7. The following security controls can help mitigate malicious e-mail attachments: e-mail filtering and Quarantining, e-mailing attachment antivirus scanning, verifying with users that e-mail source is reputable and holding all inbound emails with unknown attachments. E)
8. You can help ensure confidentiality by implementing A virtual private network for remote access. D)

9. Encrypting e-mail communications is needed if you are sending confidential information within an e-mail message through the public Internet. A) True

10. Using security policies, standards, procedures, and guidelines helps organizations decrease risks and threats. A) True

11. A data classification standard is usually part of which policy definition. A)

12. The SSCP professional certification is geared toward IT security practitioner. A)

13. Maximizing availability…...

Similar Documents


...ITT Technical Institute IT255 Introduction to Information Systems Security Onsite Course SYLLABUS Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems. Introduction to Information Systems Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS427 Information Systems Security Capstone Project 400 Level IS404 Access Control, Authentication & KPI IS411 Security Policies & Implementation Issues IS415 System Forensics Investigation & Response IS416 Securing Windows Platforms & Applications IS418 Securing Linux Platforms & Applications IS421 Legal & Security Issues IS423 Securing Windows Platforms &......

Words: 4114 - Pages: 17

It255 Quiz 2

...IT255 Intro to Info Security June 2012 Quiz 2 Name: Date: 08/21/2012 1. Which of the following are primary categories of rules that most organizations must comply with? a. HR and employee b. Regulatory and employee c. Organizational and technological d. Regulatory and organizational 2. Which of the following is not a part of an ordinary IT security policy framework? a. Specifications b. Standards c. Procedures d. Guidelines 3. Which of the following helps you determine the appropriate access to classified data? a. Job rotation b. Need to know c. Code of ethics d. Change control management 4. Which of the following refers to the management of baseline settings for a system device? a. Baseline standards control b. Configuration control c. Change control d. Hardware asset control 5. Identify a primary step of the SDLC. a. Budget review b. Design c. Replication d. Marketing 6. Which of the following is a process to verify policy compliance? a. Penetration test b. Security audit c. Threat mitigation d. Security assessment 7. When monitoring a system for anomalies, the system is measured against __________. a. Baseline b. Logs c. Security policy d. Results of the penetration test 8. Which of the following is not a type of penetration test? a. Black box b. White box c. Gray box d. Blue box 9. Identify a drawback of log monitoring. a. Amount of information b. Specialized tools requirements c. Accuracy of......

Words: 394 - Pages: 2

It255 Unit 3 Assignment 1

...H. Underwood IT255 4/8/13 UNIT 3: Assignment: 1 Remote Access Control Policy 1.0 Purpose The purpose of this policy is to define standards for connecting to Richman Investment’s network from any host. These standards are designed to minimize the potential exposure of Richman Investment’s to damages which may result from unauthorized use of Richman Investment’s resources. Damages include the loss of sensitive or company confidential data, intellectual property, damage to public image, damage to Richman Investment’s internal systems, etc. 2.0 Scope This policy applies to all of Richman Investment’s employees, contractors, vendors and agents with a Richman Investment’s owned or personally-owned computer or workstation used to connect to the Richman network. This policy applies to remote access connections used to do work on behalf of Richman Investment’s, including reading or sending email and viewing intranet web resources. Remote access implementations that are covered by this policy include, but are not limited to, dial-in modems, frame relay, ISDN, DSL, VPN, SSH, and cable modems, etc. 3.0 Policy 3.1 General 1. It is the responsibility of Richman Investment’s employees, contractors, vendors and agents with remote access privileges to Richman Investment’s corporate network to ensure that their remote access connection is given the same consideration as the user's on-site connection to Richman Investment’s. 2. General access to the Internet for recreational use...

Words: 1214 - Pages: 5

It255 Assignment 3

...Melissa Burkhardt IT255 Unit 3 Assignment To begin designing a remote access control policy for The Richman Company, several configurations must take place. The Richman corp. uses In a Windows Server 2003-based native-mode domain, you can use the following three types of remote access policies: Explicit allow, the remote access policy is set to "Grant remote access permission" and the connection attempt matches the policy conditions,The remote access policy is set to "Deny remote access permission" and the connection attempt matches the policy conditions. Secondly, I would enforce The Explicit deny policy. The remote access policy is set to "Deny remote access permission" and the connection attempt matches the policy conditions. The connection attempt does not match any remote access policy conditions. After implementation of several security policies, I would create a SSL VPN network. This is a form of VPN that can be used with a standard Web browser. In contrast to the traditional Internet Protocol Security (IPsec) VPN, an SSL VPN does not require the installation of specialized client software on the end user's computer. It's used to give remote users with access to Web applications, client/server applications and internal network connections. Every Richman Employee must meet the Policy Conditions to the properties of the connection attempt made by the remote access client. There can be one or more Remote Access conditions applied to a single Remote Access Policy...

Words: 299 - Pages: 2

Ef3333 Assignment1

...Assignment1 1. A change in interest rate will affect the cost of borrowing, the income generated from tangible assets and stock’s value that the financial institution owns that will lead to profits or losses as a result. 2. The Federal Reserve’s Policies such as monetary policy could affect interest rates, inflation, and the supply of the money. These three factors are directly related to the profitability of financial companies. So the managers care so much about the Fed activities. 3. The family members are closed to you than a stranger. You could know the credibility of the family members but not the strangers. Under the asymmetric information, you can reduce the risk of being bad debt by borrowing the money to family members instead of the strangers. 4. The nominal interest rate=2%+6%=8%. At the end of one year, I will have $1080 in account ($1000*1.08). At that time, the stereo will sell for $1050*1.06=$1113. I don’t have enough money to buy it. I still need $33 ($1113-1180=$33) in order to buy it. 5. Years Cash payment PV OF CP Weights Weighted maturity 1 60 56.07 5.76 0.06 2 60 52.41 5.38 0.11 3 1060 865.28 88.86 2.67 973.73 Duration 2.83 The expected price changes if interest rate drops to 6.75%: %△P = -2.83*(-0.0025/1+0.07)=0.0066=0.66% 6. It will increase the interest rates if prices in the bond market become volatile,. Since the price volatility in bond market will increase the risks of investing bonds, the demand for bonds will fall...

Words: 377 - Pages: 2

Nt1230 Unit2 Assignment1

...Lydell Smith NT1230 Unit2 assignment1 1. What does RAID stand for? Redundant Array of Independent Disk 2. When would we use Raid? To divide and replicate data into physical drives. 3. Define the following types of RAID: a. RAID 0-is simply data striped over several disks. This gives a performance advantage, as it is possible to read parts of a file in parallel. However not only is there no data protection, it is actually less reliable than a single disk, as all the data is lost if a single disk in the array stripe fails. b. RAID 1-is data mirroring. Two copies of the data are held on two physical disks, and the data is always identical. RAID1 has a performance advantage, as reads can come from either disk, and is simple to implement. However, it is expensive, as twice as many disks are needed to store the data. c. RAID 5-data is written in blocks onto data disks, and parity is generated and rotated around the data disks. Good general performance, and reasonably cheap to implement. Used extensively for general data. d. RAID 6-is growing in popularity as it is seen as the best way to guarantee data integrity as it uses double parity. It was originally used in SUN V2X devices, where there are a lot of disks in a RAID array, and so a higher chance of multiple failures. RAID6 as implemented by SUN does not have a write overhead, as the data is always written out to a different block. 4. Why is RAID 0 of any use if it offers no redundancy? Fast performs and additional......

Words: 433 - Pages: 2


...Assignment 1: Project Management Assessment Submitted by: Muhammad Naman Submitted to: Dr. Johnnie E. Drake, Jr. Submission Date: April 4, 2014 Course : EBM 680 Project Management ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- ------------------------------------------------- Project Selected: Adelaide Desalination Plant ------------------------------------------------- Research Problem: South Australia, as the "driest state in the driest (inhabited) continent", experienced severe water shortages during periods of drought...

Words: 593 - Pages: 3

Unit 1 Assignment1: Integrated Circuit Technology

...275,000 | 1988 | 80386SX | - | 1988 | i960 | 250,000 | 1989 | 80486 | 1,180,000 | 1989 | i860 | 1,000,000 | 1993 | Pentium | 3.1 | 1995 | Pentium Pro | 5.5 | 1997 | Pentium II | 7.5 | 1999 | Pentium III | 9.5 | 2000 | Pentium 4 | 42 | 2001 | Itanium | 25 | 2002 | Itanium 2 | 410 | 2003 | Pentium M | 77 | 2005 | Pentium D | 115 | 2006 | Core Duo | 151 | 2006 | Core 2 | 291 | 2006 | Itanium "Montecito" | 1720 | 2008 | Atom | 47 | 2008 | Core i7 | 730 | *2010 | Itanium "Tukwila" | 2000 * | 2010 | Xeon "Nehalem-EX" | 2300 | 2010 | Intel "Westmere" | 1170 | 2011 | Intel "Sandy Bridge" | 995 | 2011 | Xeon E7 | 2600 | 2012 | Itanium "Poulson" | 3100 | 2013 | Intel "Haswell" | 1400 | UNIT 1 ASSIGNMENT1: Integrated Circuit Technology * Indicates the processor model and year when two billion transistors were placed on a single processor chip* Sources: 1. According to Computer Structure and Logic, Chapter 1: Introduction to Computers pg. 15, “The growth in the number of transistors used in integrated circuits is reasonable, because it does hold true to the Moore's Law. Gordon Moore's Law states that "each new chip contained roughly twice as much capacity as its predecessor and each chip was released within 18-24 months of the previous chip." 2. Moore’s Law states that the growth will be......

Words: 306 - Pages: 2


...Estimating the standard deviation of grouped data The Internal Revenue Service (IRS) determines which income tax returns to audit by looking at, among other things, whether there are any unusual deductions claimed on the return. Last year, charitable deductions for a family of four earning between and averaged , with a standard deviation of . The IRS wishes to know whether the standard deviation this year is still around . To determine this, income tax returns for families of four earning between and were randomly selected from this year's tax filings. The charitable deductions claimed on the returns are summarized in the following histogram: 20 15 10 5 0 Frequency 4 16 12 4 4 900 1000 1100 1200 1300 1400 Charitable deduction (in dollars) Based on this histogram, estimate the standard deviation of the sample of deduction amounts. Carry your intermediate computations to at least four decimal places, and round your answer to at least one decimal place. (If necessary, consult a list of formulas.) The process for solving these problems is fairly long. Aleks recommends: . Then . I watched a video that condenses the process a bit. Its easier to group the sections included in this process into 4 rows and 4 columns. The first column should list the frequencies in the histogram. Next list the midpoints in the 2nd column. Then multiply the two columns by one another which produces column 3. Next......

Words: 309 - Pages: 2

It255 Project Part 1

...IT255 Project Part 1 4/1/12 User Domain Vulnerabilities * CD dives and usb ports Disable internal drives and usb ports and enable auto antivirus scanning for any inserted media and email attachments * User destruction of data or systems Restrict access to job essential systems/applications. Keep write permissions to a minimum. Workstation Domain Vulnerabilities * Download of photos music and videos from the internet Enable content filtering and workstation auto antivirus scans for all new files * Desktop/laptop application software vulnerabilities Establish a software vulnerability upgrade procedure and push software and security patches in a timely manner LAN Domain Vulnerabilities * Unauthorized access to LAN Implement security measures to gain access to data closets/centers. ie. Access ID cards. * Securing confidentiality of data transmissions via WLAN Use encryption for all wireless transmissions on the WLAN. LAN-to-WAN Domain Vulnerabilities * Router, firewall, and network OS software vulnerabilities Apply security fixes and software patches right away with a 0 day WoV * Unauthorized network probing Disable ping, probing, and port scanning on all external network enabled devices in the domain. WAN Domain Vulnerabilities * Easy to eavesdrop on Use VPN’s and encryption for all transmissions * DoS, DDoS attacks Enable filters to firewalls and router WAN interfaces to block TCP SYN and ping. Remote Access Domain...

Words: 290 - Pages: 2

Itt It255 Research Project Part 1

...Brian Gobrecht IT255 Project Part 1 The domains of an infrastructure are broken down into several parts. The User, Workstation, LAN, LAN-to-Wan, Remote Access, Wan, and System/Application domains. All of these are a very crucial part of a domain structure and if one fails to do its proper job most of it or all of it will come to a screeching halt. The User Domain is pretty self-explanatory yes a system can do without a user but by itself it’s more probable to breakdowns and other things to go wrong. So to help the user out in a way it’s not damaging to the infrastructure. One way is to have the computer scan for viruses in anything that plugs into the usb slot such as a portable hard drive or a memory card. As for unauthorized downloads such as music or photos I suggest enable content filtering. Workstation domains are another vital part of keeping the system healthy at most times. To protect this I suggest either at the door of the server room keycards to get in and at the workstation itself both a physical and pass worded approach to ensure the right person is getting in. And to add further measure of security the room would be camera surveyed and users will be logged. A LAN domain can be a very volatile domain with all the wiring and NIC cards and LAN switches common in most rooms. If we are to hopefully secure this part of the domain I would like to be able to restrict access to the computers and laptops that are only necessary to the work environment. So if someone...

Words: 474 - Pages: 2

It255 Define an Acceptable Use Policy Essay

...IT255 Acceptable Use Policy (AUP) I have reviewed the list of forbidden traffic and came up with this acceptable use policy. Some ports (20&69) would be disabled denying file transfer if all traffic listed is forbidden. I propose the use of content filtering, file transfer monitoring, scanning and alarming for unknown file types from unknown or restricted sources. The restriction on downloading executables could be changed in the same fashion. Both of these guidelines could otherwise interfere with otherwise normal business practice and hinder the productivity of the company. The redistribution copyrighted material is restricted because the system administrator ensures all workstations have what they need. No exporting internal software or technical material in violation of export control laws. If a worker needs such software or material for a location that does not have it then they will be issued license for said use of such property. Workstations will run antivirus and malicious removal software. These programs will be update as new definitions and malicious code data are provided. The organizations data classification standard should address remote access. The company will deny outbound traffic using source IP addresses in access control lists. If remote access is allowed, encrypt where necessary. This will prevent any unauthorized access to internal resources or information from external sources. No unauthorized port scanning or probing on the company’s......

Words: 487 - Pages: 2

It255 Unit5 Assignment

...TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage......

Words: 295 - Pages: 2


...Employment-At-Will Doctrine Name: Sarabjit Singh Prof. John F. Rodgers, J.D. LEG-500-Law, Ethics and Corp.Governance July20, 2012 1. Describe what steps you would take to address the following scenario involving skills, competence, and abilities: · The employee seems to be unable to learn the computer applications that are basic to her job responsibilities, but, consistently “tells” her boss that she is “a good worker and a genius” and that he does not “appreciate her”. Even after a few months of training and support, she is unable to use the computer tools to be productive and efficient in completing the required tasks. Answer: Every job needs some special kind of attributes, skills, competence and abilities to perform the required tasks and these job requirements are specified in job description before hiring an employee. In this case of Jennifer being unable to perform her basic job responsibilities. a. Initially I think recruitment process need to be reviewed, because an inefficient employee was hired, who is not able to perform her basic duties and responsibilities. b. After providing few months’ job training, if she is still unable to learn computer applications, then her job needs to be rotated and assign her different roles and responsibilities. c. Finally, if she is still not able to perform her basic job responsibilities as per set standards of job performance, then issue her warning notice and eventually termination . 2. Describe what steps you......

Words: 839 - Pages: 4

It255 Project Pdf

...IT255 Introduction to Information Systems Security STUDENT COPY: Project Project Security Domains and Strategies Purpose This project provides you an opportunity to apply the competencies gained in various units of this course to identify security challenges and apply strategies of countermeasures in the information systems environment. Learning Objectives and Outcomes  You will learn the purpose of a multi-layered security strategy.  You will understand the information systems security (ISS) fundamentals including the definition of terms, concepts, elements, and goals.  You will incorporate the industry standards and practices with a focus on the confidentiality, integrity, availability, and vulnerabilities of information systems.  You will fulfill the role of a security professional implementing proper security controls in a specific ® business situation based on Systems Security Certified Practitioner (SSCP ) Common Body of Knowledge domains. Required Source Information and Tools To complete the project, you will need the following: 1. Access to the Internet to perform research for the project 2. Course textbook 2 ® ® 3. (ISC) SSCP Common Body of Knowledge available in the SSCP Candidate Information Bulletin © ITT Educational Services, Inc. All Rights Reserved. -147- Change Date: 10/25/2010 IT255 Introduction to Information Systems Security STUDENT COPY: Project Project Logistics The project...

Words: 1563 - Pages: 7

Un traidor entre nosotros (2016) Gratis en Zippyshare | MediaTap | 4 x Red Bull Stickers Race Rally Car Stickers. 75mm x 50mm