SEC360 Data Privacy Security

$61.00

SEC360 Data Privacy Security
Compose a report on the experience of performing the Physical Security survey…

 

Description

SEC360 Data Privacy Security

SEC360 Data Privacy Security

A+ Entire Course: You Decide Paper Week 2, 6 | Physical Security Simulation Report Week 5 | Quiz Week 1, 3, 5, 7 | Discussions Week 1-7

Sunshine Machine Works You Decide Paper Week 2 

https://www.hiqualitytutorials.com/product/sec-360-sunshine-machine/

Scenario, Your Role, Key Players

Sunshine Machine Works has expanded its infrastructure. When they started there were just three computers, and ten employees. Now there are over 100 employees and their network will have fifty computer terminals, with two servers. During the expansion there has been a lot of discussion about the need for a written computer use policy.

You are the IT Services manager for Sunshine Machine Works. This company has seen rapid growth. Management is looking to you to provide a critical input for an Information Systems Use Security Policy. Although they have a format they can use for the policy, they are looking to you to provide some guidance on areas they will need to address when creating this policy.

When we first started this company there were only a few computers that we used to share our files. Now, with the growth of our company we have a situation where we need to centralize our file storage. I am concerned that if we are not careful, some proprietary information could be compromised. We need a good information systems use policy in place. Keep in mind that I am also looking at expanding our business into some oil field work and the standards we will be required to comply with dictate that we have a written policy in place.

There are a lot of spreadsheets which have our account information on them. There is restricted access so that the only ones to access those files are the CEO, the General Manager, and me. No other employees have access to most of them. When they need access to financial data, I am contacted and provide them with the feedback they request. I hope that we are able to keep this system running efficiently and any policy helps enhance the safeguarding of our financial data.

I look at the way we need to do business now, which entails a lot of online collaboration with our vendors, customers, and activities related to our potential sales outreach. I need to have our staff utilize our computing resources with maximum efficiency; however, I want to balance this with the realization our staff may need to check their personal email accounts, bank information, etc. As our file server has arrived and all file storage has been centralized, we need to look at how we secure our network while keeping productivity up.

Write a paper consisting of 500-1,000 words (double spaced) about your experience in the Week 1 You Decide exercise. Briefly explain some of the issues that a company may face as it experiences growth, and begin to address the proper use of their information systems.

Students should see Appendix C of the textbook for examples of policies that address the issues that companies may face.

Since you are responsible for IT Services and want to keep the systems and network functioning effectively, you will want to identify activities which would be permitted and which activities would be prohibited. Management will take your policy suggestions, finalize the policy and it will be provided to the employees.

Follow the instructions provided in the You Decide Exercise: Information Systems Use Security Policy.

Preview:

Over the years I learned through experience that a good security policy needs to adapt and it must be reviewed and revised as the business adapts. As the company continues to expand and many more users being added to the network environment, I advise to keep in mind that the policies…

SEC360 Data Privacy Security

Physical Security Simulation Report Week 5 

https://www.hiqualitytutorials.com/product/sec360-physical-security-simulation/

Compose a report on the experience of performing the Physical Security survey. Students will write a report consisting of 250-500 words (double-spaced) on experiences in the Physical Security Simulation.

Preview:

The first stop in the walkthrough was the security guard shack to the Vehicle Yard. There was a sign that stated that badges must be at the ready. This showed that the company had security badges for its employees. I would recommend…

SEC360 Data Privacy Security

Sunshine Machine Works You Decide Paper Week 6 

https://www.hiqualitytutorials.com/product/sec-360-you-decide/

Sunshine Machine Works, who recently expanded its infrastructure, now needs to ensure that any authorized employee can access the intranet. Sales people and management staff frequently travel to remote locations, and often require access to documents stored on the intranet file server.

You are the IT Services manager for Sunshine Machine Works. You are to assess the information presented and provide a response to management on how remote access may be handled for Sunshine Machine Works.

Wilma Stone – Chief Executive Officer

It’s great that we have expanded and are able to reach out to customers all over the country. With the way things are going, I see real potential for continued success as long as our field assets have the ability to access information here on our local network. I don’t have any problem with any or our people getting access to the resources they need. I just don’t want anything compromised because I don’t want to lose any proprietary information or have any of our customer’s data leaked.

Margie Nelson – Chief Financial Officer

I am pretty paranoid when it comes to this remote access stuff. I keep hearing about people getting their networks broken in to and the next thing you know their bank accounts have been drained! However, it is apparent that this is an option whose time has come. I hope we are able to keep our data safe.

Gary Thomas – General Manager

We have workers who travel to remote locations and need to access information here on the Intranet. I would rather have our people accessing information over a secure connection than sending them out to who knows where with a laptop or thumbdrive full of our company information. Let’s see if we can solve the problem of remote access and maintain company proprietary information.

Given the scenario, your role and the information provided by the key players involved, it is time for you to make a decision. If you are finished reviewing this scenario, close this window and return to this Week’s You Decide tab, in eCollege, to complete the activity for this scenario. You can return and review this scenario again at any time.

Preview:

There are two possible options for providing the company employees with secure remote access to the company’s network. One is through the use of a VPN (Virtual Private Network), and the other is through cloud computing. A VPN is a private network that uses…

SEC360 Data Privacy Security

Quiz Week 1, 3, 5, 7 

https://www.hiqualitytutorials.com/product/sec-360-all-quizzes/

Quiz Week 1 

https://www.hiqualitytutorials.com/product/sec360-quiz-week-1/

(TCO 1) Defense-in-depth is a _____.

Security requirement

Security model

Security strategy

Security policy

Security control

(TCO 1) What are the common effects of controls?

Prevention, detection, and response

Administration, technology, and physical

Detection, accounting, and access control

Identification, audit, and access control

Confidentiality, integrity, and availability

(TCO 1) An organization’s security posture is defined and documented in _____ that must exist before any computers are installed.

Standards

Guidelines

Procedures

Tolerance for risk

All of the above

(TCO 1) The unique security issues and considerations of every system make it crucial to understand all of the following, except _____.

Security standards

Security skills of developers

Hardware and software security configurations

Data sensitivity

The business of the organization

(TCO 2) Which of the following domains is not part of the IISSCC CBK?

Architecture

Project Management

Ethics

Law

Operations Security

(TCO 2) A security event that causes damage is called _____.

A compromise

A violation

An incident

A mishap

A transgression

(TCO 2) What is the enemy of security?

Industry

Foreign nations

Competitors

Complexity

People

(TCO 2) The Cryptography domain includes all of the following topics, except _____.

Block and stream ciphers

Symmetric key algorithms

The OSI model

Public Key Infrastructure

(TCO 1) Policies and procedures are often referred to as _____.

Models

A necessary evil

Guidelines

Documentation

(TCO 2) The Application Development Security domain focuses on _____.

Sound and secure application development techniques

Who may access a system

Single sign-on technologies and their risks

Specific attacks and countermeasures

SEC360 Data Privacy Security

Quiz Week 3 

https://www.hiqualitytutorials.com/product/sec360-quiz-week-3/

(TCO 3) According to your text, what are the four types of corporate policies?

Physical, personnel, technical, and administrative

Programme-level, programme-framework, issue specific, and system specific

Corporate, system, technology, and device

Technical, operational, procedural, and management

Laws, orders, directives, and regulations

(TCO 3) A user cannot access a file/folder to perform his/her required work activities. Who should the user contact?

Security testers

Security administrators

Access coordinators

Network engineers

Chief information security officers

(TCO 3) _____ authorize access to information.

Security administrators

Information owners

Access coordinators

Network engineers

Users

(TCO 3) What does SDLC stands for?

Software development license cycle

Software development life cycle

System development life cycle

System definition life cycle

None of the above

(TCO 4) Various countries have different views of individual privacy. The European Union (EU) has very different privacy laws than the United States has. To allow U.S. companies better ease of operation in the European Union, the Department of Commerce negotiated the _____ with the EU.

Privacy treaty

Memorandum of Agreement regarding privacy

Privacy Reciprocity Act of 1993

International safe harbor principles

Privacy Act of 1983

(TCO 4) Which of the following statements is NOT true?

Patent law can be used to protect systems and processes

Trademark law can be used to protect a company idea

Copyright law can be used to protect source code and user interfaces

Trade secret law can be used to protect processes and source code.

Trademarks can be used to protect domain names

(TCO 5) A reference monitor should have all of the following except which attribute?

Complete in that it mediates all access between subjects and objects

Changeable by other system entities

Simple enough to be completely verified

Highly tamper resistant

Impossible to bypass

(TCO 5) Why are the Bell-LaPadula and Biba models called dual?

They are both confidentiality models

They use exactly the same rules

They are both state transition models

They are the same model with reversed rules

They are both no read up, no write down models

(TCO 4) The _____ program has created the need for companies that create protective equipment to help prevent spies from detecting stray computer signals

Information warfare

Qualitative risk analysis

Information assurance

TEMPEST

None of the above

(TCO 5) What does a product or system have enforced over it by one or more components of the trusted computing base (TCB)?

Tools and methodologies

Unified security policy

Kernel monitoring

Driver signing

Quiz Week 5 

https://www.hiqualitytutorials.com/product/sec360-quiz-week-5/

(TCO 6) Which of the following is a consideration in site selection?

Visibility

Transportation

Both of the above

Neither of the above

(TCO 6) Which of the following are categories of intrusion detection devices?

Door sensors

Biometric detectors

Perimeter detectors

Security detectors

All of the above

(TCO 6) All effective security programmes require, among other things, _____.

A good management team

A physical security plan

A sign-in roster

A backup at an off-site location

Security guards

(TCO 7) Security operations generally does not provide controls for _____.

Personnel security

Resource protection

Backup and recovery of locally stored workstation data

Privileged entity controls

Virus scanning

(TCO 7) OPSEC is a(n) _____ discipline.

Information security

Intelligence

Law enforcement

Counterintelligence

Legal

(TCO 8) Disaster recovery planning includes all of the following except _____.

IT systems and applications

Application data

Data entry users

Networks

Communication lines

(TCO 8) A business impact analysis identifies _____.

Risks to the business

Quantifies risks

Risks to the business if critical services are discontinued

Priorities of restoring critical services

All of the above

(TCO 9) What is the U.S. government classification label that means that unauthorized disclosure may seriously damage national security?

CONFIDENTIAL

SECRET

TOP SECRET

NOFORN

RESTRICTED

(TCO 9) For purposes of access controls, identification and authentication applies to _____.

Subjects

Objects

Files

Applications

All of the above

(TCO 9) When a transaction requires only a _____, there is not any actual proof that a particular person conducted that transaction.

Written signature

Digital signature

Password

Driver’s license

Fingerprint scan

SEC360 Data Privacy Security

Quiz Week 7 

https://www.hiqualitytutorials.com/product/sec360-quiz-week-7/

(TCO 10) A digital signature provides verification of _____ and _____.

Sender reliability, message integrity

Message authenticity, message integrity

Message integrity, sender authenticity

Message authenticity, sender integrity

Message reliability, message integrity

(TCO 10) Computers are _____, and at some point a random number generator becomes _____.

Periodic, deterministic

Deterministic, periodic

Pseudorandom, deterministic

Deterministic, pseudorandom

Random, deterministic

(TCO 11) A packet filter that keeps track of the state of a connection is called a _____.

stateful inspection firewall

stateful inspection filter

stateful inspection router

stateful inspection bridge

stateful inspection gateway

(TCO 11) A Layer 2 firewall is also called a(n) _____.

Packet-filtering router

Bastion host

Packet-filtering bridge

Application-level gateway

Circuit-level gateway

(TCO 12) Modern intrusion detection systems act as sensors for hosts and network devices and work in a centrally controlled distributed fashion using _____.

Software

Remote procedure calls

Agent technology

Common interfaces

Access to local audit records

(TCO 12) A decoy used to lure intruders into staying around is called a(n) _____.

Pharm

Phish

Entrapment

Honeypot

Mug of ale

(TCO 12) What are the two major classifications of potential intruders into a network?

Foreign and domestic

Outside and inside

Domestic and international

Anonymous and contracted

None of the above

(TCO 13) Which form of malware is independent of the operating system and replicating?

Trap door

Virus

Worm

Trojan

Logic bomb

(TCO 13) In which system life cycle phase should security policy be established?

Test and evaluation

Operations and maintenance

Requirements definition

Acquisition

Initiation

(TCO 13) Which form of malware contains hidden and malicious functions disguised as a utility program that performs useful work?

Trap door

Virus

Worm

Trojan horse

Logic bomb

SEC360 Data Privacy Security

Discussions Week 1-7 All Students Posts 253 Pages 

https://www.hiqualitytutorials.com/product/sec-360-threaded-discussions/

Security Policy and Security CBK Discussions Week 1 All Students Posts 47 Pages 

https://www.hiqualitytutorials.com/product/sec360-discussions-week-1/

Security Policy – 21 Pages

https://www.hiqualitytutorials.com/product/sec-360-security-policy/

Policy is central to affecting security in organizations. Using the security policy for your workplace (or other organization with which you are familiar), what are some key features that allow personnel to control security? Are there any deficiencies? What can be added that would improve security? How do you come up with a set of policies for a particular business?  How do you enforce?  How would you handle non-compliance?  Should you have a policy about Jump Drive if there was ONE incident about Jump Drive in the last 10 years?…

Security CBK – 26 Pages

https://www.hiqualitytutorials.com/product/sec-360-security-cbk/

The security Common Body of Knowledge (CBK) describes what security professionals collectively known about the discipline. What knowledge domains are included in the CBK? What do you think will be added to the CBK in the future? What is the logic behind the concept?  How do we accommodate IOT?

The reason security is defined in terms of DOMAINS is that the term itself is broad. When I think of security, many ideas go through my head. I think of risk management, protecting networks, passwords, and more. The list can go on an on. Therefore the kinds of security need to be categorized in manner that allows focus. For instance we have a domain called “Security Assessment and Testing”. Here polices and methods are evaluated to have their effectiveness tested to see if they actually deter/reduce threats. Or another domain can regard the adherence of current laws, regulations, and…

Compliance Legislation and Intellectual Property (IP) Discussions Week 2 All Students Posts 39 Pages 

https://www.hiqualitytutorials.com/product/sec360-discussions-week-2/

Compliance Legislation – 21 Pages 

https://www.hiqualitytutorials.com/product/sec-360-compliance-legislation/

How can we utilize the four types of security policies to develop a HIPAA security program for organizations? What kinds of information does HIPAA protect? What kinds of organizations does HIPAA cover? What are the differences between HIPAA and HITECH?

HITECH enhanced the enforcement of HIPAA and extended provisions of HIPAA to business associates. HITECH had extended the Privacy and Security Rules of HIPAA to business associates: agents of carriers. It also imposed new requirements regarding breaches – covered entities are now obligated to report large data breaches to the government and the affected individuals…

Intellectual Property (IP) – 18 Pages 

https://www.hiqualitytutorials.com/product/sec-360-intellectual-property/

Your organization has asked you to assist in the discussion about how to best protect its intellectual property (IP). The engineers in your organization have developed new database and ordering software to support a faster process for fulfilling customer orders. Which of the various forms of IP protection will you recommend for safeguarding the engineers’ work? Should it be protected at all? What does the organization risk by getting IP protection? Is Grand’ma recipe a trade secret?  So if somebody steals the recipe, what are the remedies? How do you make something a trade mark? Would a sorting program protect-able by law?…

Snack Cake Security and Security and the OSI Model Discussions Week 3 All Students Posts 38 Pages

https://www.hiqualitytutorials.com/product/sec360-discussions-week-3/

Snack Cake Security – 18 Pages 

https://www.hiqualitytutorials.com/product/sec360-snack-cake-security/

Your company has a special recipe for snack cakes. This snack cake is a key product in your company’s lineup, and it is responsible for a large majority of shareholder value. Using a security model described in the text, describe an approach that will allow this important recipe to be kept secure. Think of what is most important and review your Security models? How would you use it then? For example KFC has to give the recipe to the stores? Maybe everything comes premixed?  How would you control access to the recipe?…

Security and the OSI Model – 20 Pages 

https://www.hiqualitytutorials.com/product/security-and-osi-model/

Security can have a cumulative effect. Consider the OSI model as a key component of the Common Body of Knowledge. For definitions of OSI layers, click here: Layers. What is the OSI model about, and how can we use it when we are selecting security controls? Explain the function of the 7 layers.  How about Confidentiality- where does it fit?  How about Integrity? Where do we implement?  Can you implement filtering at layer 2 (Data Link Layer)?….

Amusement Security and Security Operations Changes Discussions Week 4 All Students Posts 33 Pages 

https://www.hiqualitytutorials.com/product/sec360-discussions-week-4/

Amusement Security – 17 Pages 

https://www.hiqualitytutorials.com/product/sec-360-amusement-security/

Your company is in the business of entertainment; they run an amusement park. There are thousands of people all over the park every day. It is very important to control who has access to what, and not just for visitors, but for employees as well. Define groups of people, and indicate how you would control physical access for them. How would you handle a shooter in the crowd? How would you handle an evacuation? How about scarf, baseball hats and so on that can prevent identifications of bad folks?…

Security Operations Changes – 16 Pages 

https://www.hiqualitytutorials.com/product/sec360-security-operations-changes/

Describe how to insert changes in the operational security of the organization. How do you manage those who do not want to accept the changes?

When we make changes at our work we always make sure to send out a notification at least 5 business days prior to actually implementing the change. When make sure to include which specific users and systems will be impacted, along with a training document on how to get started with the new changes. We always welcome our users to contact the support desk for any help or questions they may have regarding the changes as well. We very rarely get complaints for new security changes, and when we do get them we always remind the user that its better to be extra secure than to have all of our data stolen, corrupted, or any other type of malicious attacks. I feel that this is probably the best way to go about change…

SEC360 Data Privacy Security

Backup and Recovery Planning and Access Control Lists Discussions Week 5 All Students Posts 32 Pages 

https://www.hiqualitytutorials.com/product/sec360-discussions-week-5/

Backup and Recovery Planning – 17 Pages 

https://www.hiqualitytutorials.com/product/backup-and-recovery-planning/

Why are backups so often overlooked in an organization? How do we sell the benefits of spending money on backup solutions to business managers and executives? Now that system are redundant, do we still need backup and recovery plans?…

Backups and recovery is still very important even in this age of redundancy, just in case the primary version is loss, corrupted, or a potential system failure. So if any of these things were to happen you would have to restore the data and the full working environment, but none of this…
For a company it is essential to have some kind of backups especially to their sensitive material. Backups are important because when a natural disaster or any event happen not…

Access Control Lists – 15 Pages 

https://www.hiqualitytutorials.com/product/sec360-access-control-lists/

Access control lists are very valuable for administering granular control over an organization’s resources. So why do a lot of organizations opt not to use them in lieu of more general super user or administrator accounts? It is a challenge to remove administrator rights from users? What strategy should be used? Do you think common users need admin rights? How would you handle software installation at the local level?

A discretionary access control list (DACL) identifies the trustees that are allowed or denied access to a securable object. When a process tries to access a securable object, the system checks the ACEs in the object’s DACL to determine whether to grant access to it. If the object does not have a DACL, the system grants full access to everyone. If the object’s DACL has no ACEs, the system denies all attempts to access the object because the DACL does not allow any access rights. The system checks the ACEs in sequence until it finds one or more ACEs that allow all the requested access rights, or until any of the requested access rights are denied. For more information, see How DACLs Control Access to an Object. For information about how to properly create a DACL, see Creating a DACL…

Cryptography and The Enterprise Firewall is Dead Discussions Week 6 All Students Posts 33 Pages 

https://www.hiqualitytutorials.com/product/sec360-discussions-week-6/

Cryptography – 16 Pages 

https://www.hiqualitytutorials.com/product/sec-360-cryptography-discussions/

Which algorithm is more secure: AES256 or AES128? Why?  How about stenography?…

The Enterprise Firewall is Dead – 17 Pages 

https://www.hiqualitytutorials.com/product/enterprise-firewall-is-dead/

A popular computer network publication stated at one time that the enterprise firewall was dead. It boldly stated that the exterior firewalls of the organization should be torn down and replaced with host-based firewalls instead. Is this insane, or is it the best new practice in security management? Explain your answer. What types of firewalls do we need today? Which type will provide you better protection? Are traditional firewalls still efficient today? Are these efficient? How do they handle encrypted packets?…

Intrusion Detection and Secure as a Car Discussions Week 7 All Students Posts 31 Pages

https://www.hiqualitytutorials.com/product/sec360-discussions-week-7/

Intrusion Detection – 16 Pages 

https://www.hiqualitytutorials.com/product/sec-360-intrusion-detection/

Your organization’s business manager has read an article about how intrusion detection systems can help deter hackers. He or she wants to spearhead a campaign to deploy them around the company’s locations in three states. Since an IDS can help deter hackers, does this make it a worthwhile project, or is there some reason to be wary? Specific to this example, how do you respond to ad hoc security requests like this? In general, how can you keep requests like this in check? Are IDS systems enough to deter hackers?…

Secure as a Car – 15 Pages 

https://www.hiqualitytutorials.com/product/secure-as-a-car/

Engineering software is like engineering a car; if one were so inclined, there could be a completely bug- and security-free application. Do you agree with this? Why or why not?…

A “security-free application” is a very lofty goal. It sounds good and it is definitely a goal to shoot for. However, any good security professional knows that there weak links in any wall or application. Cars perform a task, they do have functionality that limit the dangers of driving a…

The complexity of software means it would take incredible planning and foresight to ensure no bugs would arise and there would be no security risks. There is also the fact that users have the potential to take what is supposed to be a normal function of software and use it in either an unprecedented or malicious way. This is why…

Final Exam Not Included

SEC360 Data Privacy Security

DeVry