DeVry SEC 571 Full Course Latest

$140

Quantity:

Description

DeVry SEC 571 Full Course Latest

 

DeVry SEC 571 Week 1 Discussion Latest

DQ1 Vulnerabilities of Your Systems?

We’re spending some time this week coming up with a common understanding of security terminology, and vulnerability is one of those fundamental terms. While the word weakness seems to define it pretty well, there are a number of ways that information systems can become vulnerable. Acts of commission or omission can be equally responsible for a system vulnerability. What about your systems, both at home and at work? In what ways are they vulnerable?

DQ2 Threats against Your Systems?

It’s a pretty rough world out there for data. While a large percentage of information technology security budgets is devoted to reducing the risk of malicious attacks, there are other ways in which systems or data become damaged. What threats are you aware of when it comes to your personal systems and the systems at your job?

DeVry SEC 571 Week 2 Discussion Latest

DQ1 Security Issues in Telecommunications

What are the advantages and disadvantages of virtual offices, including telecommuting? What are the security and management issues concerning virtual offices, especially hooked up into large virtual networks? Please comment on the views of your fellow students here.

DQ2 What Access Controls Are in Use?

What are your organization’s assets? Are there any access controls in place? How effective are they? How can you tell? What are the weaknesses in the controls? Are any new or upgraded access controls being considered? Let’s explore this substantial component of information security.

DeVry SEC 571 Week 3 Discussion Latest

DQ1 Cryptographic Products

As we are learning, there are a lot of uses for cryptography in information technology, and there are a lot of different algorithms, cryptographic processes, key lengths, implementation methods, and so on. Let’s explore the world of cryptographic products. What’s available out there? What kind of quality is found in free, open-source products? What types of hardware devices? What types of software implementations? How are they used? What problems do they solve? How effective are they? How can you tell? What are the tradeoffs between security and business process efficiency?

Let’s start with everyone presenting one cryptographic product (past, present, or future). No duplications, please, so be sure to read all the previous posts. Then, respond to the posts of your classmates with questions, additional information, and so forth.

DQ2 Cryptographic Standards

Ever since World War II and the ensuing Cold War, cryptographic methods have been the source of much government angst.Protecting the information of one’s own government and accessing the data of other governments has been a preoccupation of many nations. With the growth of civilian computer networks in the 1980s and the development of Internet-based e-commerce in the 1990s, concerns about data security spread from governments to the public sector. The tension between the government’s goal of control of cryptographic methods and business’ need for internationally trustworthy security resulted in skirmishes between the two.

Let’s discuss the modern history of cryptography in terms of commercial-governmental tensions. What can you find out about this? What are the considerations when determining how to standardize cryptographic methods? How are cryptographic methods regulated? What are the different laws that govern the use of cryptography? Are they reasonable? Whose interests are most important when determining the extent to which cryptography should be standardized, regulated, and mandated?

Do a little research and see what you can come up with in one or more of these areas. And be sure to comment on the posts of your classmates.

DeVry SEC 571 Week 4 Discussion Latest

DQ1 Network Services

Users are familiar with some network services such as HTTP (Hypertext Transport Protocol) – the Web; and SMTP (Simple Mail Transport Protocol) and POP (Post Office Protocol) – e-mail and instant messaging. But there are others like DHCP (Dynamic Host Configuration Protocol), DNS (Domain Name System), FTP (File Transport Protocol), NNTP (Network News Transport Protocol), Telnet, SSH (Secure Shell), SSL-TLS (Secure Sockets Layer-Transport Layer Security) and others that the average user may not have heard of.

Tell us more about these services. How do they figure into organizational security? What are the most recent threats against them? What are the risks associated with attacks against network services? What are possible consequences? What are specific controls and general best practices to mitigate risk?

Jump right in. Do a little research on some part of network service security and share with us your findings as well as your experiences and opinions. And, of course, please respond to your classmates’ posts with ideas, questions, comments, other perspectives, and so forth.

DQ2 Security Architecture

Before responding to this forum, be sure to read the section in this week’s lecture on security architecture.

Think about your organization’s security architecture. How much do you know about it? How much do other workers know? How easy is it to learn more? Does your perception of the organization’s security architecture seem appropriate for the mission and goals of the organization? How much management commitment to security do you sense?

Briefly describe your organization, but please DON’T reveal any specific security details that would compromise your organization’s security controls. Feel free to make up a name and even alter the products or services the organization offers to maintain its anonymity as needed. What we should discuss is the general nature of the business, your role, your view on the organization’s security architecture, and what you think the ideal security architecture should be for your organization.

As we get moving on this discussion, consider the ideas of your classmates. Would they be appropriate for your organization? Even if you don’t have much connection with the security activities in your company, what do you THINK would be appropriate?

As always, post early, post often, and address the posts of your classmates.

DeVry SEC 571 Week 5 Discussion Latest

DQ1 Case Study – Would You Hire Goli?

How would you respond if Goli (Case VIII, p. 707 in our text) came to you describing a vulnerability in your system and offering to help fix it? What would incline you to hire her? What would disincline you from doing so? Please explain your answer and also reply to the comments of others.

DQ2 Privacy: Right or Privilege?

Privacy seems to mean different things to different people. What does privacy mean to you? Is privacy a right or a privilege? How should one’s privacy be legally protected or secured, especially when using the Internet? Maybe this is not absolutely possible; protection may always be viewed as a relative term. Why or why not? Please comment on the responses of other students.

DeVry SEC 571 Week 6 Discussion Latest

DQ1 BC and DR

Business Continuity (BC) planning and Disaster Recovery (DR) planning are key elements in organizational security architectures.What is the difference between them and why is it important to know the difference when representing security proposals to management?

DQ2 Meeting Regulations

With what federal, state, and/or organizational regulations regarding information systems and data management must your organization comply? How can you identify these regulations? How can you remain informed about changes in these requirements? How can your organization or industry influence these regulations?

 

DeVry SEC 571 Week 7 Discussion Latest

DQ1 Personal/Group Ethics

What is ethics? Is it a cultural standard or an individual standard? Do managers have a responsibility to maintain an ethical standard within a department? If so, how is the expected ethical standard established? How is it documented? How is compliance measured? What happens when an individual’s ethical standard conflicts with the group standard? How should members of the group react? How should the individual react?

DQ2 Security Skills

What skills are needed by personnel working in information security? List some job titles in the field and come up with some required qualifications and some desirable qualifications. Take a look at some job listings and resumes for ideas. After all, you may be applying for one of these jobs soon!

 

 

DeVry SEC 571 Week 1 Quiz Latest

1 Question : (TCO A) Describe an organizational information situation where data confidentiality would be more important than data availability or integrity.

Question 2. (TCO A) Which of the following is the weakest password?

Question 3. (TCO A) While our focus in the course is on threats to information systems, this question focuses on the concept of threats, vulnerabilities, and controls as applied to other kinds of systems. Select two examples of threats to automobiles for which auto manufactures have instituted controls. Describe the vulnerabilities for which the controls were created and assess the effectiveness of these controls giving the justification for your assessment. Your answer does not need to address information security but you need to demonstrate your understanding of the terms: threat, vulnerability, and control. (Note: specific answers to this question are not in the assigned reading material.)

Question 4. (TCO A) To what extent does U.S. Combined Federal Criteria quantitatively and measurably demonstrate the practical effectiveness of the security measures it mandates? In other words, how well does it objectively measure real-world security? How would this influence your use of this standard in a given computing environment? Be sure that your answer addresses quantitative and measureable practical effectiviness.

Question 5. (TCO A) Network enumeration is used to _______________________.

Question 6. (TCO A) One privacy concern about the use of biometric authentication is unintentional functional scope. Please briefly define this concern and give an example.

 

DeVry SEC 571 Week 4 Midterm Latest

Question 1. (TCO A) What are the three types of user authentication? Name three examples of each type of authentication.

Question 2. (TCO A) Cite a real-world database situation in which the sensitivity of an aggregate is greater than that of its constituent values.

Question 3. (TCO B) Suppose you have a high capacity network connection coming into your home, and you also have a wireless network access point. Also suppose you do not use the full capacity of your network connection. List three reasons you might still want to prevent an outsider obtaining free network access by intruding into your wireless network.

Question 4. (TCO C) Respond to each part of this question:

  1. a) Describe how a long number (encryption key) can be shared between sender and receiver without using any source that is obvious to outsiders and without directly sending the number from sender and receiver.
  2. b) Describe how a long number (encryption key) can be shared between sender and receiver over an unsecured network without loss of confidentiality.

Question 5. (TCO B) Which of the following is a correct statement?

The UDP protocol provides flow control for transport-layer communications.

The Kerberos authentication protocol requires that network servers’ clocks be synchronized.

A rogue DNS server can be used to participate in a DHCP cache poison attack.

ARP is used to resolve MAC addresses to IP addresses.

Link encryption ensures that information is protected within the communicating systems.

 

 

DeVry SEC 571 Week 3 Assignment Latest

Phase I

Phase I – Identifying potential weaknesses from either the Aircraft Solutions or Quality Web Design Company is due this week.

Please carefully read Course Project Requirements in Doc Sharing to be sure your submission addresses all required elements. Pay particular attention to the grading standards found in the Course Project page (Course Home.)

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.

 

DeVry SEC 571 Week 7 Course Project Latest

Phase II

Phase II: the Course Project (comprised of Phase I revised based on Week 3 feedback and the Solution’s phase) – Recommend solutions to the potential weaknesses from either the Aircraft Solutions of Quality Web Design Company is due.

Please be sure that your submission contains all of the required elements and grading standards. Refer to the grading standards outlined in the Course Project found in the Course Home and the Course Project Requirements document in the Doc Sharing tab.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

 

DeVry SEC 571 Week 8 Final Exam Latest

Question 1. 1. (TCO A) You are responsible for developing a security evaluation process that can be used to assess various operating systems both during and after development. List the five most desirable qualities your evaluation process should have and explain why they are important. (Be sure to address qualities of the evaluation process, not specific metrics for assessment of operating systems.)

Question 2. 2. (TCO B) Acme Films produces advertisements for cable television stations. They have two locations in a large metropolitan area. Building 1 contains the administrative, sales, marketing, human resources, development, and graphics departments. Building 2 contains the sound stages, production and post production facilities, equipment, and mobile unit storage.The two buildings, five miles apart, are connected by a VPN using a T1 connection. Each location is protected by hardware firewalls and each location has a DMZ. Building 1’s DMZ includes Web, FTP, DNS, and e-mail servers. Building 2’s DMZ includes an FTP server from which clients can access work product. Network-based IDS systems are placed in the DMZs. There are 75 Windows XP workstations in each location. Workstation security is centrally managed and includes anti-virus, anti-spyware, and patch management. File, application, database, and print servers at each location are protected by anti-virus, anti-spyware, and patch management. Internet access is provided to users via a proxy server and NAT.

User authentication is controlled by Windows 2008 Active Directory and users must authenticate by using a smart card and entering a PIN. Discretionary access control methods are in use.

List and assess three security threats faced by the information technology systems and list and describe 1 security control needed that would be appropriate to address each threat. (Points : 40)

Question 3. 3. (TCO C) Why is a firewall usually a good place to terminate a Virtual Private Network (VPN) connection from a remote user? Why not terminate the VPN connection at the actual servers being accessed? Under what circumstances would VPN termination at the server be a good idea?

Question 4. 4. (TCO D) A computer programmer has been arraigned for a computer crime. She is suspected of having accessed system files on a public Web server. The programmer’s attorney argues that his client was only trying to determine if the website was secure and that no harm was done to the Web server or its system files. The programmer’s attorney also argues that it is possible that the log files that show that his client accessed system files were tampered with. The attorney claims that the Web server was made accessible to the public anyway so that there was no violation of the law and that the arraignment against her client should be thrown out. You’re the judge. What is your analysis of these arguments? (Points : 40)

Question 5. 5. (TCO E) After reading about attacks on servers similar to the ones used in one of your company’s departments, the CIO has asked you to come up with a report as to what, if any, steps should be taken with your servers. List and describe the steps you would need to take in order to complete a detailed report. (Points : 40)

Question 6. 6. (TCO F) Are ethics a matter of absolute right and wrong or are they changeable? Can an ethical person consider something to be wrong and then, later, consider that same thing to be right while still being ethical? Explain your reasoning. (Points : 40)

Question 7. 7. (TCO G) Which of the following statements is true? (Points : 20)

A patent is typically easier to obtain than a copyright.

Computer programs cannot be copyrighted.

The “fair use doctrine” prohibits reproduction of copyrighted material.

Copyright applies to ideas. Patents apply to things.

In order to assure patent rights, the holder need not oppose all infringement.

Question 8. 8. (TCO H) Some IT department policies are designed to prevent behaviors by IT staff. While some depend upon the employee voluntarily complying with the policy (for example: do not reveal technical information to outside parties), others are enforced technically (for example, authentication required for system access). What is an example of a policy that technically enforces ethical behavior by IT staff? Provide policy wording for your example. (Points : 40)

 

DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for DeVry SEC 571 Full Course Latest, then contact us through call or live chat.

DeVry SEC 571 Full Course Latest

Best DeVry SEC 571 Full Course Latest

DeVry SEC 571 Full Course Latest