Description
DeVry SEC 578 Full Course Latest
DeVry SEC 578 Week 1 Discussions Latest
DQ1 Competitive Differentiator
Increasingly, companies are under pressure from their shareholders to increase profits by reducing internal expenses and increasing sales. Many companies believe that globalization using information technology (IT) is a good approach to reducing expenses and increasing sales. What are some of the advantages of using IT to meet these goals, and what are some of the pitfalls? Increasingly, companies are under pressure from their shareholders to increase profits by reducing internal expenses and increasing sales. Many companies believe that globalization using information technology (IT) is a good approach to reducing expenses and increasing sales. What are some of the advantages of using IT to meet these goals, and what are some of the pitfalls?
DQ2 Computer Security Program Manager (CSPM)
The CSPM is the top security officer in an organization. The CSPM may be responsible for defining the security organization, setting it up, and operating it so that the business is both profitable and secure. Would you want this job? Why or why not?
DeVry SEC 578 Week 2 Discussions Latest
DQ1 Is Ignorance Bliss?
In Chapter 4 of NIST SP800-12 you read about clear and present dangers that threaten the CIA Triad. Some believe that it is better not to know what security risks they are facing, while others believe that they need to know exactly what security risks they face. Can you think of some reasons that companies would rather be ignorant of security risks and why others believe they need to know about every possible security risk? If so, please share your ideas.
DQ2 HIPAA Compliance
Review the Administrative Safeguards in the HIPAA Security Rule at this link: http://www.hipaa.org/How does HIPAA enforce due care? What is the role of the Compliance Manager?
DeVry SEC 578 Week 3 Discussions Latest
DQ1 Cryptography
Explain the role of Cryptography in authentication, confidentiality, and integrity. Give an example where Symmetric Cryptography (Secret Key) is normally used and an example where Asymmetric Cryptography (Public Key) is normally used.
DQ2 Computer System Life Cycle
Describe the security issues that apply to the disposition (retirement and disposal) phase of the Computer System Life Cycle. What needs to be accomplished and why?
DeVry SEC 578 Week 4 Discussions Latest
DQ1 Three Factor Authentication
Three-factor authentication has become a standard for strengthening authentication in some industries. One could argue that three-factor authentication is a form of “defense-in-depth” applied to the authentication control. Would this be true or not?
DQ2 File Access Controls
Access controls for files come in many forms, from simple passwords to access control lists, to capabilities (such as token or certificate authentication), and may also use various combinations of these techniques. What is the purpose of file access controls? If the only file-access-control used by an organization is access control lists, what issues might arise as the organization grows?
DeVry SEC 578 Week 5 Discussions Latest
DQ1 Catastrophic Events
Some suggest that the recent catastrophic disasters that inflicted the Gulf Coast and the Midwest should teach us to give greater consideration to physical security and redundancy. In response to these very public incidents, have you seen your company respond to physical catastrophic threats to IT-related assets over the last few years? How do you think small businesses are able to respond to redundant physical locations or physical safeguards? Is it reasonable to plan for disastrous events?
DQ2 Hacking People
Consider the following scenario: While entering the company’s building, Jeremy waves his proximity card in front of the secured door. The door unlocks, and Jeremy opens the door only to be waived down by a young lady asking for him to hold open the door. Jeremy politely holds the door open, and the young lady is allowed into the building. What just happened? What is your analysis of the situation? How should this kind of scenario be controlled for in the future?
DeVry SEC 578 Week 6 Discussions Latest
DQ1 Stratification of Data Ownership
Consider the difference between a data owner, a data steward, and a data custodian. Some would claim that these three “data authorities” must work together if a company wants to secure its information assets. Is this true? Why?
DQ2 Responding to Data Loss or Compromise
How should a CSPM respond to a compromise of critical company information assets?
DeVry SEC 578 Week 7 Discussions Latest
DQ1 Professional Certification
Professional certifications are available from the Information Systems Audit and Control Association and Foundation (ISACA) and the IISSCC, including the CISSP (certified information system security professional), the SSCP (system security certified practitioner), the CISM (certified information security manager), and the CISA (certified information security auditor). Some companies and some U.S. government agencies use attainment of these certifications as hiring criteria for information security professionals, others have stopped using these certifications as hiring criteria, and some have never considered these certifications as hiring criteria. What do you think of the use of these certifications or credentials as hiring criteria?
DQ2 Project Discussion
Please download your project briefing (only the briefing) to this discussion forum. Review all of the project briefings.Note differences in findings and discuss these differences. Why are there differences?
DeVry SEC 578 Week 2 Assignment Latest
Week 2 assignment
Administrative Controls Paper
Write a 3 to 5 page paper to answer these questions:
How do Administrative Controls demonstrate “due care?”
How does the absence of Administrative Controls impact corporate liability?
How do Administrative Controls influence the choice of Technical and Physical Controls?
How would the absence of Administrative Controls affect projects in the IT department?
The total points for this assignment are 100 points. Each question is worth 20 points, and the remaining 20 points will be awarded for clarity, consistency, and quality of writing. Grammatical and spelling errors are considered clarity problems.
Please follow DeVry standard for papers (APA) and also number your pages.
Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
DeVry SEC 578 Week 3 Assignment Latest
Week 3 assignment
Technical Controls Paper
Write a 3 to 5 page paper to answer these questions:
How could Administrative, Technical, and Physical Controls introduce a false sense of security?
What are the consequences of not having verification practices?
What can a firm do to bolster confidence in their Defense-in-Depth strategy?
How do these activities relate to “Best Practices”? How can these activities be used to demonstrate regulatory compliance?
The total points for this assignment are 100 points. Each question is worth 20 points, and the remaining 20 points will be awarded for clarity, consistency, and quality of writing. Grammatical and spelling errors are considered clarity problems.
Please follow DeVry standard for papers (APA) and also number your pages.
Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
DeVry SEC 578 Week 5 Assignment Latest
Week 5 assignment
We have designed a simulation that depicts a real-world physical security survey situation. Please set aside 30 to 35 minutes to review the simulation below.
First download the transcript. This document contains the instructions and thirty-one (31) survey questions needed to complete this assignment.
Executive the simulation by clicking the Physical Security Survey Simulation link.
Visit each room and gain information from people, by clicking on objects in the room, and from your team’s observations.
The rooms will change color when you have gathered all of the information from that room, but you may view the simulation more than one time.
Be sure to return to the Board Room occasionally; you will be able to tell when you have finished collecting all of the available information on your final visit to the Board Room.
You will find that it is very important to complete the simulation.
Prepare the report. In your report, number each question for the first thirty (30) questions followed by an answer to that question. Provide one or more short introductory paragraphs that describe what was surveyed, who performed the survey, the date of survey, and any other information you consider important. Write a concluding paragraph that contains your answers to question number thirty-one (31); the concluding paragraph that contains your recommendations.Your survey report should contain the following sections:
Top Notch Security
Physical Security Survey Report for <Customer Name>
Consultant Name: <your name>
Date of Survey: <date>
Introduction
Questions and Answers
Question 1
Answer 1
Question 2
Answer 2
etc.
Question 30
Answer 30
Conclusion and Recommendations
Question 31 and Answer 31
<page number>
Each question is worth three (3) points each. The introduction of the report is worth seven (7) points. The entire assignment is worth 100 points. Keep the report very short and simple, but be clear as to exactly what was surveyed and how the survey was performed. Make sure to read the transcript very carefully, concentrating especially upon the introduction. Also, watch the entire simulation and view it as many times as desired.
Simulation
In this simulation, you will take on the role of an apprentice security consultant in your first big assignment. Your experienced mentor will be there alongside you to guide you with valuable hints as you explore the client’s business locations. You’ll have opportunities to interview employees and survey rooms and offices through a clickable interface that provides informative feedback.
Physical Security Survey Simulation (Runs roughly 35 minutes for activity)
Download: 3M Stream Requires sound
Thank you for taking the time to review our simulation exercise. We will discuss your thoughts about this situation in the Physical Security threaded discussion section. See you there.
Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
DeVry SEC 578 Week 6 Course Project Latest
Week 6 course project
Objective
Write a Risk Assessment Report that is 5–10 pages long and contains a required risk management matrix.
Present a senior management-level PowerPoint briefing consisting of no more than 10 slides.
Listen
Guidelines
Papers must be 5–10 pages long (this would be roughly one page per area included in the report) with 10-point font.They must be double-spaced must include a cover page, table of contents, introduction, body of the report, summary or conclusion, and works cited.
Even though this is not a scientific-type writing assignment, and is mostly creative in nature, references are still very important. At least six authoritative outside references are required (anonymous authors or web pages are not acceptable). These should be listed on the last page, which is titled “Works Cited.”
Appropriate citations are required.
All DeVry University policies are in effect, including the plagiarism policy.
Management Briefing (PowerPoint) is due at the end of Week 6 (resubmit to the Project Discussion topic in the Week 7 Discussion forum) of the course.
Risk Assessment Report and Risk Management Matrix are due during Week 6 of this course.
Any questions about the Course Project may be discussed in the weekly Q & A Discussion topic.
The paper and PowerPoint are worth 190 total points and will be graded on quality of research topic, quality of paper information, use of citations, and grammar and sentence structure.
Week 1
Read the first week’s Course Project files in the CSPM Project Files and Hacker Project Files in Doc Sharing. To obtain the role information for either the CSMP or the hacker, go to the Doc Sharing dropdown menu. There you will see a box next to the “Select View.” Click on the arrow to view the choices. Then click on the “GO” button.
The case study will explore an information system and the organization in which it operates, and the current state of the information system. You will choose a scenario from either the perspective of a Computer Security Program Manager (CSPM) or from a hacker’s perspective.
Next, place your decision in a Word document and submit it to the Week 1 Course Project Planning Assignment Dropbox. If there are insufficient CSPM choices or hacker choices, the teacher may (randomly) ask a student to change the choice.
Note: Once the choice is made, it is final. Sharing the CSPM and Hacker packets is not allowed.
Each teacher will send an additional handout to each student and provide extra information pertinent to the case. Each member will be provided identical information as its other group members (either the CSPM or hacker group). The CSPM packet and the Hacker packet present different information. The idea is to get two views of the risk for comparison: one from the point of view of the CSPM, and one from the point of view of a hacker.
Differing and contrasted perspectives offer a lens through which to view the problem of physical and operational security: from the lens of a responsible manager or from the lens of a hacker. The differing perspectives are useful in exploring the fundamental problems associated with securing an information system, and will have the student considering problems from both perspectives. In the industry, we even see the availability of “hacker certification” where technology professionals are trained to think like hackers in order to gain meaningful perspectives. As mentioned in the Week 1 Lecture, the advice to know the enemy and to think as the enemy is thousands of years old (Sun Tzu) but is as valid today as it was in 500 B.C.
Week 6
Management Briefing
The PowerPoint will be a briefing to senior management that could be used to present the findings of the risk assessment to management. The briefing will identify the system that was assessed, provide a brief description of the assessment process used, state the conclusions of the assessment, and recommend a course of action to management.
At the end of Week 6, the senior management-level briefing will be posted to the Project Discussion topic in the Week 7 Discussion forum and discussed among class members during that week. Differences in approach and findings will be identified and the ramifications of those differences will be discussed. Discussion, however, is not limited to these two topics but is expected to be “freewheeling” (where anything is fair game, but please use discretion).
Risk Assessment Report
The risk assessment report will contain a simple risk management matrix that can be easily read and understood by senior management so that management can make an appropriate risk management decision.
Risk Management Matrix
The risk management matrix will be a matrix with at least the following columns.
Risk description
What adversary might exploit this risk
Estimated likelihood of exploitation
Impact if the risk is exploited
Recommended course of action
At least three risks must be identified. Students are at liberty to add columns and rows to the risk management matrix if deemed necessary. Keep in mind this matrix is for senior management’s use.
The following table is a sample to use.
Brief Description of Risk Adversary (Who Might Exploit this Risk) Likelihood Impact Course of Action
Risk 1
Risk 2
Risk 3
Submit the Risk Assessment Report, Risk Management Matrix, and Management Briefing to the Week 6 Course Project Dropbox.
Note: the Management Briefing receives two grades: one for its submission to the Project Discussion topic in the Week 7 Discussion forum and the other for its submission to its Week 6 Course Project Dropbox.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
DeVry SEC 578 Week 4 Midterm Latest
Week 4 midterm
Question 1.1.(TCO A) According to NIST, a weakness in an information system, system security procedures, internal controls, or implementation that could be exploited is a(n) ______. (Points : 5)
vulnerability
threat
risk
impact
danger
Question 2.2.(TCO B) The expression {(confidentiality, impact), (integrity, impact), (availability, impact)} is an expression called what? (Points : 5)
Security Risk
Security Threat
Security Damage
Security Category
INFOCON
Question 3.3.(TCO C) According to NIST, preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information is called _______. (Points : 5)
nonrepudiation
confidentiality
authorization
integrity
availability
Question 4.4.(TCO F) According to NIST, what is the weakest link in security? (Points : 5)
Administrative controls
Technical controls
Personnel controls
Physical controls
People
Question 1. 1. (TCO A) What does it mean to say that information assets are critical business assets? (Points : 5)
Question 2. 2. (TCO B) Explain why the term due care is very rarely used in policy documents. (Points : 5)
Question 3. 3. (TCO C) What are the vulnerabilities that (1) confidentiality controls, (2) integrity, controls, and (3) availability controls protect information assets against? (Points : 5)
Question 4. 4. (TCO F) Describe the idea of reuse in the computer systems life cycle. (Points : 5)
Below 4
- 1.(TCO A) Reuse is a term that is commonly used to mean that things do not need to be developed each time that they are needed, but rather can be used over and over without redevelopment.Reuse is common in the software and hardware industries. However, one must be careful with reuse. What is a pitfall of the strategy of reuse? (Points : 15)
Question 2. 2. (TCO B) Controlled Unclassified Information is a term invented by the President of the United States in 2008. This new category of information replaces about 150 (or more) existing categories of information and eliminates those over a five-year period. Controlled Unclassified Information is intended to include all of the unclassified information currently addressed by SOX, HIPAA, FERPA, FISMA, GLB, and so forth. When this effort is completed, there will be exactly three categories of Controlled Unclassified Information, which will replace all 150 (or more) current information categories. What is the advantage of reducing the number of categories of unclassified information from the estimated 150 to three? (Points : 15)
Question 3. 3. (TCO C) Today, several security services are increasingly provided as common security services. These include audit and monitoring services, authentication services, access management services, directory services, and a variety of detection, prevention, and mitigation services. What is meant by “common security services” and what advantage and disadvantage do they provide when compared to commodity security controls? (Points : 15)
Question 4. 4. (TCO F) Explain why human errors are considered a threat to computer security. (Points : 15)
DeVry SEC 578 Week 8 Final Exam Latest
Week 8 final exam
Question 1. 1. (TCO A) What are the goals of information security? (Points : 5)
Administrative, technical, and physical
Confidentiality, accountability, and integrity
Confidentiality, integrity, and accountability
Technical, integrity, and administrative
Confidentiality, integrity, and availability
Question 2. 2. (TCO A) Security controls protect ______. (Points : 5)
facilities
people
information
computers and networks
All of the above
Question 3. 3. (TCO B) Due care is used as a test to determine whether management has taken precautions that are ______. (Points : 5)
compliant
legal
reasonable
secure
readiness
Question 4. 4. (TCO B) Regulations that enforce compliance, including SOX, FERPA, FISMA, and GLB, require protection of ______. (Points : 5)
governments
industries
types of information
personal privacy
computer systems
Question 5. 5. (TCO C) What is a privilege? (Points : 5)
The authority to use an information asset in a particular way
The ability to use an information asset in a particular way
The right to use an information asset in a particular way
The means to use an information asset in a particular way
None of the above
Question 6. 6. (TCO C) Access control can be based on ______. (Points : 5)
roles
location
message routes
time of day
All of the above
Question 7. 7. (TCO D) Physical controls for electromagnetic emanations are called what? (Points : 5)
SPREAD SPECTRUM
SHIELDING
TEMPEST
BLACKOUT
None of the above
Question 8. 8. (TCO E) What threats are most likely to compromise CIA safeguards? (Points : 5)
Viruses
Malicious codes
Spyware
Employees
External hackers
Question 9. 9. (TCO E) What is the name of the phenomenon in which two pieces of information are nonsensitive in isolation but when combined produce highly sensitive information? (Points : 5)
Combinatorics
Synthesis
Aggregation
High-water mark
None of the above
Question 10. 10. (TCO F) Adversaries may be ______. (Points : 5)
competitors
employees
news reporters
thrill seekers
All of the above
Page 2
Question 1. 1. (TCO A) Identify the phases of the Computer System Life Cycle and briefly define at least one role of the CSPM in each phase. (Points : 10)
Question 2. 2. (TCO C) What are the vulnerabilities that (1) confidentiality controls, (2) integrity controls, and (3) availability controls protect information assets against? (Points : 10)
Question 3. 3. (TCO B) If the CSPM finds that his or her company has information that needs protection according to company policy (that is, it is considered proprietary company information), but there is no external law, order, or rule that requires protection of that kind of information, how should the CSPM proceed? (Points : 10)
Question 4. 4. (TCO D) Many CSPMs would argue that CCTV should be installed in storage rooms, wiring closets, and other nonpublic areas of buildings; other CSPMs would argue that those are low-frequency access areas and do not need CCTV. How should such a decision whether to install CCTV in such nonpublic areas be made? Who should make the final decision? (Points : 10)
Question 5. 5. (TCO E) What is the single most likely event that will compromise the confidentiality, integrity, or availability of information assets? Briefly explain why you have chosen your answer. (Points : 10)
Question 6. 6. (TCO F) Explain briefly why privileged users are of concern to the CSPM. (Points : 10)
Page 3
Question 1. 1. (TCO A) Explain why understanding globalism is an important aspect of modern business and why it is also an increasingly important aspect of modern information security. Discuss at least competitive advantage as well as supply-chain issues and legal issues. (Points : 15)
Question 2. 2. (TCO B) Analyze why administrative controls should be documented. (Points : 15)
Question 3. 3. (TCO C) Explain the idea of situation awareness and identify at least five elements that should be part of situation awareness for a wide area network (WAN) environment. (Points : 15)
Question 4. 4. (TCO C) We have looked at compliance legislation for several kinds of information (e.g., health, financial, educational) and have also reviewed requirements for protection of particular kinds of information such as intellectual property (trade secrets, patents, copyrights). Most companies store, process, and handle all of these kinds of information. The number of different compliance statutes written by federal, state, local, and tribal governments and of specialty protection requirements issued by independent commissions (such as riverboat gambling commissions) continue to increase. A CSPM may have to deal with several of these laws or rules. Assuming that the CSPM has identified the rules and laws that apply to his company, how can the CSPM ensure that system controls are sufficient to satisfy all of them? (Points : 15)
Question 5. 5. (TCO D) Evaluate advantages of deploying closed-circuit television (CCTV) in a waiting room. (Points : 15)
Question 6. 6. (TCO E) The SOC was established to measure readiness. However, some components of a computer and network system are more critical for readiness than others. Let’s say that there are three levels of criticality for system components: mission critical, mission essential, and support. Using what you have learned about calculating the security category for information, devise a similar scheme for categorizing computer and network system components for readiness. (Points : 15)
DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for DeVry SEC 578 Full Course Latest, then contact us through call or live chat.
DeVry SEC 578 Full Course Latest
Reviews
There are no reviews yet.