SlideShare a Scribd company logo

Cst 630 Enhance teaching / snaptutorial.com

Download as DOC, PDF
B
Baileyabw

For more classes visit www.snaptutorial.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool

Education
1 of 20
CST 630 Project 1Risk, Threat, and Vulnerability Management For more classes visit www.snaptutorial.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: a. Security requirements and goals for the preliminary security baseline activity. b. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. c. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you: a. What are the security risks and concerns? b. What are ways to get real-time understanding of the security posture at any time?
c. How regularly should the security of the enterprise network be tested, and what type of tests should be used? d. What are the processes in play, or to be established to respond to an incident? e. Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? f. Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? g. Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. d. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. e. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? f. Operating systems, servers, network management systems. a. data in transit vulnerabilities 1. endpoint access vulnerabilities 2. external storage vulnerabilities 3. virtual private network vulnerabilities 4. media access control vulnerabilities 5. ethernet vulnerabilities b. Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include:
a. remediation b. mitigation c. countermeasure d. recovery Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing). Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE).
Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization. To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network. You will do this within your lab Workspace. The workspace instructions will provide many of the details, but in the simulation, you will launch a sandbox type of virtual machine (VM), report your findings and actual screen captures of the behaviors you see as a result of the tests, and include these in the SAR. Your assessments within the lab will be reported in the SAR. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help.
Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 1 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. After finding the security issues within the network, define which control families from the NIST 800-53 are violated by these issues. Explain in the SAR why each is a violation, support your arguments with a copy of your evidence, and then provide suggestions on improving the security posture of these violations. This section should make up at least four of the 12 pages in the overall report. After you've completed the penetration testing, move to the next step, where you will compile a risk management cost benefit analysis. Step 5: Complete a Risk Management Cost Benefit Analysis You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls. When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR. As part of the final assignment, remember that you will need to create a slide presentation as part of the executive briefing, and submit that along with the SAR. Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediation, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows: 1. Executive briefing: A three- to five-slide visual presentation for business executives and board members.
2. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations. 3. Lab report: A document sharing your lab experience and providing screenshots to demonstrate that you performed the lab. Attach it to the SAR as an artifact. Submit all three components to the assignment folder. ********************************************************************************** CST 630 Project 2 Incident Response For more classes visit www.snaptutorial.com Project 2 Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan." Click the following link to learn more about security management: Security Management. In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR. Step 2: Track Suspicious Behavior You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation. You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using various tools and techniques. You know the location and time stamps associated with the employee's mobile device. How would you track the location of the company asset? Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices. Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title "Tracking Suspicious Behavior." In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR.
Step 3: Develop a Continuous Improvement Plan Now that you've completed the section on tracking suspicious behavior for your CIR, you are confronted with another situation in the workplace. You receive a memo for continuous improvement in the wireless network of your company, and you are asked to provide a report on the wireless network used in your company. You have been monitoring the activities on the WPA2. Provide for your leadership a description of wired equivalent privacy and also Wi-Fi protected access networks, for education purposes. Include the pros and cons of each type of wireless network, as well as WPA2. Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Include this for leadership. Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company. Include your responses as part of the CIR with the title "Continuous Improvement Plan." In the next step, you will look at yet another workplace scenario, and you will use that incident to show management how remote configuration management works. Step 4: Develop Remote Configuration Management You've completed the continuous improvement plan portion of the CIR. Now, it's time to show how your company has implemented remote configuration management. Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company's network. Then, consider the following scenario: An undocumented device is found on the company network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee's device. How would you show proof that the device was removed?
Include your responses as part of the CIR with the title "Remote Configuration Management." In the next step, you will illustrate how you investigate possible employee misconduct. Step 5: Investigate Employee Misconduct In this portion of your CIR report, you will show how you would investigate possible employee misconduct. You have been given a report that an employee has recorded logins during unofficial duty hours. The employee has set up access through an ad-hoc wireless network. Provide a definition of ad hoc wireless networks and identify the threats and vulnerabilities to a company. How could this network contribute to the company infrastructure and how would you protect against those threats? Use notional information or actual case data and discuss. Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented. From your position as an incident manager, how would you detect an employee connecting to a self-configuring network or an ad hoc network? Provide this information in the report. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not? How would you validate that the user is working outside of business hours? Include your responses as part of the CIR with the title "Employee Misconduct." In the next step, you will use lab tools to analyze wireless traffic. Step 6: Analyze Wireless Traffic You've completed several steps that you will use to present your CIR. In this step, as part of a virtual lab, you will analyze wireless traffic.
You are given access to precaptured files of wireless traffic on the company network. This is another way to monitor employee behavior and detect any malicious behavior, intentional or even unintentional. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. Include your responses from the lab as part of the CIR with the title "Wireless Traffic Analysis." Step 7: Prepare the Cybersecurity Incident Report, Executive Briefing, and Executive Summary You've completed all of the individual steps for your cybersecurity incident report. It's time to combine the reports you completed in the previous steps into a single CIR. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your CIR. 3. Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit all three documents to the assignment folder. Deliverables: Cybersecurity Incident Report (CIR), Slides to Support Executive Briefing Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9 ********************************************************************************** CST 630 Project 3 Enterprise Network Security
For more classes visit www.snaptutorial.com Project 3 Step 1: Conduct a Policy Gap Analysis As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind: • Are companies going through an M&A prone to more attacks or more focused attacks? • If so, what is the appropriate course of action? • Should the M&A activities be kept confidential? Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed. Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions: • How would you identify the differences? • How would you learn about the relevant laws and regulations? • How would you ensure compliance with those laws and regulations?
The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements, and the PCI DSS Quick Reference Guide to identify a secure strategy, and operating system protections to protect the credit card data. Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change. In the next step, you will review the streaming protocols that the companies are using. Step 2: Review Protocols for Streaming Services After reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly known streaming protocols and the vulnerabilities of those protocols. Some examples are the Real-Time Streaming Protocol (RTSP), Real- Time Transport Protocol (RTP) and the Real-Time Transport Control Protocol (RTCP). Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A. In other words: 1. You need to identify what streaming the companies are doing and the specific technology they are leveraging. 2. What are the technical vulnerabilities associated with the protocols involved? 3. Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)? 4. What residual risk to the target company's assets and IP remain?
5. Would those risks extend to the current (takeover) company after the merger? a. Would that be bad enough to cancel the M&A? 6. If the response to #5 is yes, then, what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk? 7. What are the costs associated to the target company (implementing the appropriate mitigation)? If the takeover firm has to take additional measures, identify those costs as well. After assessing and reviewing the streaming protocols, move to the next step, where you will assess the infrastructure of the merged network. Step 3: Assess the Merged Network Infrastructure You’ve just reviewed the streaming services of the companies, and now you will assess the infrastructure of the new network. The networks of the two companies could be configured differently, or they could use the same hardware and software, or completely different hardware and software. The purpose of this section is to understand what tools the company is using, the benefits and shortcomings of those tools, and the gaps within the network. Explain what tactics, techniques, and procedures you would use to understand the network. You should identify firewalls, DMZ(s), other network systems, and the status of those devices. When your assessment of the infrastructure is complete, move to the next step, where you will assess any existing policies for wireless and bring your own device (BYOD) within the companies. Step 4: Review the Wireless and BYOD Policies Within Project 2, you learned about and discussed wireless networks. An M&A provides an opportunity for both companies to review their wireless networks. Within your report, explain the media company's current stance on wireless devices and BYOD. However, the company that is being acquired does not have a BYOD policy. Explain to the
managers of the acquisition what needs to be done for the new company to meet the goals of the BYOD policy. When the review of the wireless and BYOD policies is complete, move to the next step: developing a data protection plan. Step 5: Develop a Data Protection Plan You’ve completed the review of the wireless and BYOD policies. In this step, you will develop the recommendations portion of your report in which you will suggest additional mechanisms for data protection at different levels of the acquired company’s architecture. Include the benefits, implementation activities required for protection and defense measures such as full disk encryption, BitLocker, and platform identity keys. You also want to convey to your leadership the importance of system integrity and an overall trusted computing base, environment, and support. Describe what this would entail and include Trusted Platform Module (TPM) components and drivers. How are these mechanisms employed in an authentication and authorization system? Include this in the report and whether the merging company has this. In the next step, you will assess any risks with the supply chain of the acquired company. Step 6: Review Supply Chain Risk The data protection plan is ready. In this step, you will take a look at risks to the supply chain. Acquiring a new company also means inheriting the risks associated with its supply chain and those firm's systems and technologies. Include supply chain risks and list the security measures in place to mitigate those risks. Use the NIST Special Publication 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations to explain the areas that need to be addressed. After your supply chain review is complete, move to the next step, where you will create a vulnerability management program.
Step 7: Build a Vulnerability Management Program After your supply chain review, you conduct an interview with the company's current cybersecurity team about vulnerability management. The team members explain to you that they never scanned or had the time to build a vulnerability management program. So, you need to build one. Use NIST Special Publication 800-40 Guide to Enterprise Patch Management Technologies to develop a program to meet the missing need. Explain to the managers how to implement this change, why it is needed, and any costs involved. The next step is a key one that should not be overlooked -- the need to educate users from both companies of the changes being made Step 8: Educate Users You’ve completed your vulnerability management program, but it’s important to educate all the users of the network about the changes. During the process of acquiring a company, policies, processes, and other aspects are often updated. The last step in the process is to inform the users for the new and old company of the changes. Within your report, explain to the acquisition managers the requirements for training the workforce. When you’ve completed this step, move to the final section of this project, in which you will prepare and submit your final report. Step 9: Prepare and Submit Your Report, Executive Briefing, and Executive Summary You’re ready now for the final step, in which you will compile and deliver the Cybersecurity for a Successful Acquisition report for the company leaders to enable them to understand the required cybersecurity strategy. Again, keep in mind that companies undergoing an acquisition or merger are more prone to cyberattacks. The purpose of this paper is to analyze the security posture of both companies and to develop a plan to reduce the possibility of an attack. The assignments for this project are as follows:
1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your report. 3. Cybersecurity System Security Report for Successful Acquisition: Your report should be a minimum 12-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit all three components to the assignment folder. Deliverables: Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing ********************************************************************************** CST 630 Project 4Secure Videoconferencing Communications For more classes visit www.snaptutorial.com Project 4 Step 1: Develop Functional Requirements for Videoconferencing The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will nee based on its geographic dispersion and business needs. In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.
The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions. Step 2: Discuss Implementation Challenges In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems. Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems. The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your Proposal for Secure Videoconferencing. In the next step, you will take a closer look at the track records of each of the potential videoconferencing vendors. Step 3: Identify Vendor Risks You've finished outlining the pros and cons of three videoconferencing systems. Now, it'S time to take a close look at how they serve their clients. This will take some research. Look at the systems' known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure. This step will be a section of your Proposal for Secure Videoconferencing. In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal to management
Step 4: Develop Best Practices for Secure Videoconferencing The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company's videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping. This "best practices" section will be part of the overall Proposal for Secure Videoconferencing. In the next step, you will develop system integrity checks within a virtual lab environment. Step 5: Develop System Integrity Checks As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files. The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the lab Setup. Click here to access the Project Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace (http://virtualdesktop.umuc.edu/). This will be a section of your Proposal for Secure Videoconferencing.
Now, you are ready for the final step, which will be to put all of the components of the proposal together for management. Remember, your task is to recommend the best videoconferencing system for the company. Part of that proposal includes a set of high-level executive briefing slides. Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. As part of that recommendation, you will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your Proposal for Secure Videoconferencing. 3. Proposal for Secure Videoconferencing: Your report should be a minimum six-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 4. Lab report: Generated from Workspace. Submit all four components to the assignment folder. ********************************************************************************** CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) For more classes visit www.snaptutorial.com
CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) **********************************************************************************

Recommended

Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 

Recommended

Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersLarry Suto
 
Software reliability
Software reliabilitySoftware reliability
Software reliabilityBaptiste Wicht
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisAnn Marie Neufelder
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - FuncionamientoChema Alonso
 
Software engineering 23 software reliability
Software engineering 23 software reliabilitySoftware engineering 23 software reliability
Software engineering 23 software reliabilityVaibhav Khanna
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
SRE Tools
SRE ToolsSRE Tools
SRE ToolsGurbakash Phonsa
 
Five Common Mistakes made when Conducting a Software FMECA
Five Common Mistakes made when Conducting a Software FMECAFive Common Mistakes made when Conducting a Software FMECA
Five Common Mistakes made when Conducting a Software FMECAAnn Marie Neufelder
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Penetration testing
Penetration testingPenetration testing
Penetration testingNameen Singh
 
Software reliability & quality
Software reliability & qualitySoftware reliability & quality
Software reliability & qualityNur Islam
 
Learn software testing with tech partnerz 2
Learn software testing with tech partnerz 2Learn software testing with tech partnerz 2
Learn software testing with tech partnerz 2Techpartnerz
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 

More Related Content

What's hot

CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentPriyanka Aash
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWcscpconf
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET Journal
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersLarry Suto
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisAnn Marie Neufelder
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - FuncionamientoChema Alonso
 
Software engineering 23 software reliability
Software engineering 23 software reliabilitySoftware engineering 23 software reliability
Software engineering 23 software reliabilityVaibhav Khanna
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Five Common Mistakes made when Conducting a Software FMECA
Five Common Mistakes made when Conducting a Software FMECAFive Common Mistakes made when Conducting a Software FMECA
Five Common Mistakes made when Conducting a Software FMECAAnn Marie Neufelder
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing servicesAlisha Henderson
 
Penetration testing
Penetration testingPenetration testing
Penetration testingNameen Singh
 
Software reliability & quality
Software reliability & qualitySoftware reliability & quality
Software reliability & qualityNur Islam
 
Learn software testing with tech partnerz 2
Learn software testing with tech partnerz 2Learn software testing with tech partnerz 2
Learn software testing with tech partnerz 2Techpartnerz
 

What's hot (20)

CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.com
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.com
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.com
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.com
 
CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.com
 
Open-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact AssessmentOpen-Source Security Management and Vulnerability Impact Assessment
Open-Source Security Management and Vulnerability Impact Assessment
 
AUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEWAUTOMATED PENETRATION TESTING: AN OVERVIEW
AUTOMATED PENETRATION TESTING: AN OVERVIEW
 
IRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit FrameworkIRJET- A Study on Penetration Testing using Metasploit Framework
IRJET- A Study on Penetration Testing using Metasploit Framework
 
Accuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scannersAccuracy and time_costs_of_web_app_scanners
Accuracy and time_costs_of_web_app_scanners
 
Software reliability
Software reliabilitySoftware reliability
Software reliability
 
Introduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects AnalysisIntroduction to Software Failure Modes Effects Analysis
Introduction to Software Failure Modes Effects Analysis
 
MSRC - Funcionamiento
MSRC - FuncionamientoMSRC - Funcionamiento
MSRC - Funcionamiento
 
Software engineering 23 software reliability
Software engineering 23 software reliabilitySoftware engineering 23 software reliability
Software engineering 23 software reliability
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
SRE Tools
SRE ToolsSRE Tools
SRE Tools
 
Five Common Mistakes made when Conducting a Software FMECA
Five Common Mistakes made when Conducting a Software FMECAFive Common Mistakes made when Conducting a Software FMECA
Five Common Mistakes made when Conducting a Software FMECA
 
Penetration testing services
Penetration testing servicesPenetration testing services
Penetration testing services
 
Penetration testing
Penetration testingPenetration testing
Penetration testing
 
Software reliability & quality
Software reliability & qualitySoftware reliability & quality
Software reliability & quality
 
Learn software testing with tech partnerz 2
Learn software testing with tech partnerz 2Learn software testing with tech partnerz 2
Learn software testing with tech partnerz 2
 

Similar to Cst 630 Enhance teaching / snaptutorial.com

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comamaranthbeg113
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comamaranthbeg53
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comamaranthbeg73
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This chedavieec5f
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxwkyra78
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS ISKEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS ISTatianaMajor22
 
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
 
 risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docxodiliagilby
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit frameworkPawanKesharwani
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingNetsparker
 
You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems walthamcoretta
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
Key AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxKey AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxsleeperfindley
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsMuhammadTalha436
 

Similar to Cst 630 Enhance teaching / snaptutorial.com (20)

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
Cst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.comCst 630 Extraordinary Success/newtonhelp.com
Cst 630 Extraordinary Success/newtonhelp.com
 
Cst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.comCst 630 Motivated Minds/newtonhelp.com
Cst 630 Motivated Minds/newtonhelp.com
 
Cst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.comCst 630 Education is Power/newtonhelp.com
Cst 630 Education is Power/newtonhelp.com
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
 
member is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docxmember is a security software architect in a cloud service provider .docx
member is a security software architect in a cloud service provider .docx
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS ISKEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS
KEEP ALL SECTION AND SUB-SECTION HEADERS AND NUMBERING AS IS
 
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docxCase Project 1-1 Defining and Designing a NetworkThe overview.docx
Case Project 1-1 Defining and Designing a NetworkThe overview.docx
 
 risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx risk-based approach of managing information systems is a holistic.docx
 risk-based approach of managing information systems is a holistic.docx
 
Penetration testing using metasploit framework
Penetration testing using metasploit frameworkPenetration testing using metasploit framework
Penetration testing using metasploit framework
 
Web Application Penetration Tests - Reporting
Web Application Penetration Tests - ReportingWeb Application Penetration Tests - Reporting
Web Application Penetration Tests - Reporting
 
You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems You need to analyze the features of three videoconferencing systems
You need to analyze the features of three videoconferencing systems
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
Sdlc
SdlcSdlc
Sdlc
 
Key AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docxKey AssignmentThe management team as well as your peers are happy .docx
Key AssignmentThe management team as well as your peers are happy .docx
 
Software Engineering Important Short Question for Exams
Software Engineering Important Short Question for ExamsSoftware Engineering Important Short Question for Exams
Software Engineering Important Short Question for Exams
 

Recently uploaded

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...M56BOOKSTORE PRODUCT/SERVICE
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentInMediaRes1
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsanshu789521
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...Marc Dusseiller Dusjagr
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxJiesonDelaCerna
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...jaredbarbolino94
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxsocialsciencegdgrohi
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerunnathinaik
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfadityarao40181
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupJonathanParaisoCruz
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 

Recently uploaded (20)

Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
KSHARA STURA .pptx---KSHARA KARMA THERAPY (CAUSTIC THERAPY)————IMP.OF KSHARA ...
 
Meghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media ComponentMeghan Sutherland In Media Res Media Component
Meghan Sutherland In Media Res Media Component
 
Presiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha electionsPresiding Officer Training module 2024 lok sabha elections
Presiding Officer Training module 2024 lok sabha elections
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
“Oh GOSH! Reflecting on Hackteria's Collaborative Practices in a Global Do-It...
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
CELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptxCELL CYCLE Division Science 8 quarter IV.pptx
CELL CYCLE Division Science 8 quarter IV.pptx
 
Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...Historical philosophical, theoretical, and legal foundations of special and i...
Historical philosophical, theoretical, and legal foundations of special and i...
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptxHistory Class XII Ch. 3 Kinship, Caste and Class (1).pptx
History Class XII Ch. 3 Kinship, Caste and Class (1).pptx
 
internship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developerinternship ppt on smartinternz platform as salesforce developer
internship ppt on smartinternz platform as salesforce developer
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
Biting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdfBiting mechanism of poisonous snakes.pdf
Biting mechanism of poisonous snakes.pdf
 
MARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized GroupMARGINALIZATION (Different learners in Marginalized Group
MARGINALIZATION (Different learners in Marginalized Group
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 

Cst 630 Enhance teaching / snaptutorial.com

  • 1. CST 630 Project 1Risk, Threat, and Vulnerability Management For more classes visit www.snaptutorial.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: a. Security requirements and goals for the preliminary security baseline activity. b. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. c. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you: a. What are the security risks and concerns? b. What are ways to get real-time understanding of the security posture at any time?
  • 2. c. How regularly should the security of the enterprise network be tested, and what type of tests should be used? d. What are the processes in play, or to be established to respond to an incident? e. Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? f. Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? g. Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. d. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. e. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? f. Operating systems, servers, network management systems. a. data in transit vulnerabilities 1. endpoint access vulnerabilities 2. external storage vulnerabilities 3. virtual private network vulnerabilities 4. media access control vulnerabilities 5. ethernet vulnerabilities b. Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include:
  • 3. a. remediation b. mitigation c. countermeasure d. recovery Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing). Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE).
  • 4. Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization. To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network. You will do this within your lab Workspace. The workspace instructions will provide many of the details, but in the simulation, you will launch a sandbox type of virtual machine (VM), report your findings and actual screen captures of the behaviors you see as a result of the tests, and include these in the SAR. Your assessments within the lab will be reported in the SAR. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help.
  • 5. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 1 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. After finding the security issues within the network, define which control families from the NIST 800-53 are violated by these issues. Explain in the SAR why each is a violation, support your arguments with a copy of your evidence, and then provide suggestions on improving the security posture of these violations. This section should make up at least four of the 12 pages in the overall report. After you've completed the penetration testing, move to the next step, where you will compile a risk management cost benefit analysis. Step 5: Complete a Risk Management Cost Benefit Analysis You've completed the penetration testing, and now it's time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls. When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR. As part of the final assignment, remember that you will need to create a slide presentation as part of the executive briefing, and submit that along with the SAR. Step 6: Compile the SAR, Executive Briefing, and Lab Report You have completed comprehensive testing in preparation for this audit, provided recommended remediation, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing. The requirements for Project 1 are as follows: 1. Executive briefing: A three- to five-slide visual presentation for business executives and board members.
  • 6. 2. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations. 3. Lab report: A document sharing your lab experience and providing screenshots to demonstrate that you performed the lab. Attach it to the SAR as an artifact. Submit all three components to the assignment folder. ********************************************************************************** CST 630 Project 2 Incident Response For more classes visit www.snaptutorial.com Project 2 Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
  • 7. Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan." Click the following link to learn more about security management: Security Management. In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR. Step 2: Track Suspicious Behavior You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation. You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using various tools and techniques. You know the location and time stamps associated with the employee's mobile device. How would you track the location of the company asset? Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices. Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title "Tracking Suspicious Behavior." In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR.
  • 8. Step 3: Develop a Continuous Improvement Plan Now that you've completed the section on tracking suspicious behavior for your CIR, you are confronted with another situation in the workplace. You receive a memo for continuous improvement in the wireless network of your company, and you are asked to provide a report on the wireless network used in your company. You have been monitoring the activities on the WPA2. Provide for your leadership a description of wired equivalent privacy and also Wi-Fi protected access networks, for education purposes. Include the pros and cons of each type of wireless network, as well as WPA2. Since WPA2 uses encryption to provide secure communications, define the scheme for using preshared keys for encryption. Is this FIPS 140-2 compliant, and if not, what is necessary to attain this? Include this for leadership. Include a list of other wireless protocols, such as Bluetooth, and provide a comparative analysis of four protocols including the pros, cons, and suitability for your company. Include your responses as part of the CIR with the title "Continuous Improvement Plan." In the next step, you will look at yet another workplace scenario, and you will use that incident to show management how remote configuration management works. Step 4: Develop Remote Configuration Management You've completed the continuous improvement plan portion of the CIR. Now, it's time to show how your company has implemented remote configuration management. Start your incident report with a description of remote configuration management and how it is used in maintaining the security posture of your company's network. Then, consider the following scenario: An undocumented device is found on the company network. You have determined that the owner of the device should be removed from the network. Implement this and explain how you would remove the employee's device. How would you show proof that the device was removed?
  • 9. Include your responses as part of the CIR with the title "Remote Configuration Management." In the next step, you will illustrate how you investigate possible employee misconduct. Step 5: Investigate Employee Misconduct In this portion of your CIR report, you will show how you would investigate possible employee misconduct. You have been given a report that an employee has recorded logins during unofficial duty hours. The employee has set up access through an ad-hoc wireless network. Provide a definition of ad hoc wireless networks and identify the threats and vulnerabilities to a company. How could this network contribute to the company infrastructure and how would you protect against those threats? Use notional information or actual case data and discuss. Address self-configuring dynamic networks on open access architecture and the threats and vulnerabilities associated with them, as well as the possible protections that should be implemented. From your position as an incident manager, how would you detect an employee connecting to a self-configuring network or an ad hoc network? Provide this information in the report. How would signal hiding be a countermeasure for wireless networks? What are the countermeasures for signal hiding? How is the service set identifier (SSID) used by cybersecurity professionals on wireless networks? Are these always broadcast, and if not, why not? How would you validate that the user is working outside of business hours? Include your responses as part of the CIR with the title "Employee Misconduct." In the next step, you will use lab tools to analyze wireless traffic. Step 6: Analyze Wireless Traffic You've completed several steps that you will use to present your CIR. In this step, as part of a virtual lab, you will analyze wireless traffic.
  • 10. You are given access to precaptured files of wireless traffic on the company network. This is another way to monitor employee behavior and detect any malicious behavior, intentional or even unintentional. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the Lab Setup. Click here to access the Project 2 Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace. Include your responses from the lab as part of the CIR with the title "Wireless Traffic Analysis." Step 7: Prepare the Cybersecurity Incident Report, Executive Briefing, and Executive Summary You've completed all of the individual steps for your cybersecurity incident report. It's time to combine the reports you completed in the previous steps into a single CIR. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your CIR. 3. Cybersecurity Incident Report (CIR): Your report should be a minimum 12-page double-spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit all three documents to the assignment folder. Deliverables: Cybersecurity Incident Report (CIR), Slides to Support Executive Briefing Learning Competencies: 5.1, 5.3, 5.5., 5.6, 5.7, 5.9 ********************************************************************************** CST 630 Project 3 Enterprise Network Security
  • 11. For more classes visit www.snaptutorial.com Project 3 Step 1: Conduct a Policy Gap Analysis As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind: • Are companies going through an M&A prone to more attacks or more focused attacks? • If so, what is the appropriate course of action? • Should the M&A activities be kept confidential? Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed. Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions: • How would you identify the differences? • How would you learn about the relevant laws and regulations? • How would you ensure compliance with those laws and regulations?
  • 12. The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements, and the PCI DSS Quick Reference Guide to identify a secure strategy, and operating system protections to protect the credit card data. Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change. In the next step, you will review the streaming protocols that the companies are using. Step 2: Review Protocols for Streaming Services After reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly known streaming protocols and the vulnerabilities of those protocols. Some examples are the Real-Time Streaming Protocol (RTSP), Real- Time Transport Protocol (RTP) and the Real-Time Transport Control Protocol (RTCP). Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A. In other words: 1. You need to identify what streaming the companies are doing and the specific technology they are leveraging. 2. What are the technical vulnerabilities associated with the protocols involved? 3. Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)? 4. What residual risk to the target company's assets and IP remain?
  • 13. 5. Would those risks extend to the current (takeover) company after the merger? a. Would that be bad enough to cancel the M&A? 6. If the response to #5 is yes, then, what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk? 7. What are the costs associated to the target company (implementing the appropriate mitigation)? If the takeover firm has to take additional measures, identify those costs as well. After assessing and reviewing the streaming protocols, move to the next step, where you will assess the infrastructure of the merged network. Step 3: Assess the Merged Network Infrastructure You’ve just reviewed the streaming services of the companies, and now you will assess the infrastructure of the new network. The networks of the two companies could be configured differently, or they could use the same hardware and software, or completely different hardware and software. The purpose of this section is to understand what tools the company is using, the benefits and shortcomings of those tools, and the gaps within the network. Explain what tactics, techniques, and procedures you would use to understand the network. You should identify firewalls, DMZ(s), other network systems, and the status of those devices. When your assessment of the infrastructure is complete, move to the next step, where you will assess any existing policies for wireless and bring your own device (BYOD) within the companies. Step 4: Review the Wireless and BYOD Policies Within Project 2, you learned about and discussed wireless networks. An M&A provides an opportunity for both companies to review their wireless networks. Within your report, explain the media company's current stance on wireless devices and BYOD. However, the company that is being acquired does not have a BYOD policy. Explain to the
  • 14. managers of the acquisition what needs to be done for the new company to meet the goals of the BYOD policy. When the review of the wireless and BYOD policies is complete, move to the next step: developing a data protection plan. Step 5: Develop a Data Protection Plan You’ve completed the review of the wireless and BYOD policies. In this step, you will develop the recommendations portion of your report in which you will suggest additional mechanisms for data protection at different levels of the acquired company’s architecture. Include the benefits, implementation activities required for protection and defense measures such as full disk encryption, BitLocker, and platform identity keys. You also want to convey to your leadership the importance of system integrity and an overall trusted computing base, environment, and support. Describe what this would entail and include Trusted Platform Module (TPM) components and drivers. How are these mechanisms employed in an authentication and authorization system? Include this in the report and whether the merging company has this. In the next step, you will assess any risks with the supply chain of the acquired company. Step 6: Review Supply Chain Risk The data protection plan is ready. In this step, you will take a look at risks to the supply chain. Acquiring a new company also means inheriting the risks associated with its supply chain and those firm's systems and technologies. Include supply chain risks and list the security measures in place to mitigate those risks. Use the NIST Special Publication 800-161 Supply Chain Risk Management Practices for Federal Information Systems and Organizations to explain the areas that need to be addressed. After your supply chain review is complete, move to the next step, where you will create a vulnerability management program.
  • 15. Step 7: Build a Vulnerability Management Program After your supply chain review, you conduct an interview with the company's current cybersecurity team about vulnerability management. The team members explain to you that they never scanned or had the time to build a vulnerability management program. So, you need to build one. Use NIST Special Publication 800-40 Guide to Enterprise Patch Management Technologies to develop a program to meet the missing need. Explain to the managers how to implement this change, why it is needed, and any costs involved. The next step is a key one that should not be overlooked -- the need to educate users from both companies of the changes being made Step 8: Educate Users You’ve completed your vulnerability management program, but it’s important to educate all the users of the network about the changes. During the process of acquiring a company, policies, processes, and other aspects are often updated. The last step in the process is to inform the users for the new and old company of the changes. Within your report, explain to the acquisition managers the requirements for training the workforce. When you’ve completed this step, move to the final section of this project, in which you will prepare and submit your final report. Step 9: Prepare and Submit Your Report, Executive Briefing, and Executive Summary You’re ready now for the final step, in which you will compile and deliver the Cybersecurity for a Successful Acquisition report for the company leaders to enable them to understand the required cybersecurity strategy. Again, keep in mind that companies undergoing an acquisition or merger are more prone to cyberattacks. The purpose of this paper is to analyze the security posture of both companies and to develop a plan to reduce the possibility of an attack. The assignments for this project are as follows:
  • 16. 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your report. 3. Cybersecurity System Security Report for Successful Acquisition: Your report should be a minimum 12-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. Submit all three components to the assignment folder. Deliverables: Cybersecurity for a Successful Acquisition, Slides to Support Executive Briefing ********************************************************************************** CST 630 Project 4Secure Videoconferencing Communications For more classes visit www.snaptutorial.com Project 4 Step 1: Develop Functional Requirements for Videoconferencing The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will nee based on its geographic dispersion and business needs. In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements.
  • 17. The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions. Step 2: Discuss Implementation Challenges In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems. Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems. The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your Proposal for Secure Videoconferencing. In the next step, you will take a closer look at the track records of each of the potential videoconferencing vendors. Step 3: Identify Vendor Risks You've finished outlining the pros and cons of three videoconferencing systems. Now, it'S time to take a close look at how they serve their clients. This will take some research. Look at the systems' known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure. This step will be a section of your Proposal for Secure Videoconferencing. In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal to management
  • 18. Step 4: Develop Best Practices for Secure Videoconferencing The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company's videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping. This "best practices" section will be part of the overall Proposal for Secure Videoconferencing. In the next step, you will develop system integrity checks within a virtual lab environment. Step 5: Develop System Integrity Checks As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files. The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the lab Setup. Click here to access the Project Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace (http://virtualdesktop.umuc.edu/). This will be a section of your Proposal for Secure Videoconferencing.
  • 19. Now, you are ready for the final step, which will be to put all of the components of the proposal together for management. Remember, your task is to recommend the best videoconferencing system for the company. Part of that proposal includes a set of high-level executive briefing slides. Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. As part of that recommendation, you will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your Proposal for Secure Videoconferencing. 3. Proposal for Secure Videoconferencing: Your report should be a minimum six-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 4. Lab report: Generated from Workspace. Submit all four components to the assignment folder. ********************************************************************************** CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) For more classes visit www.snaptutorial.com
  • 20. CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) **********************************************************************************