BCJ 4385, Workplace Security 1
UNIT IV STUDY GUIDE
Information, Communications, and
Computer Security
Course Learning Outcomes for Unit IV
Upon completion of this unit, students should be able to:
1. Examine the function of information security management and how it
plays a role in assessing vulnerabilities to critical information.
2. Analyze various information protection strategies and how these can
play a role in the prevention of cybercrimes.
3. Outline strategies for safeguarding information including the protection
strategies of physical security, administrative controls, and logical
controls.
Unit Lesson
General Overview
Information is an asset for organizations that exists in various forms (critical,
propriety, intellectual, and digitized). Thus, securing the various forms of
information are priorities for organizations. Laws such as the Fair Credit
Reporting Act were created to help protect information from improper use, but
such measures are insufficient in providing the level of protection needed to
secure organizational information.
Organizations use various tools and strategies to ensure information security
(INFOSEC) which is the protection of “information assets and systems against
any internal or external threat that might endanger them” (Ortmeier, 2013,
p.135). INFOSEC risk assessments and analyses are conducted to identify the
threats against organizational information that may exist and information
protection strategies are implemented to protect against and respond to the
identified threats. Protection strategies range from control strategies
(discretionary access control, mandatory access control: hierarchical and
non-hierarchical, operations security) to personnel security (information
protection-related agreements) which includes information security legislation
(e.g., National Security Decision Directive 298), classification systems for
business information (e.g., sensitive compartmented information protocols),
information security policies, and copyrights, patents, and trademarks.
Communication security (COMSEC) is important for any information transmitted
regardless of the medium (e.g., voice, electronic, impulses, microwave, etc.).
Computer security is concerned with information accessible through computers.
Maintaining computer security is a complicated task because information can be
accessed locally and remotely through numerous means. The term cybercrime
was coined to identify the crimes that are associated with using the internet to
illegally gain access to information that is used in crimes (e.g., hacking, email
wiretappings, phishing, and vishing).
Thus one can image that one of the greatest challenges related to computer
security is securing computer databases from internal and external threats.
Government agencies have added issues of protection threats against their
agencies and their personnel. To aid all organizations in maintaining co ...
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
1. BCJ 4385, Workplace Security 1
UNIT IV STUDY GUIDE
Information, Communications, and
Computer Security
Course Learning Outcomes for Unit IV
Upon completion of this unit, students should be able to:
1. Examine the function of information security management
and how it
plays a role in assessing vulnerabilities to critical information.
2. Analyze various information protection strategies and how
these can
play a role in the prevention of cybercrimes.
3. Outline strategies for safeguarding information including the
protection
strategies of physical security, administrative controls, and
logical
controls.
Unit Lesson
General Overview
2. Information is an asset for organizations that exists in various
forms (critical,
propriety, intellectual, and digitized). Thus, securing the
various forms of
information are priorities for organizations. Laws such as the
Fair Credit
Reporting Act were created to help protect information from
improper use, but
such measures are insufficient in providing the level of
protection needed to
secure organizational information.
Organizations use various tools and strategies to ensure
information security
(INFOSEC) which is the protection of “information assets and
systems against
any internal or external threat that might endanger them”
(Ortmeier, 2013,
p.135). INFOSEC risk assessments and analyses are conducted
to identify the
threats against organizational information that may exist and
information
protection strategies are implemented to protect against and
respond to the
identified threats. Protection strategies range from control
strategies
(discretionary access control, mandatory access control:
hierarchical and
non-hierarchical, operations security) to personnel security
(information
protection-related agreements) which includes information
security legislation
(e.g., National Security Decision Directive 298), classification
systems for
business information (e.g., sensitive compartmented information
protocols),
3. information security policies, and copyrights, patents, and
trademarks.
Communication security (COMSEC) is important for any
information transmitted
regardless of the medium (e.g., voice, electronic, impulses,
microwave, etc.).
Computer security is concerned with information accessible
through computers.
Maintaining computer security is a complicated task because
information can be
accessed locally and remotely through numerous means. The
term cybercrime
was coined to identify the crimes that are associated with using
the internet to
illegally gain access to information that is used in crimes (e.g.,
hacking, email
wiretappings, phishing, and vishing).
Thus one can image that one of the greatest challenges related
to computer
security is securing computer databases from internal and
external threats.
Government agencies have added issues of protection threats
against their
agencies and their personnel. To aid all organizations in
maintaining computer
Reading
Assignment
Chapter 6:
Information,
Communications, and
Computer Security
4. Learning Activities
(Non-Graded)
See information below.
Key Terms
Refer to the key terms
within the textbook.
BCJ 4385, Workplace Security 2
security various computer protection strategies are utilized
(physical security,
administrative controls, and logical controls: passwords,
firewalls, malware).
Research has suggested strategies for safeguarding sensitive
computer
information (e.g., Carroll’s 10 strategies) and the federal
government has
enacted legislation to research and develop cyber security
measures (e.g., the
Cyber Security Research and Development Act of 2002).
Existing strategies
and the continued development of future strategies are
necessary to ensure
that information, communication, and computer security is
maintained in
5. organizations.
References:
Ortmeier, P.J. (2013). Introduction to security: Operations and
management
(4th ed.). Upper Saddle River, NJ: Pearson.
Questions to Consider
1. What types of information assets are used by organizations?
2. What types of information security tools and strategies do
organizations use to secure their information assets?
3. What types of legislation has been enacted in the United
States to
assist with information security and what policies have
resulted?
4. What is communication security? What is computer security?
How are
communication and computer security related?
5. What are the various types of cybercrime that exist?
6. What are the challenges associated with maintaining
computer
security?
7. What computer protection strategies and policies have been
suggested
and enacted?
6. 8. What additional research and development is needed in the
area of
cyber security?
Learning Activities (Non-Graded)
1. Think about the various organizations in your community that
process a
lot of information. Pick one organization and conduct an
INFOSEC risk
assessment and analysis. You can search the internet for ideas
about
what specific criteria are assessed, instructions about how the
assessments and analyses are conducted, and examples of the
finished product. Were there any identified risks that surprised
you?
Were there risks that you expected to find that you did not?
2. As a continuation of activity #1, brainstorm about the
information
protection strategies that you would utilize to protect the
organization’s
information assets. What control strategies would you use?
What
information security legislation is relevant and what related
policies
would you implement? How would you ensure personnel
security
associated with the organization’s information assets?
3. As a continuation of activity #2, select one of the current
hacking
7. examples and explore the computer protection strategies that
were
implemented, should have been implemented, and will need to
be
implemented in the future. Are any of Carroll’s 10 strategies
applicable? What type of security research is needed and what
types of
strategies, policies and/or programs should be developed?
Non-graded Learning Activities are provided to aid students in
their course of
study. You do not have to submit them. If you have questions,
contact your
instructor for further guidance and information.
Short Essay Questions:
Answer three of the following questions. Each answer should be
2-3 paragraphs long. Answers are worth 10 points each.
1) Discuss the Persians. Who were they? What feats did they
achieve within their empire that were the first in the western
world?
2) What was the First International Period of Trade? When did
it occur? Who was involved? What were they trading?
3) Discuss the Tale of the Eloquent Peasant. What insight does
it offer into Egyptian society? What period of Egyptian history
does this take place in and what concerns were present in
society at the time?
4) Discuss the founding of the Spartan government as detailed
in class. What is the type and structure of governance set forth
and by whom? Who benefits from this style of rule and who is
deprived?
5) Detail the unique nature of Jericho. Why was it considered
the “Brewing Place for the Emergence of Civilization”?
8. C) Fill in the Blank Questions:
Provide the missing word/phrase for each of the following.
Answers are worth 1 point per blank. Yes a few bonus points
are possible in this section!
1) ____________ was used for the first time at the palace of
Knossos on Crete to reinforce the structure.
2) The Hebrews constructed the Great Temple of Solomon
around 960 BCE. The Temple housed the ___________. The
Temple was destroyed by the __________ in the early 6th
century BCE. King ________ agreed to help the Hebrews
rebuild the Temple in exchange for military aid.
3) __________ was the mortuary temple of the great pharaoh
Hatchepsut.
4) The Hymn to Aten represents a (perhaps unwanted) shift in
religious practice for Egyptians toward a __________ society.
5) The ___________ are responsible for bringing iron
technology and their _______ to the Greek speaking world.