Recommended
Recommended
More Related Content
Similar to BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
Similar to BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx (20)
More from JASS44
More from JASS44 (20)
Recently uploaded
Recently uploaded (20)
BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE I.docx
- 1. BCJ 4385, Workplace Security 1 UNIT IV STUDY GUIDE Information, Communications, and Computer Security Course Learning Outcomes for Unit IV Upon completion of this unit, students should be able to: 1. Examine the function of information security management and how it plays a role in assessing vulnerabilities to critical information. 2. Analyze various information protection strategies and how these can play a role in the prevention of cybercrimes. 3. Outline strategies for safeguarding information including the protection strategies of physical security, administrative controls, and logical controls. Unit Lesson General Overview
- 2. Information is an asset for organizations that exists in various forms (critical, propriety, intellectual, and digitized). Thus, securing the various forms of information are priorities for organizations. Laws such as the Fair Credit Reporting Act were created to help protect information from improper use, but such measures are insufficient in providing the level of protection needed to secure organizational information. Organizations use various tools and strategies to ensure information security (INFOSEC) which is the protection of “information assets and systems against any internal or external threat that might endanger them” (Ortmeier, 2013, p.135). INFOSEC risk assessments and analyses are conducted to identify the threats against organizational information that may exist and information protection strategies are implemented to protect against and respond to the identified threats. Protection strategies range from control strategies (discretionary access control, mandatory access control: hierarchical and non-hierarchical, operations security) to personnel security (information protection-related agreements) which includes information security legislation (e.g., National Security Decision Directive 298), classification systems for business information (e.g., sensitive compartmented information protocols),
- 3. information security policies, and copyrights, patents, and trademarks. Communication security (COMSEC) is important for any information transmitted regardless of the medium (e.g., voice, electronic, impulses, microwave, etc.). Computer security is concerned with information accessible through computers. Maintaining computer security is a complicated task because information can be accessed locally and remotely through numerous means. The term cybercrime was coined to identify the crimes that are associated with using the internet to illegally gain access to information that is used in crimes (e.g., hacking, email wiretappings, phishing, and vishing). Thus one can image that one of the greatest challenges related to computer security is securing computer databases from internal and external threats. Government agencies have added issues of protection threats against their agencies and their personnel. To aid all organizations in maintaining computer Reading Assignment Chapter 6: Information, Communications, and Computer Security
- 4. Learning Activities (Non-Graded) See information below. Key Terms Refer to the key terms within the textbook. BCJ 4385, Workplace Security 2 security various computer protection strategies are utilized (physical security, administrative controls, and logical controls: passwords, firewalls, malware). Research has suggested strategies for safeguarding sensitive computer information (e.g., Carroll’s 10 strategies) and the federal government has enacted legislation to research and develop cyber security measures (e.g., the Cyber Security Research and Development Act of 2002). Existing strategies and the continued development of future strategies are necessary to ensure that information, communication, and computer security is maintained in
- 5. organizations. References: Ortmeier, P.J. (2013). Introduction to security: Operations and management (4th ed.). Upper Saddle River, NJ: Pearson. Questions to Consider 1. What types of information assets are used by organizations? 2. What types of information security tools and strategies do organizations use to secure their information assets? 3. What types of legislation has been enacted in the United States to assist with information security and what policies have resulted? 4. What is communication security? What is computer security? How are communication and computer security related? 5. What are the various types of cybercrime that exist? 6. What are the challenges associated with maintaining computer security? 7. What computer protection strategies and policies have been suggested and enacted?
- 6. 8. What additional research and development is needed in the area of cyber security? Learning Activities (Non-Graded) 1. Think about the various organizations in your community that process a lot of information. Pick one organization and conduct an INFOSEC risk assessment and analysis. You can search the internet for ideas about what specific criteria are assessed, instructions about how the assessments and analyses are conducted, and examples of the finished product. Were there any identified risks that surprised you? Were there risks that you expected to find that you did not? 2. As a continuation of activity #1, brainstorm about the information protection strategies that you would utilize to protect the organization’s information assets. What control strategies would you use? What information security legislation is relevant and what related policies would you implement? How would you ensure personnel security associated with the organization’s information assets? 3. As a continuation of activity #2, select one of the current hacking
- 7. examples and explore the computer protection strategies that were implemented, should have been implemented, and will need to be implemented in the future. Are any of Carroll’s 10 strategies applicable? What type of security research is needed and what types of strategies, policies and/or programs should be developed? Non-graded Learning Activities are provided to aid students in their course of study. You do not have to submit them. If you have questions, contact your instructor for further guidance and information. Short Essay Questions: Answer three of the following questions. Each answer should be 2-3 paragraphs long. Answers are worth 10 points each. 1) Discuss the Persians. Who were they? What feats did they achieve within their empire that were the first in the western world? 2) What was the First International Period of Trade? When did it occur? Who was involved? What were they trading? 3) Discuss the Tale of the Eloquent Peasant. What insight does it offer into Egyptian society? What period of Egyptian history does this take place in and what concerns were present in society at the time? 4) Discuss the founding of the Spartan government as detailed in class. What is the type and structure of governance set forth and by whom? Who benefits from this style of rule and who is deprived? 5) Detail the unique nature of Jericho. Why was it considered the “Brewing Place for the Emergence of Civilization”?
- 8. C) Fill in the Blank Questions: Provide the missing word/phrase for each of the following. Answers are worth 1 point per blank. Yes a few bonus points are possible in this section! 1) ____________ was used for the first time at the palace of Knossos on Crete to reinforce the structure. 2) The Hebrews constructed the Great Temple of Solomon around 960 BCE. The Temple housed the ___________. The Temple was destroyed by the __________ in the early 6th century BCE. King ________ agreed to help the Hebrews rebuild the Temple in exchange for military aid. 3) __________ was the mortuary temple of the great pharaoh Hatchepsut. 4) The Hymn to Aten represents a (perhaps unwanted) shift in religious practice for Egyptians toward a __________ society. 5) The ___________ are responsible for bringing iron technology and their _______ to the Greek speaking world.