Running head: PRACTICAL CONNECTIONS PAPER 1
Executive Program Practical Connection Assignment
Application Security ISOL-534-41
Name
University of the Cumberlands
Prof. Name
Application security course has been very interesting for me so far and I have learned many new things related to IT security. I already have good experience in my previous company for most of the topics I learned in this course such as managing Active Directory, Group Policy, Group Policy Object, Windows systems administrations, etc. Knowledge of application security policies plays most essential role for securing network and system in any organization. I think I have gained good command on security topic after taking this course and will help me to apply my knowledge in my current or future companies. The course content has been well defined and well balanced for student like us who are inspired to make their career in application securities. The lab assignments of this course have helped me to apply practical knowledge which I have learned so far in this course.
In my previous company I was working as Systems Engineer and I used to create new user accounts in Active Directory and provide them access as required for their roles, just like we did in Lab 01 assignment. In addition, I have worked on creating Virtual Machines for clients and install different application into the VM servers. I have also worked and managed on Citrix Severs including publishing and assigning the user permissions to access the Applications in Citrix Management Console.
In this course I have learned how to secure applications, operating systems, databases, network and systems. In addition, the lab assignments have practically helped me on encryption policies used for password, files or disk. We have also studied various tools and technologies for encryption of Microsoft windows, different methodologies for encryption, malware and how to defend Microsoft windows against malware using antivirus and anti-spyware applications, malware prevention strategies. Our residency research topic is BYOD and I have learned many positive and negative aspects of using BYOD devices.
We have also studied various tools and technologies for encryption of Microsoft
windows, different methodologies for encryption, malware and how to defend Microsoft windows against malware using antivirus and antispyware applications, malware prevention strategies. Our residency research topic is BYOD and I have learned many positive and negative things during our research about this topic. The discussion topics for this course also helped me understand about information securities and its management, and how other students are using it in their organizations.
In my current company, we use two factor authorization to login to our systems and/or applications, which makes login authentication more secure. The tools which we use to generate passcodes for login are Entrust and Duo Mobile. My current job role is not directly rela ...
Running head PRACTICAL CONNECTIONS PAPER 1Executive P
1. Running head: PRACTICAL CONNECTIONS PAPER 1
Executive Program Practical Connection Assignment
Application Security ISOL-534-41
Name
University of the Cumberlands
Prof. Name
Application security course has been very interesting for me so
far and I have learned many new things related to IT security. I
already have good experience in my previous company for most
of the topics I learned in this course such as managing Active
Directory, Group Policy, Group Policy Object, Windows
systems administrations, etc. Knowledge of application security
policies plays most essential role for securing network and
system in any organization. I think I have gained good
command on security topic after taking this course and will help
me to apply my knowledge in my current or future companies.
The course content has been well defined and well balanced for
student like us who are inspired to make their career in
application securities. The lab assignments of this course have
helped me to apply practical knowledge which I have learned so
far in this course.
In my previous company I was working as Systems Engineer
and I used to create new user accounts in Active Directory and
provide them access as required for their roles, just like we did
in Lab 01 assignment. In addition, I have worked on creating
Virtual Machines for clients and install different application
into the VM servers. I have also worked and managed on Citrix
Severs including publishing and assigning the user permissions
to access the Applications in Citrix Management Console.
2. In this course I have learned how to secure applications,
operating systems, databases, network and systems. In addition,
the lab assignments have practically helped me on encryption
policies used for password, files or disk. We have also studied
various tools and technologies for encryption of Microsoft
windows, different methodologies for encryption, malware and
how to defend Microsoft windows against malware using
antivirus and anti-spyware applications, malware prevention
strategies. Our residency research topic is BYOD and I have
learned many positive and negative aspects of using BYOD
devices.
We have also studied various tools and technologies for encrypt
ion of Microsoft
windows, different methodologies for encryption, malware and
how to defend Microsoft windows against malware using antivir
us and antispyware applications, malware prevention strategies.
Our residency research topic is BYOD and I have learned many
positive and negative things during our research about this
topic. The discussion topics for this course also helped me
understand about information securities and its management,
and how other students are using it in their organizations.
In my current company, we use two factor authorization to login
to our systems and/or applications, which makes login
authentication more secure. The tools which we use to generate
passcodes for login are Entrust and Duo Mobile. My current job
role is not directly related to application security, but it is
related to managing client’s applications.
I have done certifications such as CCNA (CISCO Certified
Network Associate), MCITP (Microsoft Certified IT
Professional), CCA (Citrix Certified Associate) and ITIL which
are somewhat related to the IT security. Hence, I got more
interested in taking this course which will help me to get better
job in application security field. The knowledge which I gained
in this course will help me to proactively identity and mitigates
against any possible threats and vulnerabilities in an
organization.
3. Contents
Preface
Acknowledgments
PART ONE The Need for IT Security Policy
Frameworks
CHAPTER 1 Information Systems Security
Policy Management
What Is Information Systems Security?
Information Systems Security Management Life Cycle
What Is Information Assurance?
Confidentiality
Integrity
Nonrepudiation
What Is Governance?
Why Is Governance Important?
What Are Information Systems Security Policies?
4. Where Do Information Systems Security Policies Fit Within an
Organization?
Why Information Systems Security Policies Are Important
Policies That Support Operational Success
Challenges of Running a Business Without Policies
Dangers of Not Implementing Policies
Dangers of Implementing the Wrong Policies
When Do You Need Information Systems Security Policies?
Business Process Reengineering (BPR)
Continuous Improvement
Making Changes in Response to Problems
Why Enforcing and Winning Acceptance for Policies Is
Challenging
CHAPTER SUMMARY
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/09_ch1.xhtml#sec_21
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/09_ch1.xhtml#sec_20
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/09_ch1.xhtml#sec_19
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/09_ch1.xhtml#sec_18
https://www.safaribooksonline.c om/library/view/security-
7. Minimizing Liability of the Organization
Separation Between Employer and Employee
Acceptable Use Policies
Confidentiality Agreement and Nondisclosure Agreement
Business Liability Insurance Policies
Implementing Policies to Drive Operational Consistency
Forcing Repeatable Business Processes Across the Entire
Organization
Differences Between Mitigating and Compensating Controls
Policies Help Prevent Operational Deviation
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 2 ASSESSMENT
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/10_ch2.xhtml#sec_46
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/10_ch2.xhtml#sec_45
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/10_ch2.xhtml#sec_44
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/10_ch2.xhtml#sec_43
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/10_ch2.xhtml#sec_42
10. (SSAE16)
Information Technology Infrastructure Library (ITIL)
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 3 ASSESSMENT
ENDNOTES
CHAPTER 4 Business Challenges Within the
Seven Domains of IT Responsibility
The Seven Domains of a Typical IT Infrastructure
User Domain
Workstation Domain
LAN Domain
LAN-to-WAN Domain
WAN Domain
Remote Access Domain
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/12_ch4.xhtml#sec_69
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/12_ch4.xhtml#sec_68
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/12_ch4.xhtml#sec_67
https://www.safaribooksonline.com/library/view/security-
13. CHAPTER 5 Information Security Policy
Implementation Issues
Human Nature in the Workplace
Basic Elements of Motivation
Personality Types of Employees
Leadership, Values, and Ethics
Organizational Structure
Flat Organizations
Hierarchical Organizations
The Challenge of User Apathy
The Importance of Executive Management Support
Selling Information Security Policies to an Executive
Before, During, and After Policy Implementation
The Role of Human Resources Policies
Relationship Between HR and Security Policies
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/13_ch5.xhtml#sec_93
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/13_ch5.xhtml#sec_92
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/13_ch5.xhtml#sec_91
16. CHAPTER 5 ASSESSMENT
ENDNOTE
PART TWO Types of Policies and Appropriate
Frameworks
CHAPTER 6 IT Security Policy Frameworks
What Is an IT Policy Framework?
What Is a Program Framework Policy or Charter?
Industry-Standard Policy Frameworks
What Is a Policy?
What Are Standards?
What Are Procedures?
What Are Guidelines?
Business Considerations for the Framework
Roles for Policy and Standards Development and Compliance
Information Assurance Considerations
Confidentiality
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/15_ch6.xhtml#sec_117
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/15_ch6.xhtml#sec_116
https://www.safaribooksonline.com/library/view/security-
19. Private Sector Case Study
CHAPTER SUMMARY
KEY CONCEPTS AND TERMS
CHAPTER 6 ASSESSMENT
CHAPTER 7 How to Design, Organize,
Implement, and Maintain IT Security Policies
Policies and Standards Design Considerations
Architecture Operating Model
Principles for Policy and Standards Development
The Importance of Transparency with Regard to Customer Data
Types of Controls for Policies and Standards
Document Organization Considerations
Sample Templates
Considerations for Implementing Policies and Standards
Building Consensus on Intent
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/16_ch7.xhtml#sec_141
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/16_ch7.xhtml#sec_140
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/16_ch7.xhtml#sec_139
22. KEY CONCEPTS AND TERMS
CHAPTER 7 ASSESSMENT
CHAPTER 8 IT Security Policy Framework
Approaches
IT Security Policy Framework Approaches
Risk Management and Compliance Approach
The Physical Domains of IT Responsibility Approach
Roles, Responsibilities, and Accountability for Personnel
The Seven Domains of a Typical IT Infrastructure
Organizational Structure
Organizational Culture
Separation of Duties
Layered Security Approach
Domain of Responsibility and Accountability
Governance and Compliance
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/17_ch8.xhtml#sec_166
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/17_ch8.xhtml#sec_165
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/17_ch8.xhtml#sec_164
25. CHAPTER 9 User Domain Policies
The Weakest Link in the Information Security Chain
Social Engineering
Human Mistakes
Insiders
Seven Types of Users
Employees
Systems Administrators
Security Personnel
Contractors
Vendors
Guests and General Public
Control Partners
Contingent
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/18_ch9.xhtml#sec_190
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/18_ch9.xhtml#sec_189
https://www.safaribooksonline.com/library/view/security-
policies-and/9781284055993/18_ch9.xhtml#sec_188
https://www.safaribooksonline.com/library/view/security-