SlideShare a Scribd company logo

Cst 630 Extraordinary Success/newtonhelp.com

Download as DOC, PDF
A
amaranthbeg113

For more course tutorials visit www.newtonhelp.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points

Education
1 of 15
CST 630 Project 1Risk, Threat, and Vulnerability Management For more course tutorials visit www.newtonhelp.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: a. Security requirements and goals for the preliminary security baseline activity. b. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. c. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you:
a. What are the security risks and concerns? b. What are ways to get real-time understanding of the security posture at any time? c. How regularly should the security of the enterprise network be tested, and what type of tests should be used? d. What are the processes in play, or to be established to respond to an incident? e. Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? f. Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? g. Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. d. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. e. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? f. Operating systems, servers, network management systems. a. data in transit vulnerabilities 1. endpoint access vulnerabilities 2. external storage vulnerabilities 3. virtual private network vulnerabilities 4. media access control vulnerabilities 5. ethernet vulnerabilities b. Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications
and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include: a. remediation b. mitigation c. countermeasure d. recovery Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use
them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing). Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE). Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization. ---------------------------------------------------------------------------------------------------------
CST 630 Project 2 Incident Response For more course tutorials visit www.newtonhelp.com Project 2 Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan." Click the following link to learn more about security management: Security Management. In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR. Step 2: Track Suspicious Behavior You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation. You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using various tools and techniques. You know the location and time stamps associated with the employee's mobile device.
How would you track the location of the company asset? Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices. Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title "Tracking Suspicious Behavior." In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR. --------------------------------------------------------------------------------------------------------- CST 630 Project 3 Enterprise Network Security For more course tutorials visit www.newtonhelp.com
Project 3 Step 1: Conduct a Policy Gap Analysis As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind: Are companies going through an M&A prone to more attacks or more focused attacks? If so, what is the appropriate course of action? Should the M&A activities be kept confidential? Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed. Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
How would you identify the differences? How would you learn about the relevant laws and regulations? How would you ensure compliance with those laws and regulations? The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements, and the PCI DSS Quick Reference Guide to identify a secure strategy, and operating system protections to protect the credit card data. Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change. In the next step, you will review the streaming protocols that the companies are using. Step 2: Review Protocols for Streaming Services After reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly
known streaming protocols and the vulnerabilities of those protocols. Some examples are the Real-Time Streaming Protocol (RTSP), Real- Time Transport Protocol (RTP) and the Real-Time Transport Control Protocol (RTCP). Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A. In other words: You need to identify what streaming the companies are doing and the specific technology they are leveraging. What are the technical vulnerabilities associated with the protocols involved? Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)? What residual risk to the target company's assets and IP remain? Would those risks extend to the current (takeover) company after the merger? a. Would that be bad enough to cancel the M&A? If the response to #5 is yes, then, what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk? --------------------------------------------------------------------------------------------------------
CST 630 Project 4Secure Videoconferencing Communications For more course tutorials visit www.newtonhelp.com Project 4 Step 1: Develop Functional Requirements for Videoconferencing The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will nee based on its geographic dispersion and business needs. In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements. The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions. Step 2: Discuss Implementation Challenges In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems.
Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems. The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your Proposal for Secure Videoconferencing. In the next step, you will take a closer look at the track records of each of the potential videoconferencing vendors. Step 3: Identify Vendor Risks You've finished outlining the pros and cons of three videoconferencing systems. Now, it'S time to take a close look at how they serve their clients. This will take some research. Look at the systems' known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure. This step will be a section of your Proposal for Secure Videoconferencing. In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal to management Step 4: Develop Best Practices for Secure Videoconferencing The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company's videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping.
This "best practices" section will be part of the overall Proposal for Secure Videoconferencing. In the next step, you will develop system integrity checks within a virtual lab environment. Step 5: Develop System Integrity Checks As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files. The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the lab Setup. Click here to access the Project Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace (http://virtualdesktop.umuc.edu/). This will be a section of your Proposal for Secure Videoconferencing. Now, you are ready for the final step, which will be to put all of the components of the proposal together for management. Remember, your task is to recommend the best videoconferencing system for the company. Part of that proposal includes a set of high-level executive briefing slides. Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials
It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. As part of that recommendation, you will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your Proposal for Secure Videoconferencing. 3. Proposal for Secure Videoconferencing: Your report should be a minimum six-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 4. Lab report: Generated from Workspace. Submit all four components to the assignment folder. --------------------------------------------------------------------------------------------------------- CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) For more course tutorials visit www.newtonhelp.com
CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) ---------------------------------------------------------------------------------------------------------

Recommended

CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 

Recommended

CST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comCST 630 RANK Redefined Education--cst630rank.com
CST 630 RANK Redefined Education--cst630rank.comclaric241
 
CST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comCST 630 RANK Introduction Education--cst630rank.com
CST 630 RANK Introduction Education--cst630rank.comagathachristie266
 
CST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comCST 630 RANK Educational Specialist--cst630rank.com
CST 630 RANK Educational Specialist--cst630rank.comVSNaipaul15
 
CST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comCST 630 RANK Inspiring Innovation--cst630rank.com
CST 630 RANK Inspiring Innovation--cst630rank.comKeatonJennings104
 
CST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comCST 630 RANK Become Exceptional--cst630rank.com
CST 630 RANK Become Exceptional--cst630rank.comagathachristie113
 
CST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comCST 630 RANK Remember Education--cst630rank.com
CST 630 RANK Remember Education--cst630rank.comchrysanthemu49
 
Cst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comCst 630Education Specialist / snaptutorial.com
Cst 630Education Specialist / snaptutorial.comMcdonaldRyan79
 
Cst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comCst 630 Believe Possibilities / snaptutorial.com
Cst 630 Believe Possibilities / snaptutorial.comDavis11a
 
CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1Nutan Kumar Panda
 
Enterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesEnterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesAkshay Kurhade
 
Oissg
OissgOissg
OissgConferencias FIST
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG ReportPriyanka Aash
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRhys A. Mossom
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Sample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureSample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureDavid Sweigert
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1Falgun Rathod
 
Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 

More Related Content

What's hot

CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comkopiko147
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comPrescottLunt385
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comBaileyabw
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident responsepersons20ar
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417James W. De Rienzo
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodFalgun Rathod
 
Enterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesEnterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesAkshay Kurhade
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRhys A. Mossom
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Rishabh Upadhyay
 
Sample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureSample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureDavid Sweigert
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51martinvoelk
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability AssesmentDedi Dwianto
 
Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1Falgun Rathod
 

What's hot (19)

CST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.comCST 630 RANK Achievement Education--cst630rank.com
CST 630 RANK Achievement Education--cst630rank.com
 
Cst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.comCst 630 Inspiring Innovation--tutorialrank.com
Cst 630 Inspiring Innovation--tutorialrank.com
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
Cst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.comCst 630 Enhance teaching / snaptutorial.com
Cst 630 Enhance teaching / snaptutorial.com
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
Cst 630 project 2 incident response
Cst 630 project 2 incident responseCst 630 project 2 incident response
Cst 630 project 2 incident response
 
NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417NIST CSD Cybersecurity Publications 20160417
NIST CSD Cybersecurity Publications 20160417
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun RathodVulnerability Assessment and Penetration Testing Framework by Falgun Rathod
Vulnerability Assessment and Penetration Testing Framework by Falgun Rathod
 
Backtrack manual Part1
Backtrack manual Part1Backtrack manual Part1
Backtrack manual Part1
 
Enterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security ServicesEnterprise IT Security Audit | Cyber Security Services
Enterprise IT Security Audit | Cyber Security Services
 
Oissg
OissgOissg
Oissg
 
NASA OIG Report
NASA OIG ReportNASA OIG Report
NASA OIG Report
 
RAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolioRAMNSS_2016_service_porfolio
RAMNSS_2016_service_porfolio
 
Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report Vulnerability Assessment and Penetration Testing Report
Vulnerability Assessment and Penetration Testing Report
 
Sample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructureSample penetration testing agreement for core infrastructure
Sample penetration testing agreement for core infrastructure
 
Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51Why Penetration Tests Are Important Cyber51
Why Penetration Tests Are Important Cyber51
 
Vulnerability Assesment
Vulnerability AssesmentVulnerability Assesment
Vulnerability Assesment
 
Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1Penetration Testing, Auditing & Standards Issue : 02_2012-1
Penetration Testing, Auditing & Standards Issue : 02_2012-1
 

Similar to Cst 630 Extraordinary Success/newtonhelp.com

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxtienboileau
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comrobertlesew6
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comdonaldzs8
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comDavisMurphyA97
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This chedavieec5f
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxsimonithomas47935
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxchristiandean12115
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxdewhirstichabod
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideAryan G
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxtaitcandie
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxInfosectrain3
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inmaribethy2y
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comamaranthbeg93
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comamaranthbeg73
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comamaranthbeg53
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxmccormicknadine86
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical HackingIRJET Journal
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxInfosectrain3
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comamaranthbeg52
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comamaranthbeg72
 

Similar to Cst 630 Extraordinary Success/newtonhelp.com (20)

Many companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docxMany companies and agencies conduct IT audits to test and assess the.docx
Many companies and agencies conduct IT audits to test and assess the.docx
 
Cst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.comCst 630 Education Organization-snaptutorial.com
Cst 630 Education Organization-snaptutorial.com
 
CST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.comCST 630 Effective Communication - snaptutorial.com
CST 630 Effective Communication - snaptutorial.com
 
CST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.comCST 630 Exceptional Education - snaptutorial.com
CST 630 Exceptional Education - snaptutorial.com
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
 
here has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docxhere has been an increase in the number of cybersecurity incident re.docx
here has been an increase in the number of cybersecurity incident re.docx
 
ISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docxISE 620 Final Project Guidelines and Rubric Overview .docx
ISE 620 Final Project Guidelines and Rubric Overview .docx
 
Businesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docxBusinesses involved in mergers and acquisitions must exercise due di.docx
Businesses involved in mergers and acquisitions must exercise due di.docx
 
OWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference GuideOWASP Secure Coding Quick Reference Guide
OWASP Secure Coding Quick Reference Guide
 
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docxNGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
NGOKAN - ATTENTIONPROJECT 3 – ASSESSING INFORMATION SYSTEM VULNE.docx
 
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptxCompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
CompTIA CySA Domain 1 Threat and Vulnerability Management.pptx
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 
Cst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.comCst 610 Your world/newtonhelp.com
Cst 610 Your world/newtonhelp.com
 
Cst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.comCst 610 Education is Power/newtonhelp.com
Cst 610 Education is Power/newtonhelp.com
 
Cst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.comCst 610 Motivated Minds/newtonhelp.com
Cst 610 Motivated Minds/newtonhelp.com
 
College of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docxCollege of Administrative and Financial SciencesAssignment 1.docx
College of Administrative and Financial SciencesAssignment 1.docx
 
IRJET-Ethical Hacking
IRJET-Ethical HackingIRJET-Ethical Hacking
IRJET-Ethical Hacking
 
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptxCompTIA CySA Domain 3 Security Operations and Monitoring.pptx
CompTIA CySA Domain 3 Security Operations and Monitoring.pptx
 
Csec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.comCsec 610 Motivated Minds/newtonhelp.com
Csec 610 Motivated Minds/newtonhelp.com
 
Csec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.comCsec 610 Education is Power/newtonhelp.com
Csec 610 Education is Power/newtonhelp.com
 

Recently uploaded

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatYousafMalik24
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxChelloAnnAsuncion2
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Celine George
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentInMediaRes1
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfSpandanaRallapalli
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxthorishapillay1
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 

Recently uploaded (20)

Earth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice greatEarth Day Presentation wow hello nice great
Earth Day Presentation wow hello nice great
 
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptxGrade 9 Q4-MELC1-Active and Passive Voice.pptx
Grade 9 Q4-MELC1-Active and Passive Voice.pptx
 
Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17Difference Between Search & Browse Methods in Odoo 17
Difference Between Search & Browse Methods in Odoo 17
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
Alper Gobel In Media Res Media Component
Alper Gobel In Media Res Media ComponentAlper Gobel In Media Res Media Component
Alper Gobel In Media Res Media Component
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
ACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdfACC 2024 Chronicles. Cardiology. Exam.pdf
ACC 2024 Chronicles. Cardiology. Exam.pdf
 
Proudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptxProudly South Africa powerpoint Thorisha.pptx
Proudly South Africa powerpoint Thorisha.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdfTataKelola dan KamSiber Kecerdasan Buatan v022.pdf
TataKelola dan KamSiber Kecerdasan Buatan v022.pdf
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Bikash Puri Delhi reach out to us at 🔝9953056974🔝
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 
ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17Computed Fields and api Depends in the Odoo 17
Computed Fields and api Depends in the Odoo 17
 
OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...OS-operating systems- ch04 (Threads) ...
OS-operating systems- ch04 (Threads) ...
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 

Cst 630 Extraordinary Success/newtonhelp.com

  • 1. CST 630 Project 1Risk, Threat, and Vulnerability Management For more course tutorials visit www.newtonhelp.com Project 1 Step 1: Conduct a Security Analysis Baseline In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR). You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report] Include the following areas in this portion of the SAR: a. Security requirements and goals for the preliminary security baseline activity. b. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization. c. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you:
  • 2. a. What are the security risks and concerns? b. What are ways to get real-time understanding of the security posture at any time? c. How regularly should the security of the enterprise network be tested, and what type of tests should be used? d. What are the processes in play, or to be established to respond to an incident? e. Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required? f. Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed? g. Describe the ways to detect these malicious code and what tactics bad actors use for evading detection. d. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet. e. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices? f. Operating systems, servers, network management systems. a. data in transit vulnerabilities 1. endpoint access vulnerabilities 2. external storage vulnerabilities 3. virtual private network vulnerabilities 4. media access control vulnerabilities 5. ethernet vulnerabilities b. Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications
  • 3. and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5. The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include: a. remediation b. mitigation c. countermeasure d. recovery Through your research, provide the methods used to provide the protections and defenses. From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified. The baseline should make up at least three of the 12 pages of the overall report. When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company's overall network defense strategy. Step 2: Determine a Network Defense Strategy You've completed your initial assessment of the company's security with your baseline analysis. Now it's time to determine the best defenses for your network. Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use
  • 4. them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing). Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report. Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems After you've completed this step, it's time to define the process of penetration testing. In the next step, you'll develop rules of engagement (ROE). Step 3: Plan the Penetration Testing Engagement Now that you've completed your test plans, it's time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format. This portion should be about two pages of the overall 12-page report. After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are. Step 4: Conduct a Network Penetration Test You've defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization. ---------------------------------------------------------------------------------------------------------
  • 5. CST 630 Project 2 Incident Response For more course tutorials visit www.newtonhelp.com Project 2 Step 1: Develop a Wireless and BYOD Security Plan Since the company you work for has instituted a bring your own device (BYOD) policy, security attitudes have been lax and all sorts of devices, authorized and unauthorized, have been found connected to the company's wireless infrastructure. In this first step, you will develop a wireless and BYOD security plan for the company. Use the NIST Guidelines for Securing Wireless Local Area Networks (WLANs) Special Publication 800-153 to provide an executive summary to answer other security concerns related to BYOD and wireless. Within your cybersecurity incident report, provide answers to the threat of unauthorized equipment or rogue access points on the company wireless network and the methods to find other rogue access points. Describe how to detect rogue access points and how they can actually connect to the network. Describe how to identify authorized access points within your network.
  • 6. Within your plan, include how the Cyber Kill Chain framework and approach could be used to improve the incident response times for networks. Include this at the beginning of your CIR as the basis for all wireless- and BYOD-related problems within the network. Title the section "Wireless and BYOD Security Plan." Click the following link to learn more about security management: Security Management. In the next step, you will explore a scenario on suspicious behavior, and your report will provide another section of your CIR. Step 2: Track Suspicious Behavior You've completed your wireless and BYOD security plan. Now it's time to take a look at another workplace situation. You have been notified of an employee exhibiting suspicious behavior. You decide to track the employee's movements by using various tools and techniques. You know the location and time stamps associated with the employee's mobile device.
  • 7. How would you track the location of the company asset? Explain how identity theft could occur and how MAC spoofing could take place in the workplace. How would you protect against both identity theft and MAC spoofing? Address if it is feasible to determine if MAC spoofing and identity theft has taken place in the workplace. Include a whitelist of approved devices for this network. Examples may include authorized access points, firewalls, and other similar devices. Are there any legal issues, problems, or concerns with your actions? What should be conducted before starting this investigation? Were your actions authorized, was the notification valid, or are there any other concerns? Include your responses as part of the CIR with the title "Tracking Suspicious Behavior." In the next step, you will explore another workplace scenario, and your responses will help you formulate a continuous improvement plan, which will become another part of your CIR. --------------------------------------------------------------------------------------------------------- CST 630 Project 3 Enterprise Network Security For more course tutorials visit www.newtonhelp.com
  • 8. Project 3 Step 1: Conduct a Policy Gap Analysis As you begin Step 1 of your system security report on cybersecurity for mergers and acquisitions, keep in mind that the networks of companies going through an M&A can be subject to cyberattack. As you work through this step and the others, keep these questions in mind: Are companies going through an M&A prone to more attacks or more focused attacks? If so, what is the appropriate course of action? Should the M&A activities be kept confidential? Now, look at the existing security policies in regard to the acquisition of the media streaming company. You have to explain to the executives that before any systems are integrated, their security policies will need to be reviewed. Conduct a policy gap analysis to ensure the target company's security policies follow relevant industry standards as well as local, state, and national laws and regulations. In other words, you need to make sure the new company will not inherit any statutory or regulatory noncompliance from either of the two original companies. This step would also identify what, if any, laws and regulations the target company is subject to. If those are different from the laws and regulations the acquiring company is subject to, then this document should answer the following questions:
  • 9. How would you identify the differences? How would you learn about the relevant laws and regulations? How would you ensure compliance with those laws and regulations? The streaming company that is being acquired has a current customer base of 150,000 users, who on average pay $14.99 in monthly fees. Based on the overall income, use PCI Standards DSS 12 requirements, and the PCI DSS Quick Reference Guide to identify a secure strategy, and operating system protections to protect the credit card data. Select at least two appropriate requirements from the PCI Standards DSS 12 set of requirements and explain how the controls should be implemented, how they will change the current network, and any costs associated with implementing the change. In the next step, you will review the streaming protocols that the companies are using. Step 2: Review Protocols for Streaming Services After reviewing the policies from the company and the policy gap analysis, the M&A leader asks you about the protocols used by the streaming company. He wants to know if the protocols used would affect the current state of cybersecurity within the current company environment. For this section, review the protocols, explain how they work along with any known vulnerabilities, and how to secure the company from cyberattacks. Start with researching the commonly
  • 10. known streaming protocols and the vulnerabilities of those protocols. Some examples are the Real-Time Streaming Protocol (RTSP), Real- Time Transport Protocol (RTP) and the Real-Time Transport Control Protocol (RTCP). Additionally, the leadership wants to know if any vulnerabilities identified would or could lead to a no-go on the M&A. In other words: You need to identify what streaming the companies are doing and the specific technology they are leveraging. What are the technical vulnerabilities associated with the protocols involved? Have those been mitigated? And to what extent (i.e., has the risk been reduced to zero, reduced somewhat, shifted to a third party, etc.)? What residual risk to the target company's assets and IP remain? Would those risks extend to the current (takeover) company after the merger? a. Would that be bad enough to cancel the M&A? If the response to #5 is yes, then, what should the target company do to further mitigate the risk? How should the takeover company mitigate the risk? --------------------------------------------------------------------------------------------------------
  • 11. CST 630 Project 4Secure Videoconferencing Communications For more course tutorials visit www.newtonhelp.com Project 4 Step 1: Develop Functional Requirements for Videoconferencing The first step in your proposal for a secure videoconferencing system is to develop a set of functional requirements for videoconferencing that you believe the media company will nee based on its geographic dispersion and business needs. In developing those requirements, research three videoconferencing solutions such as Skype, GotoMeeting, Polycom, and Cisco Webex and explain their capabilities, advantages, and disadvantages. Identify costs as well as implementation and support requirements. The functional requirements and the three possible solutions will be a section of your Proposal for Secure Videoconferencing. In the next step, you will review the challenges of implementing those solutions. Step 2: Discuss Implementation Challenges In the previous step, you outlined the requirements for secure videoconferencing for the company and outlined three potential solutions. Part of your final proposal should also include the advantages and disadvantages of the implementation options for the three systems you selected. This section of the proposal also must include the changes the media company will need to make to implement the systems.
  • 12. Additionally, explain how system administration or privileged identity management will operate with these systems. You will also need to examine how data exfiltration will occur with each of the new systems. The changes to the systems and challenges for the implementation of these potential solutions will be an important section of your Proposal for Secure Videoconferencing. In the next step, you will take a closer look at the track records of each of the potential videoconferencing vendors. Step 3: Identify Vendor Risks You've finished outlining the pros and cons of three videoconferencing systems. Now, it'S time to take a close look at how they serve their clients. This will take some research. Look at the systems' known vulnerabilities and exploits. Examine and explain the past history of each vendor with normal notification timelines, release of patches, or work-arounds (solutions within the system without using a patch). Your goal is to know the timeliness of response with each company in helping customers stay secure. This step will be a section of your Proposal for Secure Videoconferencing. In the next step, you will outline best practices for secure videoconferencing that will be part of your overall proposal to management Step 4: Develop Best Practices for Secure Videoconferencing The last few steps have been devoted to analyzing potential videoconferencing solutions. But obtaining a trusted vendor is just part of the security efforts. Another important step is to ensure that users and system administrators conduct the company's videoconferencing in a secure manner. In this step, outline security best practices for videoconferencing that you would like users and systems administrators to follow. Discuss how these best practices will improve security and minimize risks of data exfiltration as well as snooping.
  • 13. This "best practices" section will be part of the overall Proposal for Secure Videoconferencing. In the next step, you will develop system integrity checks within a virtual lab environment. Step 5: Develop System Integrity Checks As part of the overall proposal, the CISO has asked you to develop system integrity checks for files shared between users of the videoconferencing systems. These checks will ensure file protection and prevent exfiltration of sensitive files. The lab exercise will show how this is done. In this step, you will generate a lab report that will be part of your final assignment. The lab instructions will tell you what the report needs to contain. Note: You will use the tools in Workspace for this step. If you need help outside the classroom, you can register for the CLAB 699 Cyber Computing Lab Assistance (go to the Discussions List for registration information). Lab assistants are available to help. Click here to access the instructions for Navigating the Workspace and the lab Setup. Click here to access the Project Workspace Exercise Instructions. Explore the tutorials and user guides to learn more about the tools you will use. Then, enter Workspace (http://virtualdesktop.umuc.edu/). This will be a section of your Proposal for Secure Videoconferencing. Now, you are ready for the final step, which will be to put all of the components of the proposal together for management. Remember, your task is to recommend the best videoconferencing system for the company. Part of that proposal includes a set of high-level executive briefing slides. Step 6: Submit Your Proposal for Secure Videoconferencing and All Related Materials
  • 14. It’s time to prepare your materials on secure videoconferencing for management. Your task is to recommend a system that best meets the business functionality and security requirements of the company. As part of that recommendation, you will also prepare a set of high-level executive briefing slides to give the CEO and CIO an overview of your study. The assignments for this project are as follows: 1. Executive briefing: This is a three- to five-slide visual presentation for business executives and board members. 2. Executive summary: This is a one-page summary at the beginning of your Proposal for Secure Videoconferencing. 3. Proposal for Secure Videoconferencing: Your report should be a minimum six-page double- spaced Word document with citations in APA format. The page count does not include figures, diagrams, tables or citations. 4. Lab report: Generated from Workspace. Submit all four components to the assignment folder. --------------------------------------------------------------------------------------------------------- CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) For more course tutorials visit www.newtonhelp.com
  • 15. CST 630 Project 5 Data Loss Prevention (21 Pages + 10 slides + lab report) ---------------------------------------------------------------------------------------------------------