This document contains summaries of assignments for the CIS 560 course on information security. It includes discussion questions, case studies, and term paper prompts on topics such as access control policies, single sign-on authentication, encryption, and mitigating risks from human behavior. The assignments require analyzing security scenarios, comparing authentication methods, and proposing best practices for data and network protection.
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
CIS 560 Discussions and Case Studies
1. CIS 560 Discussion 1
For more course tutorials visit
www.newtonhelp.com
Each Part is Answered with approx. 100 words
1. Take a position on whether or not you believe most employees
abide by their organization’s AUP. Support your position with an
explanation. Propose ways that an organization can enforce this
policy.
2. Suppose your department manager accidentally sends you an Excel
spreadsheet showing salaries and proposed wage increases of your
coworkers. The spreadsheet was meant for the company CEO. Predict
what you think most people in your situation would do. Determine
what you would do and explain why.
3. Propose at least five best practices for making sure that sensitive
data (personal data, business plans, military plans, etc.) stored on
devices (laptops, tablet computers, hard drives, thumb drives, etc.) do
not end up in the wrong hands.
4. Propose at least five preventative measures a business should apply
to incoming emails to prevent attached executable files from being
automatically executed.
===============================================
CIS 560 Discussion 2
For more course tutorials visit
www.newtonhelp.com
2. 1. Determine at least five advantages and five disadvantages of a
smart card compared to Radio Frequency Identification (RFID) tags.
2. Assume that you are a supervisor for your organization’s IT
security team. You want to install biometric devices on all the laptops
available for check out by employees. What are 5 best practices your
team can adopt for these devices for authentication? What kinds of
situations can be avoided by employees following these best
practices?
3. From the e-Activity, suggest five ways that the data center could
have prevented the intruders from being able to enter the building.
Determine which of these methods is the most predictable and explain
why.
4. Imagine you are an IT manager charged with protecting one of
your organization’s most important assets…its data. You want to
create a proposal for upper management that will increase security.
What 5 methods would you propose that could be applied to data
protection even if hardware such as servers, laptop computers, and
tablet personal computers were stolen? If you were allowed to only
implement one of those suggestions now, which would it be and why?
Link for Question 3.
===============================================
CIS 560 Discussion 3
For more course tutorials visit
www.newtonhelp.com
1. From the first e-Activity, what are some best practices that could be
used by businesses to ensure that digital certificates are not fake
certificates?
***E-Activity: Go to Computerworld’s Website and read
“Researchers hack VeriSign’s SSL scheme for securing websites”,
located at
3. http://www.computerworld.com/s/article/9124558/Researchers_hack_
VeriSign_s_SSL_scheme_for_securing_Web_sites. ***
2. What is the purpose of encrypting a disk? What are some of the
advantages and disadvantages in doing so? Would you use BitLocker
to protect your data?
3. From the second e-Activity, evaluate the decision Dartmouth made
to implement the Oracle Identity Manager 11g in terms of
administrative functions, cost, and ease of use. Determine whether or
not Dartmouth’s requirements were reasonable and easy to
implement. Explain why or why not.
***E-Activity: Download and read the PDF file, “Oracle Identity
Management at Dartmouth College: A Case Study”, located at
http://aptecllc.com/case-studies/oim11g/case-study-titile-goes-here-
pdf. Be prepared to discuss. Note: If you experience difficulties
viewing the PDF file, you may need to copy and paste the Web
address into a browser for direct access to the file.
4. Compare and contrast identity management system (which students
are required to use to access their classes, grades, course schedules,
registration, etc.) to the Oracle Identity Manager 11g. Determine
which one you prefer and explain why.
===============================================
CIS 560 Week 2 Case Study 1 Stuxnet
For more course tutorials visit
www.newtonhelp.com
4. Case Study 1: Stuxnet
Due Week 2 and worth 60 points
In June 2010, Stuxnet, a complex and highly sophisticated computer
worm was discovered by Kaspersky Lab. Stuxnet targeted Siemens
industrial Supervisory Control and Data Acquisition (SCADA)
systems. It was reported that the worm appeared to target Iran’s
uranium enrichment infrastructure. Most computer worms and viruses
tend to target consumer systems such as desktop computers and
laptop computers.
You can learn more about Stuxnet athttp://www.youtube.com/watch?
v=scNkLWV7jSw.
Write a four to five (4-5) page paper in which you:
1. Analyze the level of security requirements between industrial
systems and consumer devices such as desktop computers.
Address if they should be the same or different.
2. Analyze the anatomy of Stuxnet and how it was able to damage
Iran’s SCADA systems.
3. Evaluate the lessons that were learned from Stuxnet about the
vulnerability of Iran’s SCADA systems. Suggest how the
attacks could have been prevented.
4. Provide five (5) guidelines that should be used to reduce a
network’s attack surface for industrial control systems.
5. 5. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define authorization and access to an IT infrastructure based on
an access control policy framework.
• Describe methods that mitigate risk to an IT infrastructure’s
with confidentiality, integrity, availability and access controls
• Use technology and information resources to research issues in
access control.
• Write clearly and concisely about topics related to Security
Access & Control Strategies using proper writing mec
• ============================================
===
•
CIS 560 Week 3 Assignment 1 Access Restrictions (2 Papers)
6. For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Assignment 1: Access Restrictions
Due Week 3 and worth 80 points
In a business environment, controlling who has access to business
information and at what level is critical for facilitating day-to-day
business operations. There are three levels of information access: no
access, read access, and read-write access. Use a business of your
choice to answer the criteria for this assignment.
Write a four to five (4-5) page paper in which you:
1. Identify the business you have selected.
2. Create five (5) cases in which the no-access level should be
applied within the selected business environment. Explain the
reasons for no access.
3. Provide five (5) cases in which the read-access level should be
applied within a business environment. Explain the reasons for
read access.
7. 4. Provide five (5) cases in which the read-write level should be
applied within the selected business. Explain the reasons for
read-write access.
5. Determine the type of access levels you would provide to a
contractor or consultant.
6. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define authorization and access to an IT infrastructure based on
an access control policy framework.
• Use technology and information resources to research issues in
access control.
• Write clearly and concisely about topics related to Security
Access & Control Strategies using proper writing mechanics and
technical style conventions.
===============================================
8. CIS 560 Week 4 Case Study 2 Cisco’s Remote Access (2
Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Case Study 2: Cisco’s Remote Access
Due Week 4 and worth 60 points
Go to Cisco’s Website and read, “How Cisco IT Provides Remote
Access for Small Offices and Teleworkers”, located
at http://bit.ly/MkvlbA. According to the study, an IDC forecast from
December 2007, expected the global mobile worker population to
increase from 758.6 million in 2006 to more than 1.0 billion in 2011.
Cisco had a significant number of telecommuting employees and
faced three challenges: provide network access features that cannot be
supported on a software VPN client, automate and simplify router
provisioning and updates, and enable a scalable VPN solution to
support up to 30,000 workers.
Write a four to five (4-5) page paper in which you:
1. Evaluate the deployment cost savings realized by Cisco, and
determine if it was significant.
2. Analyze how the solution deployed by Cisco improved:
1. employee productivity
9. 2. satisfaction
3. retention
1. Discuss how Cisco was able to achieve VPN scalability to
support thousands of users.
2. When thousands of employees telecommute and work in virtual
offices, there are benefits to the environment. Discuss the
environmental impact of the Cisco telecommuting and virtual
offices solution.
3. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
===============================================
CIS 560 Week 7 Assignment 2 Single Sign-On Access (2
Papers)
For more course tutorials visit
10. www.newtonhelp.com
This Tutorial contains 2 Papers
Assignment 2: Single Sign-On Access
Due Week 7 and worth 80 points
Some business and organizational network infrastructures consist of
multiple systems from the same or different vendors to provide,
conduct, process, and execute various business functions. Some
employees must access one or more of these systems using valid
access credentials (username and password). Logging in and out of
each system whenever access is desired can become a problem for
most users. Businesses and organizations have resorted to using
Single Sign-On (SSO) for user authentication and authorization.
Write a four to five (4-5) page paper in which you:
1. Analyze at least five (5) problems experienced by employees in
an enterprise where Single Sign-On (SSO) has not been
implemented.
2. Some businesses and organizations use Active Directory (AD)
to provide SSO access to the enterprise. Analyze the advantages
and disadvantages of using AD for SSO access.
3. Some businesses and organizations use Lightweight Directory
Access Protocol (LADP) to provide SSO access to the
enterprise. Analyze the advantages and disadvantages of using
LADP for SSO access.
4. Compare and contrast a Kerberos-based SSO configuration to a
smart card based configuration in terms of:
1. configurability
11. 2. established standards
3. implementation challenges
4. cost
1. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define authorization and access to an IT infrastructure based on
an access control policy framework.
• Define proper security controls within the User Domain to
mitigate risks and threats caused by human behavior
• Use technology and information resources to research issues in
access control.
Write clearly and concisely about topics related to Security Access &
Control Strategies using proper writing mechanics and technical style
conventions
12. ===============================================
CIS 560 Week 9 Assignment 3 Secure Encrypted
Communications (2 Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Assignment 3: Secure Encrypted Communications
Transmitting personal and business data and information over secure
communication channels is critical. In some cases it is required,
especially when personally identifiable information is being
transmitted. Credit card numbers, Social Security Numbers, online
purchases, business orders, and so on must all be transmitted over
secure communication channels. The Public Key Infrastructure (PKI)
provides the most widely used secure communications technology.
PKI relies on encryption.
Write a four to five (4-5) page paper in which you:
Compare and contrast symmetric encryption to asymmetric
encryption.
PKI uses digital certificates to encrypt / decrypt data. Analyze the
process of encrypting and decrypting data using a digital certificate.
Evaluate the advantages and disadvantages of using digital
certificates.
Evaluate the challenges related to public and private key management
when using PKI.
13. Use at least three (3) quality resources in this assignment.
Note:Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
=======================================
========
CIS 560 Week 10 Term Paper The Human Element (2 Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Term Papers
Term Paper: The Human Element
Human nature is the single greatest vulnerability in any control
system and cannot be ignored. Organizations should always take
human behavior into account when designing access plans and
strategies. Human beings can pose unintentional threats when they
accidentally delete data. Hackers may be motivated by financial data
14. when they attack a system or use social engineering skills to gain
access to restricted data. Consider human nature and organizational
behavior in this term paper.
Write an eight to ten (8-10) page paper in which you:
1. Propose five (5) techniques that organizations should apply to
mitigate the threats arising from human nature.
2. Evaluate the consequences of a poor hiring decision. Propose
steps that could be taken to prevent such bad decisions in the
first place.
3. Examine what an organization could possibly learn when a
policy is implemented to observe personnel in an ongoing
manner.
4. Propose five (5) best practices that you would use to handle
human nature and organizational behavior.
5. Use at least three (3) quality resources in this
assignment.Note:Wikipedia and similar Websites do not qualify
as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references
must follow APA or school-specific format. Check with your
professor for any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define proper security controls within the User Domain to
mitigate risks and threats caused by human behavior.
15. • Use technology and information resources to research issues in
access control.
• Write clearly and concisely about topics related to Security
Access & Control Strategies using proper writing mechanics and
technical
=======================================
========