For more course tutorials visit
www.newtonhelp.com
PLEASE CHECK ALL INCLUDED PRODUCTS IN THIS TUTORIAL AS SOME QUIZ MAY BE MISSING
CIS 333 Week 1 Discussion Providing Security Over Data
CIS 333 Week 2 Discussion Risk Management and Malicious Attacks
1. CIS 333 Entire Course (check details in description)
For more course tutorials visit
www.newtonhelp.com
PLEASE CHECK ALL INCLUDED PRODUCTS IN THIS
TUTORIAL AS SOME QUIZ MAY BE MISSING
CIS 333 Week 1 Discussion Providing Security Over Data
CIS 333 Week 2 Discussion Risk Management and Malicious Attacks
CIS 333 Week 2 Lab 1 Performing Reconnaissance and Probing
Using Common Tools
CIS 333 Week 3 Discussion
Security Administration and Access Control
CIS 333 Week 3 Case Study 1 Bring Your Own Device (BYOD)
CIS 333 Week 3 Lab 2
CIS 333 Week 4 Discussion Security Monitoring
CIS 333 Week 4 Lab 3 Enabling Windows Active Directory and User
Access Controls
CIS 333 Week 4 Assignment 1 Identifying Potential Malicious
Attacks, Threats, and Vulnerabilities
CIS 333 Week 5 Lab 4 Using Group Policy Objects and Microsoft
Baseline Security Analyzer for Change Control
2. CIS 333 Week 5 Discussion Business Impact Analysis (BIA) and
Risk Management
CIS 333 Week 6 Discussion Cryptography
CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic
Analysis
CIS 333 Week 6 Case Study 2 Public Key Infrastructure
CIS 333 Week 7 Discussion Network Security
CIS 333 Week 7 Lab 6 Using Encryption to Enhance Confidentiality
and Integrity
CIS 333 Week 8 Discussion The Impact of Malware
CIS 333 Week 8 Assignment 2 Identifying Potential Risk, Response,
and Recovery
CIS 333 Week 8 Lab 7 Performing a Web Site and Database Attack
by Exploiting Identified Vulnerabilities
CIS 333 Week 9 Discussion
CIS 333 Week 9 Lab 8 Eliminating Threats with a Layered Security
Approach
CIS 333 Week 10 Discussion
CIS 333 Week 10 Technical Project Paper Information Systems
Security
CIS 333 Week 11 Discussion 1 Course Takeaway
CIS 333 Week 11 Discussion 2 Course Wrap up
CIS 333 Final Exam (3 Sets)
===============================================
3. CIS 333 Final Exam (3 Sets)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 3 Set of Finals
Question 1 SIP is a ___________ protocol used to support real-time
communications.
Question 2 What name is given to a U.S. federal law that requires
U.S. government agencies to protect citizens’ private data and have
proper security controls in place?
Question 3 This security appliance examines IP data streams for
common attack and malicious intent patterns.
Question 4 What name is given to an exterior network that acts as a
buffer zone between the public Internet and an organization’s IT
infrastructure (i.e., LAN-to-WAN Domain)?
Question 5 ____________ is the amount of time it takes to recover
and make a system, application, and data available for use after an
outage.
Question 6 The requirement to keep information private or secret is
the definition of __________.
4. Question 7 The physical part of the LAN Domain includes a
__________, which is an interface between the computer and the
LAN physical media.
Question 8 The _________ Domain connects remote users to the
organization’s IT infrastructure.
Question 9 The world needs people who understand computer-
systems ________ and who can protect computers and networks from
criminals and terrorists.
Question 10 With wireless LANs (WLANs), radio transceivers are
used to transmit IP packets from a WLAN NIC to a _____________.
Question 11 As users upgrade LANs to GigE or 10GigE, switches
must support ________ and data IP traffic.
Question 12 Voice and unified communications are ________
applications that use 64-byte IP packets.
Question 13 The ________ in analog communications is one error for
every 1,000 bits sent; in digital communications, the __________ is
one error for every 1,000,000 bits sent.
Question 14 What term is used to describe streamlining processes
with automation or simplified steps?
Question 15 What is meant by application convergence?
Question 16 If VoIP traffic needs to traverse through a WAN with
congestion, you need ___________.
Question 17 What term is used to describe a packet-based WAN
service capable of supporting one-to-many and many-to-many WAN
connections?
Question 18 The total number of errors divided by the total number
of bits transmitted is the definition of __________.
5. Question 19 What is meant by DS0?
Question 20 ________ is the basis for unified communications and is
the protocol used by real-time applications such as IM chat,
conferencing, and collaboration.
Question 21 Prior to VoIP, attackers would use wardialers to
________.
Question 22 Which of the following is the definition of netcat?
Question 23 In a ________, the attacker sends a large number of
packets requesting connections to the victim computer.
Question 24 Malicious software can be hidden in a ________.
Question 25 A software program that collects information about
Internet usage and uses it to present targeted advertisements to users
is the definition of ________.
Question 26 ________ is a type of attack in which the attacker takes
control of a session between two machines and masquerades as one of
them.
Question 27 A ___________ is a software program that performs one
of two functions: brute-force password attack to gain unauthorized
access to a system, or recovery of passwords stored in a computer
system.
Question 28 A protocol analyzer or ____________ is a software
program that enables a computer to monitor and capture network
traffic.
Question 29 What is meant by promiscuous mode?
Question 30 A _________ has a hostile intent, possesses
sophisticated skills, and may be interested in financial gain. They
represent the greatest threat to networks and information resources.
6. Question 31 __________ tests interrupt the primary data center and
transfer processing capability to an alternate site.
Question 32 How often should an organization perform a risk
management plan?
Question 33 __________ is rapidly becoming an increasingly
important aspect of enterprise computing.
Question 34 When you accept a __________, you take no further
steps to resolve.
Question 35 What name is given to a risk-analysis method that uses
relative ranking to provide further definition of the identified risks in
order to determine responses to them?
Question 36 What name is given to a comparison of security controls
in place and the controls that are needed to address all identified
threats?
Question 37 The process of managing risks starts by identifying
__________.
Question 38 Which of the following is the definition of business
drivers?
Question 39 A ___________ will help identify not only which
functions are critical, but also how quickly essential business
functions must return to full operation following a major interruption.
Question 40 What is meant by risk register?
Question 41 The ____________ is the central part of a computing
environment’s hardware, software, and firmware that enforces access
control for computer systems.
Question 42 What is meant by physically constrained user interface?
7. Question 43 Biometrics is another ________ method for identifying
subjects.
Question 44 _____________is the process of dividing a task into a
series of unique activities performed by different people, each of
whom is allowed to execute only one part of the overall task.
Question 45 An organization’s facilities manager might give you a
security card programmed with your employee ID number, also
known as a ________.
Question 46 Which of the following is not a type of authentication?
Question 47 Two-factor __________ should be the minimum
requirement for valuable resources as it provides a higher level of
security than using only one.
Question 48 A mechanism that limits access to computer systems and
network resources is ________,
Question 49 What term is used to describe a device used as a logon
authenticator for remote users of a network?
Question 50 The Bell-La Padula access control model focuses
primarily on ________.
Question 51 The process of managing the baseline settings of a
system device is called ________
Question 52 Which of the following is the definition of system
owner?
Question 53 ___________ are the benchmarks that help make sure a
minimum level of security exists across multiple applications of
systems and across different products.
Question 54 Which of the following is the definition of guideline?
Question 55 A security awareness program includes ________.
8. Question 56 One of the most popular types of attacks on computer
systems involves ___________. These attacks deceive or use people
to get around security controls. The best way to avoid this risk is to
ensure that employees know how to handle such attacks.
Question 57 The ___________ team’s responsibilities include
handling events that affect your computers and networks and
ultimately can respond rapidly and effectively to any event
Question 58 ________ states that users must never leave sensitive
information in plain view on an unattended desk or workstation.
Question 59 What name is given to a method of developing software
that is based on small project iterations, or sprints, instead of long
project schedules?
Question 60 The primary task of an organization’s __________ team
is to control access to systems or resources.
Question 61 As your organization evolves and as threats mature, it is
important to make sure your __________ still meet(s) the risks you
face today.
Question 62 Security audits help ensure that your rules and
__________ are up to date, documented, and subject to change
control procedures.
Question 63 _________ was developed for organizations such as
insurance and medical claims processors, telecommunication service
providers, managed services providers, and credit card transaction
processing companies.
Question 64 SOC 2 and SOC 3 reports both address primarily
________-related controls.
Question 65 A method of security testing that isn’t based directly on
knowledge of a program’s architecture is the definition of ________.
9. Question 66 The ___________ framework defines the scope and
contents of three levels of audit reports.
Question 67 ________ provides information on what is happening as
it happens.
Question 68 The primary difference between SOC 2 and SOC 3
reports is ________.
Question 69 Which of the following is the definition of hardened
configuration?
Question 70 What term is used to describe a reconnaissance technique
that enables an attacker to use port mapping to learn which operating
system and version are running on a computer?
Question 71 It is necessary to create and/or maintain a plan that
makes sure your company continues to operate in the face of disaster.
This is known as a ________.
Question 72 Forensics and incident response are examples of
___________ controls.
Question 73 ___________ is the likelihood that a particular threat
exposes a vulnerability that could damage your organization.
Question 74 An intrusion detection system (IDS) is an example of
___________ controls.
Question 75 What term is used to describe something built in or used
in a system to address gaps or weaknesses in the controls that could
otherwise lead to an exploit?
Question 76 A(n) ________ is a measurable occurrence that has an
impact on the business.
10. Question 77 A company can discontinue or decide not to enter a line
of business if the risk level is too high. This is categorized as
________.
Question 78 A threat source can be a situation or method that might
accidentally trigger a(n) ____________.
Question 79 An organization knows that a risk exists and has decided
that the cost of reducing it is higher than the loss would be. This can
include self-insuring or using a deductible. This is categorized as
________.
Question 80 A _________ determines the extent of the impact that a
particular incident would have on business operations over time.
Question 81 In a ________, the cryptanalyst possesses certain pieces
of information before and after encryption.
Question 82 A ________ is an encryption key used to encrypt other
keys before transmitting them.
Question 83 What term is used to describe an encryption algorithm
that has no corresponding decryption algorithm?
Question 84 What name is given to an object that uses asymmetric
encryption to bind a message or data to a specific entity?
Question 85 _______________ enables you to prevent a party from
denying a previous statement or action.
Question 86 What name is given to random characters that you can
combine with an actual input key to create the encryption key?
Question 87 What is meant by key distribution?
Question 88 What name is given to an encryption cipher that is a
product cipher with a 56-bit key consisting of 16 iterations of
substitution and transformation?
11. Question 89 The most scrutinized cipher in history is the ________.
Question 90 ________ is a one-way calculation of information that
yields a result usually much smaller than the original message.
Question 91 Which of the following is the definition of network
address translation (NAT)?
Question 92 A firewall that examines each packet it receives and
compares the packet to a list of rules configured by the network
administrator is the definition of ________.
Question 93 Which OSI Reference Model layer creates, maintains,
and disconnects communications that take place between processes
over the network?
Question 94 What term is used to describe the current encryption
standard for wireless networks?
Question 95 Which OSI Reference Model layer uses Media Access
Control (MAC) addresses? Device manufacturers assign each
hardware device a unique MAC address.
Question 96 What name is given to a protocol to implement a VPN
connection between two computers?
Question 97 Which OSI Reference Model layer includes all programs
on a computer that interact with the network?
Question 98 A method to restrict access to a network based on
identity or other rules is the definition of ________.
Question 99 A method to restrict access to a network based on
identity or other rules is the definition of ________.
Question 100 What term is used to describe a method of IP address
assignment that uses an alternate, public IP address to hide a system’s
real IP address?
12. Question 101 Malicious code attacks all three information security
properties. Malware can modify database records either immediately
or over a period of time. This property is ________.
Question 102 Malicious code attacks all three information security
properties. Malware can erase or overwrite files or inflict considerable
damage to storage media. This property is ________.
Question 103 ________ counter the ability of antivirus programs to
detect changes in infected files.
Question 104 Another way that malicious code can threaten
businesses is by using mass bulk e-mail (spam), spyware, persistence
cookies, and the like, consuming computing resources and reducing
user productivity. These are known as ________.
Question 105 One of the ways that malicious code can threaten
businesses is by causing economic damage or loss due to the theft,
destruction, or unauthorized manipulation of sensitive data. These are
known as ________.
Question 106 Which of the following describes the Internet
Engineering Task Force (IETF)?
Question 107 The ________________ is a subcommittee of the IETF
that serves as an advisory body to the Internet Society (ISOC). It is
composed of independent researchers and professionals who have a
technical interest in the well-being of the Internet.
Question 108 The ________ is the main United Nations agency
responsible for managing and promoting information and technology
issues.
Question 109 The __________ is a national program that empowers
and encourages excellence among U.S. organizations, including
13. manufacturers, service organizations, educational institutions, health
care providers, and nonprofit organizations.
Question 110 The ________ is a U.S. standards organization whose
goal is to empower its members and constituents to strengthen the
U.S. marketplace position in the global economy, while helping to
ensure the safety and health of consumers and the protection of the
environment.
Question 111 The four main areas in NIST SP 800-50 are awareness,
training, education, and __________________.
Question 112 With university doctoral programs, completing the
degree requirements takes ________.
Question 113 What name is given to educational institutions that meet
specific federal information assurance educational guidelines?
Question 114 Obtaining the coveted CAE/IAE or CAE/R designation
means the curriculum and research institutions meet or exceed the
standards defined by the _______.
Question 115 One type of degree that many institutions offer is the
associate’s degree. This degree is the most accessible because it
generally represents a _________ program.
Question 116 The ____________ concentration from (ISC)2 is the
road map for incorporating security into projects, applications,
business processes, and all information systems.
Question 117 The four main credentials of the ________ are Systems
Security Certified Practitioner (SSCP®), Certified Information
Systems Security Professional (CISSP®), Certified Authorization
Professional (CAP®), and Certified Secure Software Lifecycle
Professional (CSSLP®).
14. Question 118 Which is the highest level of Check Point certification
for network security?
Question 119 CompTIA’s Security+ certification provides ________.
Question 120 (ISC)2 offers the ________________ credential, which
is one of the few credentials that address developing secure software.
It evaluates professionals for the knowledge and skills necessary to
develop and deploy secure applications.
Question 121 ____________ creates standards that federal agencies
use to classify their data and IT systems.
Question 122 Under HIPAA, an organization that performs a health
care activity on behalf of a covered entity is known as a(n) ________.
Question 123 Tier C violations under the HITECH Act are ________.
Question 124 The regulating agency for the Federal Information
Systems Management Act is the ________.
Question 125 What is meant by protected health information (PHI)?
===============================================
CIS 333 Week 1 Discussion Providing Security Over Data
For more course tutorials visit
www.newtonhelp.com
15. • "Providing Security Over Data" Please respond to the following:
• • The CIA triad (confidentiality, integrity, and availability) offers
three (3) security tenets that allow data owners the framework to
secure data. Considering your place of employment or your home
computing environment, discuss in detail the primary means in which
each of the three (3) tenets are addressed to mitigate risk and enhance
security in your chosen environment.
• • The proliferation of mobile devices to create or access data has had
a significant effect on the security concerns surrounding personal and
corporate data. From the selected e-Activity article, summarize the
attack, and determine the key ways in which you would consider
mitigating the threat.
===============================================
CIS 333 Week 1-11 Discussion
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 1 Discussion Providing Security Over Data
CIS 333 Week 2 Discussion Risk Management and Malicious Attacks
CIS 333 Week 3 Discussion
CIS 333 Week 4 Discussion Security Monitoring trol
16. CIS 333 Week 5 Discussion Business Impact Analysis (BIA) and
Risk Management
CIS 333 Week 6 Discussion Cryptography
CIS 333 Week 7 Discussion Network Security
CIS 333 Week 8 Discussion The Impact of Malware
CIS 333 Week 9 Discussion
CIS 333 Week 10 Discussion
CIS 333 Week 11 Discussion 1 Course Takeaway
CIS 333 Week 11 Discussion 2 Course Wrap up
===============================================
CIS 333 Week 2 Discussion Risk Management and Malicious
Attacks
For more course tutorials visit
www.newtonhelp.com
"Risk Management and Malicious Attacks" Please respond to the
following:
• With regards to risk-response planning, there are four (4) responses
to negative risks that an organization may pursue: avoid, transfer,
mitigate, and accept. Develop an original and unique scenario to
describe and contrast each of these responses.
17. • From the selected e-Activity article, describe in detail the way in
which the malware was utilized to steal data or gain privileged remote
access to a computer or network. Suppose you were an IT Security
professional working at the attacked business, and detail the security
controls that you would consider putting into practice that would help
to prevent this and similar types of malware attacks moving forward.
===============================================
CIS 333 Week 2 Lab 1 Performing Reconnaissance and
Probing Using Common Tools
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 2 Lab 1 Performing Reconnaissance and Probing
Using Common Tools
===============================================
CIS 333 Week 3 Case Study 1 Bring Your Own Device
(BYOD)
18. For more course tutorials visit
www.newtonhelp.com
Case Study 1: Bring Your Own Device (BYOD)
Due Week 3 and worth 60 points
Read the following articles located in the course shell: “The dark side
of BYOD” from TechRepublic and “BYOD As We Know It Is Dead”
from Forbes.
Write a two to three (2-3) page paper in which you:
1. Identify the primary benefits of BYOD in organizations, and
determine the key ways in which its concepts can enhance an end
user’s overall working experience.
2. Analyze in detail the major risks surrounding BYOD, and analyze
the security controls and technologies that are currently available and
being utilized to manage these risks.
3. Provide a real-world example of how BYOD either positively or
negatively affected an organization’s productivity and / or security.
4. Determine whether or not you would consider implementing
BYOD concepts in a real organization and whether or not the benefits
outweigh the risks.
5. Use at least three (3) quality resources in this assignment (no more
than two to three [2-3] years old) from material outside the textbook.
Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
19. • Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain how businesses apply cryptography in maintaining
information security.
• Use technology and information resources to research issues in
information systems security.
Write clearly and concisely about network security topics using
proper writing mechanics and technical style conventions
===============================================
CIS 333 Week 3 Discussion Security Administration and
Access Control
For more course tutorials visit
www.newtonhelp.com
20. "Security Administration and Access Control" Please respond to the
following:
• From the e-Activity, summarize the ethical dilemma, and develop a
plan in which you would mitigate the vulnerability.
• Compare and contrast physical access controls and logical access
controls. Further explain in what ways both physical and logical
access controls are related to implementing a security policy.
===============================================
CIS 333 Week 3 Lab 2
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 3 Lab 2 Performing a Vulnerability Assessment Case
Study 1 Bring Your Own Device (BYOD)
===============================================
CIS 333 Week 4 Assignment 1 Identifying Potential
Malicious Attacks, Threats, and Vulnerabilities (2 Papers)
21. For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Assignment 1: Identifying Potential Malicious Attacks, Threats, and
Vulnerabilities
Due Week 4 and worth 75 points
You have just been hired as an Information Security Engineer for a
videogame development company. The organization network
structure is identified in the below network diagram and specifically
contains:
1) 2 – Firewalls 5) 2 – Windows Server 2012 Active Directory
Domain Controllers (DC)
2) 1 – Web / FTP server 6) 3 – File servers
3) 1 – Microsoft Exchange Email server 7) 1 – Wireless access point
(WAP)
4) 1 – Network Intrusion Detection System (NIDS) 8) 100 –
Desktop / Laptop computers
9) VoIP telephone system
The CIO has seen reports of malicious activity being on the rise and
has become extremely concerned with the protection of the
intellectual property and highly sensitive data maintained by your
organization. As one of your first tasks with the organization, the CIO
requested you identify and draft a report identifying potential
malicious attacks, threats, and vulnerabilities specific to your
22. organization. Further, the CIO would like you to briefly explain each
item and the potential impact it could have on the organization.
Write a four to five (4-5) page paper in which you:
1. Analyze three (3) specific potential malicious attacks and / or
threats that could be carried out against the network and organization.
2. Explain in detail the potential impact of the three (3) selected
malicious attacks.
3. Propose the security controls that you would consider
implementing in order to protect against the selected potential
malicious attacks.
4. Analyze three (3) potential concerns for data loss and data theft that
may exist in the documented network.
5. Explicate the potential impact of the three (3) selected concerns for
data loss and data theft.
6. Propose the security controls that you would consider
implementing in order to protect against the selected concerns for data
loss and data theft.
7. Use at least three (3) quality resources in this assignment (no more
than two to three [2-3] years old) from material outside the textbook.
Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
23. • Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain the concepts of information systems security as applied to
an IT infrastructure.
• Describe the principles of risk management, common response
techniques, and issues related to recovery of IT systems.
• Describe how malicious attacks, threats, and vulnerabilities impact
an IT infrastructure.
• Explain the means attackers use to compromise systems and
networks, and defenses used by organizations.
• Use technology and information resources to research issues in
information systems security.
• Write clearly and concisely about network security topics using
proper writing mechanics and technical style conventions.
===============================================
CIS 333 Week 4 Discussion Security Monitoring
For more course tutorials visit
www.newtonhelp.com
24. "Security Monitoring" Please respond to the following:
• Considering your place of employment or your home computing
environment, discuss in detail the way in which in-depth (or layered)
defense is employed to enhance security in your chosen environment.
• According to the textbook, Intrusion Detection Systems (IDS),
which can be categorized as Host IDS (HIDS) and Network IDS
(NIDS), is a means of providing real-time monitoring. Compare and
contrast HIDS and NIDS, and provide at least one (1) example
identifying when one (1) would be more appropriate to use over the
other. Provide a rationale to support your chosen example.
===============================================
CIS 333 Week 4 Lab 3 Enabling Windows Active Directory
and User Access Controls
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 4 Lab 3 Enabling Windows Active Directory and User
Access Controls
===============================================
25. CIS 333 Week 5 Discussion Business Impact Analysis (BIA)
and Risk Management
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 5 Discussion
"Business Impact Analysis (BIA) and Risk Management" Please
respond to the following:
• According to the text, a BIA determines the extent of the impact that
a particular incident would have on business operation over time.
Determine the major ways in which people, systems, data, and
property will impact a BIA. Provide specific examples to support your
response.
• Compare and contrast qualitative risk analysis and quantitative risk
analysis, and provide at least two (2) examples identifying a situation
when each would be useful.
===============================================
CIS 333 Week 5 Lab 4 Using Group Policy Objects and
Microsoft Baseline Security Analyzer for Change Control
26. For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 5 Lab 4 Using Group Policy Objects and Microsoft
Baseline Security Analyzer for Change Control
===============================================
CIS 333 Week 6 Case Study 2 Public Key Infrastructure (2
Papers)
For more course tutorials visit
www.newtonhelp.com
This Tutorial contains 2 Papers
Case Study 2: Public Key Infrastructure
Due Week 6 and worth 60 points
Suppose you are the Information Security Director at a small
software company. The organization currently utilizes a Microsoft
Server 2012 Active Directory domain administered by your
information security team. Mostly software developers and a
relatively small number of administrative personnel comprise the
remainder of the organization. You have convinced business unit
27. leaders that it would be in the best interest of the company to use a
public key infrastructure (PKI) in order to provide a framework that
fosters confidentiality, integrity, authentication, and nonrepudiation.
Email clients, virtual private network (VPN) products, Web server
components, and domain controllers would utilize digital certificates
issued by the certificate authority (CA). Additionally, the company
would use digital certificates to sign software developed by the
company in order to demonstrate software authenticity to the
customer.
Write a two to three (2-3) page paper in which you:
1. Analyze the fundamentals of PKI, and determine the primary ways
in which its features and functions could benefit your organization
and its information security department.
2. Propose one (1) way in which the PKI could assist in the process of
signing the company’s software, and explain the main reason why a
customer could then believe that software to be authentic.
3. Compare and contrast public and in-house CAs. Include the
positive and negative characteristics of each type of certificate
authority, and provide a sound recommendation of and a justification
for which you would consider implementing within your organization.
Explain your rationale.
4. Use at least three (3) quality resources in this assignment (no more
than two to three [2-3] years old) from material outside the textbook.
Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
28. follow APA or school-specific format. Check with your professor for
any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain how businesses apply cryptography in maintaining
information security.
• Use technology and information resources to research issues in
information systems security.
• Write clearly and concisely about network security topics using
proper writing mechanics and technical style conventions.
===============================================
CIS 333 Week 6 Discussion Cryptography
For more course tutorials visit
www.newtonhelp.com
"Cryptography" Please respond to the following:
• Considering that, due to its extremely sensitive nature, shared data
that organizations transmit through collaboration must be kept
29. confidential at all costs, formulate a possible solution that utilizes
symmetric or asymmetric cryptography, and describe the advantages
and disadvantages of the selected solution. If you had to select one (1)
of the two (2) encryption options over the other, justify the one that
you would choose, and explain your reasoning.
• From the e-Activity and your own research, give your opinion of the
two (2) most important ways that you believe encryption could assist
in addressing some of the current challenges facing organizations
today, and explain why these solutions are so important. Justify your
answer.
===============================================
CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic
Analysis
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 6 Lab 5 Performing Packet Capture and Traffic
Analysis
===============================================
CIS 333 Week 7 Discussion Network Security
30. For more course tutorials visit
www.newtonhelp.com
"Network Security" Please respond to the following:
• From the first e-Activity, discuss your rationale for choosing the
specific firewall in question, and determine the primary way in which
a company could incorporate it into an enterprise network in order to
enhance security. Select the two (2) most important and / or unique
features of the chosen firewall, and explain the primary reasons why
those features make the firewall a viable option in enterprises today.
Justify your answer.
• From the second e-Activity, discuss what you believe to be the two
(2) most important security considerations related to cloud
deployments, and explain the main reasons why you believe such
considerations to be the most important.
===============================================
CIS 333 Week 7 Lab 6 Using Encryption to Enhance
Confidentiality and Integrity
For more course tutorials visit
www.newtonhelp.com
31. CIS 333 Week 7 Lab 7 Using Encryption to Enhance Confidentiality
and Integrity
===============================================
CIS 333 Week 8 Assignment 2 Identifying Potential Risk,
Response, and Recovery
For more course tutorials visit
www.newtonhelp.com
Assignment 2: Identifying Potential Risk, Response, and Recovery
Due Week 8 and worth 75 points
In Assignment 1, a videogame development company recently hired
you as an Information Security Engineer. After viewing a growing
number of reports detailing malicious activity, the CIO requested that
you draft a report in which you identify potential malicious attacks
and threats specific to your organization. She asked you to include a
brief explanation of each item and the potential impact it could have
on the organization.
After reviewing your report, the CIO requests that you develop a
follow-up plan detailing a strategy for addressing all risks (i.e., risk
mitigation, risk assignment, risk acceptance, or risk avoidance)
identified in Assignment 1. Further, your plan should identify controls
32. (i.e., administrative, preventative, detective, and corrective) that the
company will use to mitigate each risk previously identified.
Write a four to five (4-5) page paper in which you:
1. For each of the three (3) or more malicious attacks and / or threats
that you identified in Assignment 1, choose a strategy for addressing
the associated risk (i.e., risk mitigation, risk assignment, risk
acceptance, or risk avoidance). Explain your rationale.
2. For each of the three (3) or more malicious attacks and / or threats
identified in Assignment 1, develop potential controls (i.e.,
administrative, preventative, detective, and corrective) that the
company could use to mitigate each associated risk.
3. Explain in detail why you believe the risk management, control
identification, and selection processes are so important, specifically in
this organization.
4. Draft a one (1) page Executive Summary that details your strategies
and recommendations to the CIO (Note: The Executive Summary is
included in the assignment’s length requirements).
5. Use at least three (3) quality resources in this assignment (no more
than two to three [2-3] years old) from material outside the textbook.
Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; references must follow APA or
school-specific format. Check with your professor for any additional
instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
33. The cover page and the reference page are not included in the required
page length.
The specific course learning outcomes associated with this
assignment are:
• Explain the concepts of information systems security as applied to
an IT infrastructure.
• Describe the principles of risk management, common response
techniques, and issues related to recovery of IT systems.
• Describe how malicious attacks, threats, and vulnerabilities impact
an IT infrastructure.
• Explain the means attackers use to compromise systems and
networks, and defenses used by organizations.
• Use technology and information resources to research issues in
information systems security.
• Write clearly and concisely about network security topics using
proper writing mechanics and technical style conventions.
===============================================
CIS 333 Week 8 Discussion The Impact of Malware
For more course tutorials visit
www.newtonhelp.com
34. "The Impact of Malware" Please respond to the following:
• From the first e-Activity, analyze the selected two (2) resources that
are available for security professionals to find information about
threats and / or malware active today. Justify your belief these
resources are helpful for security professionals.
• From the second e-Activity, explain whether or not you believe that
the myth of Mac devices being more secure than Windows devices is
becoming history, and justify your answer. Further, indicate one (1)
main reason why you believe this myth still exists in the minds of end
users and businesses.
===============================================
CIS 333 Week 8 Lab 7 Performing a Web Site and Database
Attack by Exploiting Identified Vulnerabilities
For more course tutorials visit
www.newtonhelp.com
CIS 333 Week 8 Lab 8 Performing a Web Site and Database Attack
by Exploiting Identified Vulnerabilities
===============================================
CIS 333 Week 9 Discussion
35. For more course tutorials visit
www.newtonhelp.com
"Security Standards" Please respond to the following:
• A number of organizations exist to define information security
standards. Explain the importance of standards organizations with
regard to both information systems and information systems security.
Provide a rationale for your response.
• From the e-Activity, determine two (2) specific concerns that
you believe exist for cloud deployments, and ascertain whether or not
data breaches, such as the Snowden Incident have heightened
concerns. Justify your answer.
===============================================
CIS 333 Week 9 Lab 8 Eliminating Threats with a Layered
Security Approach
For more course tutorials visit
www.newtonhelp.com
36. CIS 333 Week 9 Lab 9 Eliminating Threats with a Layered Security
Approach
===============================================
CIS 333 Week 10 Discussion
For more course tutorials visit
www.newtonhelp.com
• Describe one (1) IT position that you currently hold or would like to
hold in the future. Next, explain whether or not you believe obtaining
certifications would help you in the position in question. If so,
determine the certifications that you believe would prove to be
helpful. Provide a rationale for your response.
• From the e-Activity, explain the regulatory compliance law that you
researched, and ascertain the effect that information security could
have on such a law. Based on the requirements of the law that you
researched, indicate whether or not you believe that the regulations
are reasonable for organizations to follow. Justify your answer.
===============================================
CIS 333 Week 10 Technical Project Paper Information
Systems Security
37. For more course tutorials visit
www.newtonhelp.com
Technical Project Paper: Information Systems Security
Due Week 10 and worth 150 points
Suppose you are the IT professional in charge of security for a small
pharmacy that has recently opened within a shopping mall. The daily
operation of a pharmacy is a unique business that requires a
combination of both physical and logical access controls geared
toward protecting medication and funds located on the premises, as
well as the customers’ personally identifiable information and
protected health information that resides on your system. Your
supervisor has tasked you with identifying inherent risks associated
with your pharmacy and establishing strong physical and logical
access control methods to mitigate the identified risks.
1) Firewall (1) 4) Desktop computers (4)
2) Windows 2012 Active Directory Domain Controllers (DC) (1) 5)
Dedicated T1 Connection (1)
3) File Server (1)
Write an eight to ten (8-10) page paper in which you:
1. Identify at least five (5) potential physical threats that require
attention.
2. Determine the impact of at least five (5) potential logical threats
that require attention.
38. 3. Detail the security controls (i.e., administrative, preventative,
detective, and corrective) that the pharmacy could implement in order
to protect it from the five (5) selected physical threats.
4. Explain in detail the security controls (i.e., administrative,
preventative, detective, and corrective) that could be implemented to
protect from the five (5) selected logical threats.
5. For each of the five (5) selected physical threats, choose a strategy
for addressing the risk (i.e., risk mitigation, risk assignment, risk
acceptance, or risk avoidance). Justify your chosen strategies.
6. For each of the five (5) selected logical threats, choose a strategy
for handling the risk (i.e., risk mitigation, risk assignment, risk
acceptance, or risk avoidance). Justify your chosen strategies.
7. Use at least five (5) quality resources in this assignment (no more
than 2-3 years old) from material outside the textbook.Note:
Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size 12),
with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for
any additional instructions.
• Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the date.
The cover page and the reference page are not included in the required
assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Explain the concepts of information systems security as applied to
an IT infrastructure.
39. • Describe how malicious attacks, threats, and vulnerabilities impact
an IT infrastructure.
• Explain the means attackers use to compromise systems and
networks, and defenses used by organizations.
• Explain the role of access controls in implementing a security
policy.
• Use technology and information resources to research issues in
information systems security.
• Write clearly and concisely about network security topics using
proper writing mechanics and technical style conventions.
• Explain how businesses apply cryptography in maintaining
information security.
• Analyze the importance of network principles and architecture to
security operations.•
===============================================
CIS 333 Week 11 Discussion 1 Course Takeaway
For more course tutorials visit
www.newtonhelp.com
"Course Takeaway" Please respond to the following:
40. Share two new insights about networking security fundamentals you
have discovered from this course. Explain how this type of course is
essential for every network security professional.
===============================================
CIS 333 Week 11 Discussion 2 Course Wrap up
For more course tutorials visit
www.newtonhelp.com
"Course Wrap-up" Please respond to the following:
Explain five or more key topics discussed during this course that you
would like to teach a friend who has a minimal level of information
systems security knowledge. Discuss how you can apply the learning
outcomes of this course to your professional and personal life.
===============================================