1. CMGT 431 Entire Course (New Syllabus)
For more course tutorials visit
www.tutorialrank.com
CMGT 431 Week 4 Lab
CMGT 431 Week 5 Lab
CMGT 431 Week 1 Encryption Methodologies to Protect an
Organization’s Data Paper
CMGT 431 Week 1 Discussion Classifying an Organization’s Sensitive
Data
3. CMGT 431 Week 4 Discussion Audit Process
CMGT 431 Week 4 Testing and Assessment Strategies
CMGT 431 Week 5 Discussion Incident Response Plan
CMGT 431 Week 5 Individual Incident Response Paper
CMGT 431 Week 1 Threat Model
CMGT 431 Week 2 Security Vulnerability Report (2 Papers)
CMGT 431 Week 3 Audit Process Presentation (2 PPT)
4. CMGT 431 Week 4 Prevention Measures for Vulnerabilities (2 Papers)
CMGT 431 Week 5 Learning Team Risk Management & Security Plan
(2 PPT)
CMGT 431 Week 5 Information Systems Security Implementation
Recommendation (1 Paper and 1 PPT)
CMGT 431 Week 2 Network Architecture
CMGT 431 Week 3 Testing and Assessment Strategies
CMGT 431 Week 4 Change Management Plan
.....................................................................................................................
.........................................
CMGT 431 Week 1 Discussion Classifying an
Organization’s Sensitive Data
For more course tutorials visit
www.tutorialrank.com
Respond to the following in a minimum of 175 words:
5. Organizations need to know the value of their data to find the best way
to protect it. The data must be categorized according to the
organization’s level of concern for confidentiality, integrity, and
availability. The potential impact on assets and operations should be
known in case data, systems, and/or networks are compromised (through
unauthorized access, use, disclosure, disruption, modification, or
destruction).
Choose an organization that you are familiar with to study throughout
this course. You can use your own employer or another organization. I
do encourage you to choose one that you have some experience with as
there are significant differences and requirements between the different
vertical markets.
Based on your chosen organization, ensure you:
Discuss the organization’s data. What types of data does it have? Is any
of the data subject to regulatory security requirements (FERPA, HIPPA,
GDPR, etc.) Is some of the data used or generated outside of the US?
Discuss the organization’s categorization of the data based on the
Standards for Security Categorization of Federal Information and
Information Systems.
.....................................................................................................................
.........................................
CMGT 431 Week 1 Encryption Methodologies to Protect
an Organization’s Data Paper
6. For more course tutorials visit
www.tutorialrank.com
Week 1 Encryption Methodologies to Protect an Organization’s Data
Paper
Assignment Content
Companies are susceptible to losing sensitive data in many ways,
including cyber-attackers and human errors, so it is important for
organizations to properly protect their data and network.
In this assignment, you will create an executive summary of your
organization's Security Policy for your CSO's (Chief Security Officer)
review. Use the organization you chose in the discussion Classifying an
Organization's Sensitive Data to frame the recommendations and
information that needs to be protected. For example, a company in the
Healthcare industry will have patient information that falls under the
HIPAA regulations.
7. Write a 2- to 3-page executive summary. Make sure to include the
following items:
o List the organization’s sensitive data categories that must be
protected.
o Describe how you are mitigating at least 2 primary threats that could
compromise the organization’s data.
o Describe how encryption should be implemented to protect the
organization’s sensitive data.
Format your assignment and all references and citations according to
APA guidelines. Given that this is an academic paper, additional
research outside of the class materials to support the assertions in the
document is expected.
8. Submit your assignment in Microsoft Word format.
...................................................................................................................
...........................................
CMGT 431 Week 2 Discussion Secure Network
Architecture
For more course tutorials visit
www.tutorialrank.com
Respond to the following in a minimum of 175 words:
It has been stated that an organization’s success securing its assets builds
on top of business infrastructure, which includes the appropriate
policies, procedures, and processes. Typically this would include
business and operational processes, physical and virtual security
components and last but by no means least, a secure systems and
network infrastructure. Pick one of these elements and share with the
class some of your research.
Describe how the component works in an overall cybersecurity
architecture. Take care to describe how it provides defense to protect the
organization’s data, network, and assets.
9. Explain how the component is secured and how its security interacts
with the other elements in the overall infrastructure and how it protects
the organization. Cite all sources that you used for your research.
.....................................................................................................................
.........................................
CMGT 431 Week 2 Security Vulnerability Report
For more course tutorials visit
www.tutorialrank.com
Individual: Security Vulnerability Report
A security vulnerability report identifies the areas of the organization
that are at risk of losing data, outages, etc. Typically, organizations
categorize the report to focus on specific areas and highlight the level of
risk per area. Based on the vulnerability report, organizations are able to
plan appropriately for budgeting and resource improvements. Write a
2½- to 3 ½-page security vulnerability report in Microsoft Word based
10. on the organization you chose in Week 1. An internal review of your
organization was previously conducted and found the following
vulnerabilities:
A formal Password Policy has not been developed that meets your
organization’s regulatory requirements.
The organization only uses single factor authentication using weak
passwords.
Vulnerability Severity: High
Impact: Threats could easily guess weak passwords allowing
unauthorized access.
Software configuration management does not exist on your
organization’s production servers.
There are different configurations on each server and no operating
system patching schedule.
Vulnerability Severity: Moderate
11. Impact: With ad hoc configuration management, the organization could
inadvertently or unintentionally make changes to the servers that could
cause a self-imposed denial of service.
An Incident Response Plan has not been developed.
There is not a formal process for responding to a security incident.
Vulnerability Severity: High
Impact: In the event of a security incident, an ad hoc process could allow
the security incident to get worse and spread throughout the network; the
actual attack may not be recognized or handled in a timely manner
giving the attacker more time to expand the attack.
Consider people, processes, and technology that can be exploited by the
source of a threat.
Include recommended countermeasures to mitigate the impacts and risks
of the vulnerabilities.
12. Format your citations according to APA guidelines.
Submit your assignment.
.....................................................................................................................
.........................................
CMGT 431 Week 3 Discussion Authentication
Methodologies
For more course tutorials visit
www.tutorialrank.com
Respond to the following in a minimum of 175 words:
Authentication ensures only authorized users are allowed into an
organization’s network. As threats become more sophisticated, it is
critical to have strong authentication in place from the policy, process,
and technology perspective. Research identification and authorization,
comparing and contrasting their strengths and weaknesses.
13. Describe the various mechanisms for implementing authentication to
access a network. Why is single factor authentication not enough
protection in today’s network environment? What are some of the newer
methods that address this deficiency?
Discuss how integration of Identity-as-a-Service (IDaaS) might be used
to improve authentication capabilities in your chosen organization.
Due Monday
Reply to at least 2 of your classmates. Be constructive and professional
in your responses. Cite your sources for all research and analysis.
Bottom of Form
.....................................................................................................................
.........................................
CMGT 431 Week 3 Individual Authentication and
Authorization Methodologies Presentation
For more course tutorials visit
www.tutorialrank.com
Individual Authentication and Authorization Methodologies Presentation
14. Once a user is authenticated in an organization’s network, that user is
authorized to access certain data based on the information security
principle of least privilege.
Your CEO and CIO need options for the organization’s authentication
and authorization methodologies. Recommendations should include how
to mitigate the impact and risks from vulnerabilities.
Create an 9- to 11-slide, media-rich presentation in Microsoft®
PowerPoint® for the organization you chose in Week 1, and ensure you
provide:
15. Descriptions of at least 3 roles employed in the organization you chose
in Week 1
Descriptions of at least 3 common attacks against access control
methods, including the password policy vulnerability as described in the
vulnerability report
Countermeasures to reduce vulnerabilities and mitigate potential attacks
on access control methods
Note: A media-rich presentation should include multimedia such as
graphics, pictures, video clips, or audio.
Format your citations according to APA guidelines.
Submit your assignment.
.....................................................................................................................
.........................................
16. CMGT 431 Week 4 Discussion Audit Process
For more course tutorials visit
www.tutorialrank.com
Respond to the following in a minimum of 175 words:
Organizations contract or hire individuals or consulting companies with
specific skills to conduct internal audits. This is done to ensure their
organizations are following their documented policies, procedures, and
processes. In addition, federal mandates placed on organizations require
continuous audits, leading organizations to contract outside auditors to
work with their internal auditors and determine the health of the
organization. These audits can take many forms, including financial
(SOX), organizational (ISO 9001) or Security (ISO 27000, PCI DSS
Compliance, etc.)
Identify the internal and external processes used for IT Security audits
for the organization you researched in Week 1. What are the differences
between internal and external audits?
.....................................................................................................................
.........................................
CMGT 431 Week 4 Lab
17. For more course tutorials visit
www.tutorialrank.com
CMGT 431 Week 4 Lab
.....................................................................................................................
.........................................
CMGT 431 Week 4 Testing and Assessment Strategies
For more course tutorials visit
www.tutorialrank.com
Refer to NIST SP 800-53 (Rev. 4) [https://nvd.nist.gov/800-53] for the
18 candidate security control families and associated security controls.
Security Assessment must be incorporated into the Software
Development Life Cycle (SDLC) in order to be a secure, integrated
process. Testing of selected security controls ensures that applications
18. meet business requirements, function as planned, and protect associated
data securely from attack. A security assessment of the targeted
environment identifies vulnerabilities that may cause a security breach
and specifies the security controls that mitigate the vulnerabilities.
For this assignment, use the organization you choose.
Part I: Mapping Vulnerabilities to Security Controls
Choose 5 distinct security control families as specified in NIST SP 800-
53 (Rev. 4) that are most applicable to your organization’s known
vulnerabilities.
Create a 1-page spreadsheet in Microsoft® Excel® that identifies the
following criteria for each family:
19. Control ID
Control Name
Vulnerability
Recommended mitigation (refer to your Week 3 assignment; refine them
for this mitigation)
Part II: Security Controls Testing
Provide a 2- to 3-page table in Microsoft Word including each family,
and describe the testing procedure that will mitigate the vulnerability.
Annotate whether the testing procedure is an interview, observation,
technical test, or a combination.
Example of Security Controls Testing Table:
20. Example of Security Controls Testing Table
Part III: Penetration Testing and Vulnerability Scanning
Provide a 1-page description of penetration testing and vulnerability
scanning processes.
Describe how they are used as part of the organization’s testing and
assessment strategy.
21. Format your citations according to APA guidelines.
.....................................................................................................................
.........................................
CMGT 431 Week 5 Discussion Incident Response Plan
For more course tutorials visit
www.tutorialrank.com
Respond to the following in a minimum of 175 words:
An incident response plan (IRP) is a set of procedures to help an
organization detect, respond to, and recover from security incidents.
List the roles and responsibilities that are included in an IRP. Pick one
that you think is critical to the successful response for your chosen
organization to a security incident and discuss it in detail on how it helps
contain the threat.
22. Discuss how your organization (from Week 1) might respond to at least
one cyberattack. Is the organization ready for an attack and if not what
needs to be changed to make it more ready?
Due Monday
Reply to at least 2 of your classmates. Be constructive and professional
in your responses. Please cite all your research used in your analysis.
.....................................................................................................................
.........................................
CMGT 431 Week 5 Individual Incident Response Paper
For more course tutorials visit
www.tutorialrank.com
Individual Incident Response Paper
Cyber security tools are available to organizations requiring integration
of its problem management, configuration management, and incident
management processes.
23. The CEO and CIO need you and your team to create an IRP and change
management plan. These plans will help the organization choose the
appropriate cyber security tool.
Part I: Incident Response Plan
Incident response is a disciplined methodology for managing the
aftermath of a security breach, cyberattack, or some other security
incident. An IRP provides an organization procedures that effectively
limit the impact on the data, system, and business and reduces recovery
time and overall cost.
24. Create a 1- to 2-page IRP Microsoft Word for the organization you
chose in Week 1. In your plan, ensure you:
Discuss roles and responsibilities.
Discuss the critical activities for each of the 5 phases in the incident
response process.
List at least 3 cyber security tools that work together to monitor the
organization’s network for malicious and abnormal activity.
Part II: Change Management Plan
25. Change management plans define the process for identifying, approving,
implementing, and evaluating necessary changes due to new
requirements, risks, patches, maintenance, and errors in the
organization’s networked environment.
Create a 1- to 2-page Change Management Plan in Microsoft Word for
your chosen organization. In your plan, ensure you discuss:
Roles and responsibilities
The use of swim lanes and callouts
Who should be involved in developing, testing, and planning
Who reviews and signs off on the change management requests
Briefly describe how a change management plan reduces the
organization’s risk from known threats.
26. Part III: Cyber Security Tool Comparison
Create a 1- to 2-page table that compares two of the industry standard
tools that integrate incident management and change management.
Recommend the best tool for the organization to the CEO and CIO.
Explain how it maintains compliance with the organization’s regulatory
requirements.
27. Format your citations according to APA guidelines.
Submit your assignment.
.....................................................................................................................
.........................................
CMGT 431 Week 5 Lab
http://www.tutorialrank.com/CMGT/CMGT-431/product-
28519-CMGT-431-Week-5-Lab
For more course tutorials visit
www.tutorialrank.com
CMGT 431 Week 5 Lab