SlideShare a Scribd company logo

1. Written assignmentscommunication must demonstrate professional.docx

Download as DOCX, PDF
P
paynetawnya

1. Written assignments/communication must demonstrate professionalism, proper grammar, spelling and clarity of communication. Assignments handwritten or single-spaced will not be accepted. Poorly written assignments will receive a lowered grade. Do not let the power of your ideas be affected by poor grammar, spelling or clarity. Here are the formatting requirements for the files: · Must have a cover page showing the title of the paper, due date, authors of the paper and class# · In doc or docx format only (submissions other file formats will receive no credit) · Margins1”,top, bottom, right and left · Acceptable fonts: Arial or, Times new roman · Font color: black – Using other colors on the cover page is allowed · Font height: 12 pts. · Line spacing: double Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne Ranking The Pairs Vulnerability Threat Probability Impact Suggested Mitigation Steps Activity Monitoring Security scans and Intrusion deception systems 3 (High) 3(High) (6) Firewall and Security System monitoring will be up-to-date and logs will be looked at once a week unless others needed Patch levels Unnecessary exposure to known attack vectors 3 (High) 3 (High) (6) Use of vulnerability scanning tools to monitor unpatched systems. A policy that includes the governance, standards and schedule of patching. Employment of best practice patch methods and procedures. Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees) Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 3 (High) 3 (High) (6) Ensure company security policy is in effect immediately following a terminated employee. Poor implementation of file export capability in business enterprise software. Asset leakage which can happen through brute force attacks and even guesswork. 3 (High) 3 (High) (6) Enterprise Resource Planning (ERP). Use of session cookies to maintain state over HTTP browsers. The cookies could be reverse engineered and leading to attackers identifying loopholes in the logic. 2 (Med) 3(High) (5) Store no sensitive or secure data in cookies or other headers, insure you have an expirations time OS command execution in function modules. An attacker could have the ability to execute OS commands even without authorization. 2 (Med) 3 (High) (5) CALL 'SYSTEM'/ SAP authorizations Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, were found to be vulnerable to password sniffing and replay attacks. A captured command can be replayed later to open the locks. Giving access to Highly Secured Areas. - Loosing Critical Information and Data within Organizational systems. 2 (Med) 3 (High) (5) Ensure latest door lock and padlock software, along with all drivers are updated. Susceptibility to dust, heat and humidity - Hardware failure 2 (Med) 3 (High) (5) Prep ...

Education
1 of 9
1. Written assignments/communication must demonstrate professionalism, proper grammar, spelling and clarity of communication. Assignments handwritten or single-spaced will not be accepted. Poorly written assignments will receive a lowered grade. Do not let the power of your ideas be affected by poor grammar, spelling or clarity. Here are the formatting requirements for the files: · Must have a cover page showing the title of the paper, due date, authors of the paper and class# · In doc or docx format only (submissions other file formats will receive no credit) · Margins1”,top, bottom, right and left · Acceptable fonts: Arial or, Times new roman · Font color: black – Using other colors on the cover page is allowed · Font height: 12 pts. · Line spacing: double Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne Ranking The Pairs
Vulnerability Threat Probability Impact Suggested Mitigation Steps Activity Monitoring Security scans and Intrusion deception systems 3 (High) 3(High) (6) Firewall and Security System monitoring will be up-to-date and logs will be looked at once a week unless others needed Patch levels Unnecessary exposure to known attack vectors 3 (High) 3 (High) (6) Use of vulnerability scanning tools to monitor unpatched systems. A policy that includes the governance, standards and schedule of patching. Employment of best practice patch methods and procedures. Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees) Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 3 (High) 3 (High) (6) Ensure company security policy is in effect immediately following a terminated employee.
Poor implementation of file export capability in business enterprise software. Asset leakage which can happen through brute force attacks and even guesswork. 3 (High) 3 (High) (6) Enterprise Resource Planning (ERP). Use of session cookies to maintain state over HTTP browsers. The cookies could be reverse engineered and leading to attackers identifying loopholes in the logic. 2 (Med) 3(High) (5) Store no sensitive or secure data in cookies or other headers, insure you have an expirations time OS command execution in function modules. An attacker could have the ability to execute OS commands even without authorization. 2 (Med) 3 (High) (5) CALL 'SYSTEM'/ SAP authorizations Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, were found to be vulnerable to password sniffing and replay attacks. A captured command can be replayed later to open the locks. Giving access to Highly Secured Areas. - Loosing Critical Information and Data within Organizational systems. 2 (Med) 3 (High) (5) Ensure latest door lock and padlock software, along with all drivers are updated. Susceptibility to dust, heat and humidity - Hardware failure 2 (Med)
3 (High) (5) Prepare and initiate proper preventive maintenance techniques on equipment. Properly weatherproof all locations with IT equipment. Data centers in geographical locations prone to natural disasters - Full-scale service outage 2 (Med) 3 (High) (5) Evaluate and implement measures that support Disaster Recovery (DR) capabilities in geographical locations not prone to natural disasters. The use of tokens in conducting authenticated application Profile extractions using these tokens 2 (Med) 3 (High) (5) Enterprise IT Policy/Standard Statement Unsecured administrative interfaces Open attack or abuse broadsides to mission critical systems 2 (Med) 3 (High) (5) Properly secure administrative interfaces, assign IP access lists and install SSL certificates. User Account Management Restrictions on Folders, Directories - Read or Modified 2 (Med) 3(High) (5) Only people that need access to certain groups will have access to files for RW modification Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating
thermostat functionality. 2 (Med) 3(High) (5) Training of employees will be 6-12 months with employees that are 1-5 years’ new hires will be trained for 6 months and then again at end of year. Firewalls Access from an IP that is not blocked on network 1(Low) 3 (High) (4) Firewalls will have the latest Firmware and will be Pen tested regularly Inadequate continuity planning Extended outages and business loss 1 (Low) 3 (High) (4) Develop a concise Business Continuity Plan (BCP) that covers all business processes. Access Control w/ Auditing Un-authorization to a controlled area 2 (Med) 2 (Med) (4) Badge employees only match with PIN access. Violation and Security Activity Reports . Manipulation of logs 2 (Med) 2 (Med) (4) Logs will be checked and backed up in different locations and more than one person will have access to them Physical access to critical equipment (Data Center) Damage or unauthorized access to enterprise assets 1(Low) 3 (High) (4) Properly secured physical data center access points. The use of NFC key cards, access lists and controlled access hours.
Default credentials on network devices Unauthorized of unintended access to network devices 1 (Low) 3 (High) (4) Policy and procedure regrading password policy on network devices as well as policy or procedure for the installation that addresses changing the default password. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Wheelchair Technology A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. Using technology in highly populated areas, and hacking medical devices etc. 1 (Low) 3 (High) (4) Configure security settings on wheelchair technology to prevent access. Social engineering attacks. Employees are a weak link that can be exploited. They could click on infected links and download infected files. They could infect computer systems or even create backdoors that could be used later to access the company networks 3 (High)
1 (Low) (4) Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks. Inadequate video surveillance (internal) - Internal threats; stolen secrets or product; physical activities not reviewable 1 (Low) 2 (Med) (3) Implement surveillance cameras in all locations holding products or sensitive equipment. Inadequate video surveillance (external) - External threats; competitor surveillance; staff safety; physical activities not reviewable 1 (Low) 1 (Low) (2) Implement surveillance cameras covering entrance and exit points, as well as early/late staff parking. Compromise of user credentials due to inadequate user training. Damage to the CIA triad 2 (Med) 1 (Low) (3) Proper role based access and adequate user training will prevent or significantly limit the impact of this threat. Overlooking non-traditional IP devices I.E. building controls, POS, medical equipment Unsecured unmonitored devices on the network 1 (Low) 1 (Low) (2) Ensuring that non-essential building controls or equipment resides on its own physical and logical network.
Thermostat Vulnerability A thermostat from Trane used a weak plain text protocol. - Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 1 (Low) 2 (Med) (3) Secure capabilities of thermostat functionality via plain text protocol. Running head: RANKING THE PAIRS 1 RANKING THE PAIRS 4 Running head: RANKING THE PAIRS 1
Ranking The Pairs Team "A" CMGT/430 September 29 , 2016 Richard Zinne Running head: RANKING THE PAIRS 1 Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne

Recommended

Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
It security
It securityIt security
It security
avi2607
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
Acend Corporate Learning
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 

Recommended

Running Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docxRunning Head Security Assessment Repot (SAR) .docx
Running Head Security Assessment Repot (SAR) .docx
SUBHI7
 
It security
It securityIt security
It security
avi2607
 
LIS3353 SP12 Week 9
LIS3353 SP12 Week 9LIS3353 SP12 Week 9
LIS3353 SP12 Week 9
Amanda Case
 
Information Security Seminar
Information Security SeminarInformation Security Seminar
Information Security Seminar
Acend Corporate Learning
 
Linux Security best Practices with Fedora
Linux Security best Practices with FedoraLinux Security best Practices with Fedora
Linux Security best Practices with Fedora
Uditha Bandara Wijerathna
 
Security & control in management information system
Security & control in management information systemSecurity & control in management information system
Security & control in management information system
Online
 
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUEScompTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
compTIA guide to get the CERTIFICATION EMERSON EDUARDO RODRIGUES
EMERSON EDUARDO RODRIGUES
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computere
rashmi1234
 
Basic computersecurity
Basic computersecurityBasic computersecurity
Basic computersecurity
HarshadWadkar
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Search Inform DLP
Search Inform DLPSearch Inform DLP
Search Inform DLP
Sergei Yavchenko
 
Information security
Information securityInformation security
Information security
Rohit Gir
 
Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...
Varun Mithran
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
Khristine Botin
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
Agape Inc
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
Sébastien Roques
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
Sébastien Roques
 
report-final
report-finalreport-final
report-final
John Giblin
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
MohamedOmerMusa
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
mike parks
 
Think Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your PrintersThink Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your Printers
scoopnewsgroup
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviour
Kasper de Waard
 
ITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilitiesITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilities
ITrust - Cybersecurity as a Service
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 
YThis paper is due Monday, 30 November. You will need to use at leas.docx
YThis paper is due Monday, 30 November. You will need to use at leas.docxYThis paper is due Monday, 30 November. You will need to use at leas.docx
YThis paper is due Monday, 30 November. You will need to use at leas.docx
paynetawnya
 
You  have spent a lot of time researching a company.  Would you inve.docx
You  have spent a lot of time researching a company.  Would you inve.docxYou  have spent a lot of time researching a company.  Would you inve.docx
You  have spent a lot of time researching a company.  Would you inve.docx
paynetawnya
 

More Related Content

Similar to 1. Written assignmentscommunication must demonstrate professional.docx

Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computere
rashmi1234
 
Basic computersecurity
Basic computersecurityBasic computersecurity
Basic computersecurity
HarshadWadkar
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
Rodrigo Piovesana
 
Search Inform DLP
Search Inform DLPSearch Inform DLP
Search Inform DLP
Sergei Yavchenko
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
amiyadutta
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
edgar6wallace88877
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
fathwaitewalter
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
Tiffany Sandoval
 

Similar to 1. Written assignmentscommunication must demonstrate professional.docx (20)

Basic Security Computere
Basic Security ComputereBasic Security Computere
Basic Security Computere
 
Basic computersecurity
Basic computersecurityBasic computersecurity
Basic computersecurity
 
SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4SegurançA Da InformaçãO Faat V1 4
SegurançA Da InformaçãO Faat V1 4
 
Search Inform DLP
Search Inform DLPSearch Inform DLP
Search Inform DLP
 
Information security
Information securityInformation security
Information security
 
Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...Incident handling is a clearly defined set of procedures to manage and respon...
Incident handling is a clearly defined set of procedures to manage and respon...
 
Computer Safety and Ethics.pptx
Computer Safety and Ethics.pptxComputer Safety and Ethics.pptx
Computer Safety and Ethics.pptx
 
Role of a Forensic Investigator
Role of a Forensic InvestigatorRole of a Forensic Investigator
Role of a Forensic Investigator
 
Absolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-ComplianceAbsolute Software Governance-Risk-Compliance
Absolute Software Governance-Risk-Compliance
 
Absolute grc-
Absolute grc-Absolute grc-
Absolute grc-
 
report-final
report-finalreport-final
report-final
 
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet KolkataSecurity Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
Security Holes and Vulnerabilities in Corporate Network_Pre Null Meet Kolkata
 
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
Trial Course - CertMaster Learn and CertMaster Labs for Security+ (Exam SY0-6...
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
Security and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docxSecurity and Ethical Challenges Contributors Kim Wanders.docx
Security and Ethical Challenges Contributors Kim Wanders.docx
 
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
IoT Cyber+Physical+Social Engineering Attack Security (v0.1.6 / sep2020)
 
Think Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your PrintersThink Your Network Is Safe? Check Your Printers
Think Your Network Is Safe? Check Your Printers
 
Irm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviourIrm 5-malicious networkbehaviour
Irm 5-malicious networkbehaviour
 
ITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilitiesITrust Whitepaper: Top 10 vulnerabilities
ITrust Whitepaper: Top 10 vulnerabilities
 
Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...Attackers May Depend On Social Engineering To Gain...
Attackers May Depend On Social Engineering To Gain...
 

More from paynetawnya

ZXY Corporation has relocated to a new building that was wired and s.docx
ZXY Corporation has relocated to a new building that was wired and s.docxZXY Corporation has relocated to a new building that was wired and s.docx
ZXY Corporation has relocated to a new building that was wired and s.docx
paynetawnya
 
Zero Describe the system (briefly!).  As in I’m going to talk ab.docx
Zero Describe the system (briefly!).  As in I’m going to talk ab.docxZero Describe the system (briefly!).  As in I’m going to talk ab.docx
Zero Describe the system (briefly!).  As in I’m going to talk ab.docx
paynetawnya
 
Youre the JudgeThis week, you are a judge in a federal district c.docx
Youre the JudgeThis week, you are a judge in a federal district c.docxYoure the JudgeThis week, you are a judge in a federal district c.docx
Youre the JudgeThis week, you are a judge in a federal district c.docx
paynetawnya
 
Your textbook discusses various cultural models in terms of immigrat.docx
Your textbook discusses various cultural models in terms of immigrat.docxYour textbook discusses various cultural models in terms of immigrat.docx
Your textbook discusses various cultural models in terms of immigrat.docx
paynetawnya
 
Your team has been given the land rights to an abandoned parcel of.docx
Your team has been given the land rights to an abandoned parcel of.docxYour team has been given the land rights to an abandoned parcel of.docx
Your team has been given the land rights to an abandoned parcel of.docx
paynetawnya
 
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docx
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docxYour supervisor, Ms. Harris, possesses a bachelors of social work (.docx
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docx
paynetawnya
 
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docxWEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
paynetawnya
 
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docxWeek 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
paynetawnya
 
Week 5 eActivityRead the Recommendation for Cryptographic Key.docx
Week 5 eActivityRead the Recommendation for Cryptographic Key.docxWeek 5 eActivityRead the Recommendation for Cryptographic Key.docx
Week 5 eActivityRead the Recommendation for Cryptographic Key.docx
paynetawnya
 

More from paynetawnya (20)

YThis paper is due Monday, 30 November. You will need to use at leas.docx
YThis paper is due Monday, 30 November. You will need to use at leas.docxYThis paper is due Monday, 30 November. You will need to use at leas.docx
YThis paper is due Monday, 30 November. You will need to use at leas.docx
 
You  have spent a lot of time researching a company.  Would you inve.docx
You  have spent a lot of time researching a company.  Would you inve.docxYou  have spent a lot of time researching a company.  Would you inve.docx
You  have spent a lot of time researching a company.  Would you inve.docx
 
ZXY Corporation has relocated to a new building that was wired and s.docx
ZXY Corporation has relocated to a new building that was wired and s.docxZXY Corporation has relocated to a new building that was wired and s.docx
ZXY Corporation has relocated to a new building that was wired and s.docx
 
Zero Describe the system (briefly!).  As in I’m going to talk ab.docx
Zero Describe the system (briefly!).  As in I’m going to talk ab.docxZero Describe the system (briefly!).  As in I’m going to talk ab.docx
Zero Describe the system (briefly!).  As in I’m going to talk ab.docx
 
Youre the JudgeThis week, you are a judge in a federal district c.docx
Youre the JudgeThis week, you are a judge in a federal district c.docxYoure the JudgeThis week, you are a judge in a federal district c.docx
Youre the JudgeThis week, you are a judge in a federal district c.docx
 
Your Week 2 collaborative discussion and the Ch. 2 of Introduction.docx
Your Week 2 collaborative discussion and the Ch. 2 of Introduction.docxYour Week 2 collaborative discussion and the Ch. 2 of Introduction.docx
Your Week 2 collaborative discussion and the Ch. 2 of Introduction.docx
 
Your thesis statement will explain the ambiguity of why Prince hal b.docx
Your thesis statement will explain the ambiguity of why Prince hal b.docxYour thesis statement will explain the ambiguity of why Prince hal b.docx
Your thesis statement will explain the ambiguity of why Prince hal b.docx
 
Your textbook states that body image—how a person believes heshe .docx
Your textbook states that body image—how a person believes heshe .docxYour textbook states that body image—how a person believes heshe .docx
Your textbook states that body image—how a person believes heshe .docx
 
Your textbook discusses various cultural models in terms of immigrat.docx
Your textbook discusses various cultural models in terms of immigrat.docxYour textbook discusses various cultural models in terms of immigrat.docx
Your textbook discusses various cultural models in terms of immigrat.docx
 
Your team has been given the land rights to an abandoned parcel of.docx
Your team has been given the land rights to an abandoned parcel of.docxYour team has been given the land rights to an abandoned parcel of.docx
Your team has been given the land rights to an abandoned parcel of.docx
 
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docx
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docxYour supervisor, Ms. Harris, possesses a bachelors of social work (.docx
Your supervisor, Ms. Harris, possesses a bachelors of social work (.docx
 
Your RatingGroup DiscussionDelinquency Prevention Please .docx
Your RatingGroup DiscussionDelinquency Prevention Please .docxYour RatingGroup DiscussionDelinquency Prevention Please .docx
Your RatingGroup DiscussionDelinquency Prevention Please .docx
 
Your report due in Week 6 requires you to look at tools of liquidity.docx
Your report due in Week 6 requires you to look at tools of liquidity.docxYour report due in Week 6 requires you to look at tools of liquidity.docx
Your report due in Week 6 requires you to look at tools of liquidity.docx
 
Your Project Sponsor pulls you aside and admits that he has no idea .docx
Your Project Sponsor pulls you aside and admits that he has no idea .docxYour Project Sponsor pulls you aside and admits that he has no idea .docx
Your Project Sponsor pulls you aside and admits that he has no idea .docx
 
Your progress on the project thus far. Have you already compiled i.docx
Your progress on the project thus far. Have you already compiled i.docxYour progress on the project thus far. Have you already compiled i.docx
Your progress on the project thus far. Have you already compiled i.docx
 
Week 6 - Discussion 1Evaluate the characteristics of each mode o.docx
Week 6 - Discussion 1Evaluate the characteristics of each mode o.docxWeek 6 - Discussion 1Evaluate the characteristics of each mode o.docx
Week 6 - Discussion 1Evaluate the characteristics of each mode o.docx
 
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docxWEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
WEEK 5 – EXERCISES Enter your answers in the spaces pr.docx
 
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docxWeek 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
Week 5 Writing Assignment (Part 2) Outline and Preliminary List o.docx
 
Week 5 eActivityRead the Recommendation for Cryptographic Key.docx
Week 5 eActivityRead the Recommendation for Cryptographic Key.docxWeek 5 eActivityRead the Recommendation for Cryptographic Key.docx
Week 5 eActivityRead the Recommendation for Cryptographic Key.docx
 
Week 5 DiscussionNetwork SecuritySupporting Activity Netw.docx
Week 5 DiscussionNetwork SecuritySupporting Activity Netw.docxWeek 5 DiscussionNetwork SecuritySupporting Activity Netw.docx
Week 5 DiscussionNetwork SecuritySupporting Activity Netw.docx
 

Recently uploaded

會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
中 央社
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
EADTU
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
expandedwebsite
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
Peter Brusilovsky
 

Recently uploaded (20)

Graduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptxGraduate Outcomes Presentation Slides - English (v3).pptx
Graduate Outcomes Presentation Slides - English (v3).pptx
 
Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"Mattingly "AI & Prompt Design: Named Entity Recognition"
Mattingly "AI & Prompt Design: Named Entity Recognition"
 
Book Review of Run For Your Life Powerpoint
Book Review of Run For Your Life PowerpointBook Review of Run For Your Life Powerpoint
Book Review of Run For Your Life Powerpoint
 
diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....diagnosting testing bsc 2nd sem.pptx....
diagnosting testing bsc 2nd sem.pptx....
 
OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...OS-operating systems- ch05 (CPU Scheduling) ...
OS-operating systems- ch05 (CPU Scheduling) ...
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
Trauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical PrinciplesTrauma-Informed Leadership - Five Practical Principles
Trauma-Informed Leadership - Five Practical Principles
 
VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .VAMOS CUIDAR DO NOSSO PLANETA! .
VAMOS CUIDAR DO NOSSO PLANETA! .
 
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽會考英聽
 
How to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptxHow to Manage Website in Odoo 17 Studio App.pptx
How to Manage Website in Odoo 17 Studio App.pptx
 
Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of TransportBasic Civil Engineering notes on Transportation Engineering & Modes of Transport
Basic Civil Engineering notes on Transportation Engineering & Modes of Transport
 
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
Transparency, Recognition and the role of eSealing - Ildiko Mazar and Koen No...
 
An Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge AppAn Overview of the Odoo 17 Knowledge App
An Overview of the Odoo 17 Knowledge App
 
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community PartnershipsSpring gala 2024 photo slideshow - Celebrating School-Community Partnerships
Spring gala 2024 photo slideshow - Celebrating School-Community Partnerships
 
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
ĐỀ THAM KHẢO KÌ THI TUYỂN SINH VÀO LỚP 10 MÔN TIẾNG ANH FORM 50 CÂU TRẮC NGHI...
 
SPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code ExamplesSPLICE Working Group: Reusable Code Examples
SPLICE Working Group: Reusable Code Examples
 
ANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptxANTI PARKISON DRUGS.pptx
ANTI PARKISON DRUGS.pptx
 
Supporting Newcomer Multilingual Learners
Supporting Newcomer Multilingual LearnersSupporting Newcomer Multilingual Learners
Supporting Newcomer Multilingual Learners
 
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
TỔNG HỢP HƠN 100 ĐỀ THI THỬ TỐT NGHIỆP THPT TOÁN 2024 - TỪ CÁC TRƯỜNG, TRƯỜNG...
 
Scopus Indexed Journals 2024 - ISCOPUS Publications
Scopus Indexed Journals 2024 - ISCOPUS PublicationsScopus Indexed Journals 2024 - ISCOPUS Publications
Scopus Indexed Journals 2024 - ISCOPUS Publications
 

1. Written assignmentscommunication must demonstrate professional.docx

  • 1. 1. Written assignments/communication must demonstrate professionalism, proper grammar, spelling and clarity of communication. Assignments handwritten or single-spaced will not be accepted. Poorly written assignments will receive a lowered grade. Do not let the power of your ideas be affected by poor grammar, spelling or clarity. Here are the formatting requirements for the files: · Must have a cover page showing the title of the paper, due date, authors of the paper and class# · In doc or docx format only (submissions other file formats will receive no credit) · Margins1”,top, bottom, right and left · Acceptable fonts: Arial or, Times new roman · Font color: black – Using other colors on the cover page is allowed · Font height: 12 pts. · Line spacing: double Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne Ranking The Pairs
  • 2. Vulnerability Threat Probability Impact Suggested Mitigation Steps Activity Monitoring Security scans and Intrusion deception systems 3 (High) 3(High) (6) Firewall and Security System monitoring will be up-to-date and logs will be looked at once a week unless others needed Patch levels Unnecessary exposure to known attack vectors 3 (High) 3 (High) (6) Use of vulnerability scanning tools to monitor unpatched systems. A policy that includes the governance, standards and schedule of patching. Employment of best practice patch methods and procedures. Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees) Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 3 (High) 3 (High) (6) Ensure company security policy is in effect immediately following a terminated employee.
  • 3. Poor implementation of file export capability in business enterprise software. Asset leakage which can happen through brute force attacks and even guesswork. 3 (High) 3 (High) (6) Enterprise Resource Planning (ERP). Use of session cookies to maintain state over HTTP browsers. The cookies could be reverse engineered and leading to attackers identifying loopholes in the logic. 2 (Med) 3(High) (5) Store no sensitive or secure data in cookies or other headers, insure you have an expirations time OS command execution in function modules. An attacker could have the ability to execute OS commands even without authorization. 2 (Med) 3 (High) (5) CALL 'SYSTEM'/ SAP authorizations Door locks and padlocks from vendors like Quicklock, iBlulock, Plantraco, Ceomate, were found to be vulnerable to password sniffing and replay attacks. A captured command can be replayed later to open the locks. Giving access to Highly Secured Areas. - Loosing Critical Information and Data within Organizational systems. 2 (Med) 3 (High) (5) Ensure latest door lock and padlock software, along with all drivers are updated. Susceptibility to dust, heat and humidity - Hardware failure 2 (Med)
  • 4. 3 (High) (5) Prepare and initiate proper preventive maintenance techniques on equipment. Properly weatherproof all locations with IT equipment. Data centers in geographical locations prone to natural disasters - Full-scale service outage 2 (Med) 3 (High) (5) Evaluate and implement measures that support Disaster Recovery (DR) capabilities in geographical locations not prone to natural disasters. The use of tokens in conducting authenticated application Profile extractions using these tokens 2 (Med) 3 (High) (5) Enterprise IT Policy/Standard Statement Unsecured administrative interfaces Open attack or abuse broadsides to mission critical systems 2 (Med) 3 (High) (5) Properly secure administrative interfaces, assign IP access lists and install SSL certificates. User Account Management Restrictions on Folders, Directories - Read or Modified 2 (Med) 3(High) (5) Only people that need access to certain groups will have access to files for RW modification Insiders (poorly trained, disgruntled, malicious, negligent, dishonest, or terminated employees Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating
  • 5. thermostat functionality. 2 (Med) 3(High) (5) Training of employees will be 6-12 months with employees that are 1-5 years’ new hires will be trained for 6 months and then again at end of year. Firewalls Access from an IP that is not blocked on network 1(Low) 3 (High) (4) Firewalls will have the latest Firmware and will be Pen tested regularly Inadequate continuity planning Extended outages and business loss 1 (Low) 3 (High) (4) Develop a concise Business Continuity Plan (BCP) that covers all business processes. Access Control w/ Auditing Un-authorization to a controlled area 2 (Med) 2 (Med) (4) Badge employees only match with PIN access. Violation and Security Activity Reports . Manipulation of logs 2 (Med) 2 (Med) (4) Logs will be checked and backed up in different locations and more than one person will have access to them Physical access to critical equipment (Data Center) Damage or unauthorized access to enterprise assets 1(Low) 3 (High) (4) Properly secured physical data center access points. The use of NFC key cards, access lists and controlled access hours.
  • 6. Default credentials on network devices Unauthorized of unintended access to network devices 1 (Low) 3 (High) (4) Policy and procedure regrading password policy on network devices as well as policy or procedure for the installation that addresses changing the default password. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Rogue access points Unmonitored insecure network access 1 (Low) 3 (High) (4) Port security and MAC filtering prevent rogue devices from obtaining DHCP addresses of going outside of the port they are attached to. Wheelchair Technology A wheelchair from an unknown vendor had a vulnerability that could be exploited to disable a safety feature and take control of the device. Using technology in highly populated areas, and hacking medical devices etc. 1 (Low) 3 (High) (4) Configure security settings on wheelchair technology to prevent access. Social engineering attacks. Employees are a weak link that can be exploited. They could click on infected links and download infected files. They could infect computer systems or even create backdoors that could be used later to access the company networks 3 (High)
  • 7. 1 (Low) (4) Install anti-virus software, firewalls, email filters and keep these up-to-date. Set your operating system to automatically update, and if your smartphone doesn’t automatically update, manually update it whenever you receive a notice to do so. Use an anti-phishing tool offered by your web browser or third party to alert you to risks. Inadequate video surveillance (internal) - Internal threats; stolen secrets or product; physical activities not reviewable 1 (Low) 2 (Med) (3) Implement surveillance cameras in all locations holding products or sensitive equipment. Inadequate video surveillance (external) - External threats; competitor surveillance; staff safety; physical activities not reviewable 1 (Low) 1 (Low) (2) Implement surveillance cameras covering entrance and exit points, as well as early/late staff parking. Compromise of user credentials due to inadequate user training. Damage to the CIA triad 2 (Med) 1 (Low) (3) Proper role based access and adequate user training will prevent or significantly limit the impact of this threat. Overlooking non-traditional IP devices I.E. building controls, POS, medical equipment Unsecured unmonitored devices on the network 1 (Low) 1 (Low) (2) Ensuring that non-essential building controls or equipment resides on its own physical and logical network.
  • 8. Thermostat Vulnerability A thermostat from Trane used a weak plain text protocol. - Potentially allowing attackers to cause excessive heating, furnace failures or frozen water pipes by manipulating thermostat functionality. 1 (Low) 2 (Med) (3) Secure capabilities of thermostat functionality via plain text protocol. Running head: RANKING THE PAIRS 1 RANKING THE PAIRS 4 Running head: RANKING THE PAIRS 1
  • 9. Ranking The Pairs Team "A" CMGT/430 September 29 , 2016 Richard Zinne Running head: RANKING THE PAIRS 1 Ranking The Pairs Team "A" CMGT/430 September 29, 2016 Richard Zinne