1. CIS 560 Discussion 1 NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
discussion-1-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Discussion 1 NEW
Each Part is Answered with approx. 100 words
1. Take a position on whether or not you believe most
employees abide by their organization’s AUP. Support your
position with an explanation. Propose ways that an
organization can enforce this policy.
2. 2. Suppose your department manager accidentally sends you an
Excel spreadsheet showing salaries and proposed wage
increases of your coworkers. The spreadsheet was meant for
the company CEO. Predict what you think most people in your
situation would do. Determine what you would do and explain
why.
3. Propose at least five best practices for making sure that
sensitive data (personal data, business plans, military plans,
etc.) stored on devices (laptops, tablet computers, hard drives,
thumb drives, etc.) do not end up in the wrong hands.
4. Propose at least five preventative measures a business
should apply to incoming emails to prevent attached executable
files from being automatically executed.
3. CIS 560 Discussion 2 Recent
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-strayer/cis-
560-discussion-2-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Discussion 2 NEW
1. Determine at least five advantages and five disadvantages of
a smart card compared to Radio Frequency Identification
(RFID) tags.
2. Assume that you are a supervisor for your organization’s IT
security team. You want to install biometric devices on all the
laptops available for check out by employees. What are 5 best
practices your team can adopt for these devices for
authentication? What kinds of situations can be avoided by
employees following these best practices?
4. 3. From the e-Activity, suggest five ways that the data center
could have prevented the intruders from being able to enter
the building. Determine which of these methods is the most
predictable and explain why.
4. Imagine you are an IT manager charged with protecting one
of your organization’s most important assets…its data. You
want to create a proposal for upper management that will
increase security. What 5 methods would you propose that
could be applied to data protection even if hardware such as
servers, laptop computers, and tablet personal computers were
stolen? If you were allowed to only implement one of those
suggestions now, which would it be and why?
Link for Question 3.
http://www.datacenterknowledge.com/archives/2007/11/04/
armed-robbery-at-chicago-data-center/.
5. CIS 560 Discussion 3 NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
discussion-3-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Discussion 3 NEW
1. From the first e-Activity, what are some best practices that
could be used by businesses to ensure that digital certificates
are not fake certificates?
***E-Activity: Go to Computerworld’s Website and read
“Researchers hack VeriSign’s SSL scheme for securing
websites”, located at
http://www.computerworld.com/s/article/9124558/Research
ers_hack_VeriSign_s_SSL_scheme_for_securing_Web_sites. ***
6. 2. What is the purpose of encrypting a disk? What are some of
the advantages and disadvantages in doing so? Would you use
BitLocker to protect your data?
3. From the second e-Activity, evaluate the decision Dartmouth
made to implement the Oracle Identity Manager 11g in terms of
administrative functions, cost, and ease of use. Determine
whether or not Dartmouth’s requirements were reasonable
and easy to implement. Explain why or why not.
***E-Activity: Download and read the PDF file, “Oracle Identity
Management at Dartmouth College: A Case Study”, located at
http://aptecllc.com/case-studies/oim11g/case-study-titile-
goes-here-pdf. Be prepared to discuss. Note: If you experience
difficulties viewing the PDF file, you may need to copy and
paste the Web address into a browser for direct access to the
file.
4. Compare and contrast identity management system (which
students are required to use to access their classes, grades,
course schedules, registration, etc.) to the Oracle Identity
Manager 11g. Determine which one you prefer and explain
why.
7. CIS 560 Midterm Exam NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
midterm-exam-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Midterm Exam CIS 560 Week 5 Midterm
1. In a data classification scheme, least privilege and need to
know ensure that access to data and information is available to
__________.
2. The method of organizing sensitive information into various
access levels is known as __________.
3. In access control, which of the following best describes
access?
4. Which of the following is a strategy that tricks a user into
giving up their password or granting access to an attacker?
5. Which of the following is measured in terms of probability
and impact?
6. From an organizational standpoint, which of the following is
ensured through compliance?
8. 7. Which of the following scans every packet that passes
through and either rejects it or allows it to pass?
8. In a corporation, which of the following is considered a
special case of proprietary information?
9. Which of the following ensures that only one person does not
handle all crucial decisions and activities, especially those
involving a high level of trust?
10. Which of the following is not a typical social engineering
strategy?
11. Proof of identity is the additional step involved in _________.
12. Which of the following statements does not hold true for
RBAC?
13. Which of the following defines how employees may use an
IT infrastructure supplied by an organization?
14. Which of the following factors is not used for network and
infrastructure authentication?
15. The best way to handle the human element in access control
is through training and _________.
16. Which of the following is not a type of security breach?
17. The Privacy Act of 1974 applies to information maintained
by which of the following?
18. An attacker is using a password-guessing application that
can try 100,000 passwords per second. About how long will it
take for the application to crack an eight-character password
composed of only lowercase characters?
19. Which of the following is a purely damaging attack, meant
to render a system unusable?
20. Which of the following is a system-created access control
list that handles the information assurance aspect of access
controls?
21. The following are the most common vulnerability
categories an administrator needs to manage except:
22. What do federal and state laws concerning unauthorized
access serve as?
9. 23. Which of the following are primary threat categories to
information and data?
24. Which of the following is a way of simplifying the
management of access controls?
25. A strategy that combines attempts to minimize the
probability and consequences of a risk situation is termed as
_________.
10. CIS 560 Week 2 Case Study 1 Stuxnet NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
week-2-case-study-1-stuxnet-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 2 Case Study 1 Stuxnet NEW
Case Study 1: Stuxnet
Due Week 2 and worth 60 points
In June 2010, Stuxnet, a complex and highly sophisticated
computer worm was discovered by Kaspersky Lab. Stuxnet
targeted Siemens industrial Supervisory Control and Data
Acquisition (SCADA) systems. It was reported that the worm
appeared to target Iran’s uranium enrichment infrastructure.
Most computer worms and viruses tend to target consumer
systems such as desktop computers and laptop computers.
11. You can learn more about Stuxnet
athttp://www.youtube.com/watch?v=scNkLWV7jSw.
Write a four to five (4-5) page paper in which you:
1. Analyze the level of security requirements between
industrial systems and consumer devices such as desktop
computers. Address if they should be the same or different.
2. Analyze the anatomy of Stuxnet and how it was able to
damage Iran’s SCADA systems.
3. Evaluate the lessons that were learned from Stuxnet about
the vulnerability of Iran’s SCADA systems. Suggest how the
attacks could have been prevented.
4. Provide five (5) guidelines that should be used to reduce a
network’s attack surface for industrial control systems.
5. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define authorization and access to an IT infrastructure based
on an access control policy framework.
• Describe methods that mitigate risk to an IT infrastructure’s
with confidentiality, integrity, availability and access controls
12. • Use technology and information resources to research issues
in access control.
• Write clearly and concisely about topics related to Security
Access & Control Strategies using proper writing mechanics
and technical style conventions.
13. CIS 560 Week 3 Assignment 1 Access Restrictions (2 Papers)
NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
week-3-assignment-1-access-restrictions-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 3 Assignment 1 Access Restrictions (2 Papers)
NEW
Assignment 1: Access Restrictions
Due Week 3 and worth 80 points
In a business environment, controlling who has access to
business information and at what level is critical for facilitating
day-to-day business operations. There are three levels of
information access: no access, read access, and read-write
access. Use a business of your choice to answer the criteria for
this assignment.
14. Write a four to five (4-5) page paper in which you:
1. Identify the business you have selected.
2. Create five (5) cases in which the no-access level should be
applied within the selected business environment. Explain the
reasons for no access.
3. Provide five (5) cases in which the read-access level should
be applied within a business environment. Explain the reasons
for read access.
4. Provide five (5) cases in which the read-write level should be
applied within the selected business. Explain the reasons for
read-write access.
5. Determine the type of access levels you would provide to a
contractor or consultant.
6. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define authorization and access to an IT infrastructure based
on an access control policy framework.
• Use technology and information resources to research issues
in access control.
• Write clearly and concisely about topics related to Security
15. Access & Control Strategies using proper writing mechanics
and technical style conventions.
16. CIS 560 Week 3 Assignment 1 Network Access Control Recent
(2 Papers)
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-strayer/cis-
560-week-3-assignment-1-network-access-control-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 3 Assignment 1 Network Access Control
Due Week 7 and worth 150 points
Your recent endeavors to convince upper management at LOTR
Experience not to cut the security budget have paid off. After
hearing your rationale, management agreed to keep the
existing budget intact.
17. As you have consistently proven your value to leadership, you
and your team have now been asked to determine the best
approach for mapping access controls. For this scenario, your
goal is to assess the necessary requirements and provide
guidelines that will sufficiently meet the organization’s current
needs.
Write a report to management in which you:
Analyze access control best practices and determine the best
strategy for LOTR to implement. Provide three sites or links
within the analysis that could be used as guidelines for your
team.
After assessing the LOTR diagrams, define all subjects and
objects. Explain how they relate to the access control strategy
you recommend.
Outline how your team will approach the implementation
phase of the access control strategy.
Describe administrative strategies related to the creation and
deletion of new accounts.
18. Use at least three quality resources in this assignment. Note:
Wikipedia and similar websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow school-specific format. Check with your
professor for any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date
19. CIS 560 Week 5 Assignment 2 The Cost of Inadequate Controls
Recent
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-strayer/cis-
560-week-5-assignment-2-the-cost-of-inadequate-
controls-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 5 Assignment 2 The Cost of Inadequate Controls
Due Week 5 and worth 150 points
Because you performed so well in the scenario for Assignment
1, upper management at LOTR Experience has consulted with
you again as their IT Security Specialist. This time, they are
concerned about a pressing new issue. They inform you about
the high costs associated with creating a secure network
20. environment. Unfortunately, they also explain that the IT
budget is being cut by 30%. A recent request for permission to
hire an additional IT member was denied. The proposed
additional employee would have been dedicated to the
database security controls. Finally, based on the budget
constraints, a request for a new NAC Router was also denied.
Your task for Assignment 2 is to write an effective counter
argument to convince upper management that inadequate
controls would cost the company more if security
vulnerabilities are exploited.
Write a counter-argument in which you address the following:
Analyze the annual loss of revenue by the professional sector as
it relates to access control. (Summarize and provide this
information in a graph)
After reviewing the LOTR Network Design artifacts, outline
three critical areas of concern related to access control.
Outline the potential risks, vulnerabilities, and threats that
could be incurred through the lack of a dedicated database
security specialist.
21. Outline the potential risks, vulnerabilities, and threats that
could be incurred through the lack of a NAC router.
Using the Internet, find three qualified vendors that support
the need for an NAC router. Provide the companies and the
industry knowledge that will support your argument.
Use at least three quality resources in this assignment.
Note:Wikipedia and similar websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow school-specific format. Check with your
professor for any additional instructions.
Include a cover page containing the title of the assignment, the
student’s name, the professor’s name, the course title, and the
date.
The specific course learning outcomes associated with this
assignment are:
22. CIS 560 Week 7 Assignment 2 Single Sign-On Access (2
Papers) NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
week-7-assignment-2-single-sign-on-access-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 7 Assignment 2 Single Sign-On Access (2 Papers)
NEW
Assignment 2: Single Sign-On Access
Due Week 7 and worth 80 points
Some business and organizational network infrastructures
consist of multiple systems from the same or different
vendors to provide, conduct, process, and execute various
business functions. Some employees must access one or
more of these systems using valid access credentials
(username and password). Logging in and out of each
system whenever access is desired can become a problem
23. for most users. Businesses and organizations have resorted
to using Single Sign-On (SSO) for user authentication and
authorization.
Write a four to five (4-5) page paper in which you:
1. Analyze at least five (5) problems experienced by
employees in an enterprise where Single Sign-On (SSO) has
not been implemented.
2. Some businesses and organizations use Active Directory
(AD) to provide SSO access to the enterprise. Analyze the
advantages and disadvantages of using AD for SSO access.
3. Some businesses and organizations use Lightweight
Directory Access Protocol (LADP) to provide SSO access to
the enterprise. Analyze the advantages and disadvantages of
using LADP for SSO access.
4. Compare and contrast a Kerberos-based SSO
configuration to a smart card based configuration in terms
of:
1. configurability
2. established standards
3. implementation challenges
4. cost
1. Use at least three (3) quality resources in this
assignment.Note: Wikipedia and similar Websites do not
qualify as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font
(size 12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title,
and the date. The cover page and the reference page are not
included in the required assignment page length.
24. The specific course learning outcomes associated with this
assignment are:
• Define authorization and access to an IT infrastructure
based on an access control policy framework.
• Define proper security controls within the User Domain to
mitigate risks and threats caused by human behavior
• Use technology and information resources to research
issues in access control.
Write clearly and concisely about topics related to Security
Access & Control Strategies using proper writing mechanics
and technical style conventions
25. CIS 560 Week 9 Assignment 3 Secure Encrypted
Communications (2 Papers) NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
week-9-assignment-3-secure-encrypted-communications-
recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 9 Assignment 3 Secure Encrypted
Communications (2 Papers) NEW
Assignment 3: Secure Encrypted Communications
Transmitting personal and business data and information over
secure communication channels is critical. In some cases it is
required, especially when personally identifiable information
is being transmitted. Credit card numbers, Social Security
Numbers, online purchases, business orders, and so on must all
be transmitted over secure communication channels. The
Public Key Infrastructure (PKI) provides the most widely used
26. secure communications technology. PKI relies on encryption.
Write a four to five (4-5) page paper in which you:
Compare and contrast symmetric encryption to asymmetric
encryption.
PKI uses digital certificates to encrypt / decrypt data. Analyze
the process of encrypting and decrypting data using a digital
certificate.
Evaluate the advantages and disadvantages of using digital
certificates.
Evaluate the challenges related to public and private key
management when using PKI.
Use at least three (3) quality resources in this assignment.
Note:Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these formatting requirements:
Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title,
and the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
27. CIS 560 Week 10 Term Paper The Human Element (2 Papers)
NEW
Check this A+ tutorial guideline at
http://www.uopassignments.com/cis-560-devry/cis-560-
week-10-term-paper-the-human-element-recent
For more classes visit
http://www.uopassignments.com
CIS 560 Week 10 Term Paper The Human Element (2 Papers)
NEW
Term Paper: The Human Element
Human nature is the single greatest vulnerability in any control
system and cannot be ignored. Organizations should always
take human behavior into account when designing access plans
and strategies. Human beings can pose unintentional threats
when they accidentally delete data. Hackers may be motivated
by financial data when they attack a system or use social
engineering skills to gain access to restricted data. Consider
human nature and organizational behavior in this term paper.
28. Write an eight to ten (8-10) page paper in which you:
1. Propose five (5) techniques that organizations should apply
to mitigate the threats arising from human nature.
2. Evaluate the consequences of a poor hiring decision. Propose
steps that could be taken to prevent such bad decisions in the
first place.
3. Examine what an organization could possibly learn when a
policy is implemented to observe personnel in an ongoing
manner.
4. Propose five (5) best practices that you would use to handle
human nature and organizational behavior.
5. Use at least three (3) quality resources in this
assignment.Note:Wikipedia and similar Websites do not qualify
as quality resources.
Your assignment must follow these formatting requirements:
• Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and
references must follow APA or school-specific format. Check
with your professor for any additional instructions.
• Include a cover page containing the title of the assignment,
the student’s name, the professor’s name, the course title, and
the date. The cover page and the reference page are not
included in the required assignment page length.
The specific course learning outcomes associated with this
assignment are:
• Define proper security controls within the User Domain to
mitigate risks and threats caused by human behavior.
• Use technology and information resources to research issues
in access control.
• Write clearly and concisely about topics related to Security
Access & Control Strategies using proper writing mechanics
and technical style conventions.