CMGT 400 Entire Course NEW

CMGT 400 Assignment Week 1 Threats, Attacks, and
Vulnerability Assessment Recent
Check this A+ tutorial guideline at
http://www.uopassignments.com/cmgt-400-uop/cmgt-
400-assignment-week-1-threats-attacks-and-
vulnerability-assessment-recent
For more classes visit
http://www.uopassignments.com
CMGT 400 Assignment Week 1 Threats, Attacks, and
Vulnerability Assessment NEW
Throughout this course you will study the different roles
that contribute to an organization's informationsecurity
and assurance.
Part A:

Select an organization you wish to explore and use
throughout the course.
As you make your selection, keep in mind that you will
explore the following roles in the organization: Cyber
Security Threat Analyst, Penetration Tester, Cyber
Security Engineer, Risk Management Analyst, and
Software Engineer. You need sufficient knowledge of the
organization you select to complete these security
assignments.
Part B:
A Cyber Security Threat Analyst conducts analysis,
digital forensics, and targeting to identify, monitor,
assess, and counter cyber-attack threats against
information systems, critical infrastructure, and cyber-
related interests.
Take on the role of a Cyber Security Threat Analyst for
the organization you select. Use the Threats, Attacks,

and Vulnerability Assessment Template to create a 3- to
4-page Assessment Document.
Research and include the following:
Tangible assets:
Include an assessment scope. The scope must include
virtualization, cloud, database, network, mobile, and
information system.
Asset descriptions:
Include a system model, A diagram and descriptions of
each asset included in the assessment scope, and
existing countermeasures already in place. (Microsoft®
Visio® or Lucidhart®)
Threat agents and possible attacks
Exploitable vulnerabilities
Threat history
Evaluation of threats or impact of threats on the
business
A prioritized list of identified risks
Countermeasures to reduce threat

CMGT 400 Assignment Week 2 Financial Service Security
Engagement Recent
400-assignment-week-2-financial-service-security-
engagement-recent
CMGT 400 Assignment Week 2 Financial Service Security
Engagement NEW
Your Learning Team is a cybersecurity engineering team
for a financial services company that sells investments
to, and manages investment portfolios for, high net-
worth individuals.

Your organization just completed the migration of the
account managers to a cloud-based, customer
relationship management (CRM) software application.
Your organization has integrated the cloud-based CRM
with on-site investing and account management systems
to improve the sales of investment products to
customers and potential customers and for managing
customer accounts and investment portfolios. Account
managers are excited to use the new system, especially
since it supports mobile device access.
Management hopes the new cloud-based CRM,
integrated with the on-site software applications that
manage customer accounts and investment portfolios
will help the organization to generate more leads,
increase sales, improve customer service, reduce the
cost of sales for the organization, and increase revenue.
The Chief Information Security Officer (CISO) of your
organization is concerned about the security of this new
system and its integration to existing systems and has
requested that your team complete the following 6- to 8-
page security analysis:

Create a plan that addresses the secure use of mobile
devices by internal employees and external employees
as they use mobile devices to access these applications.
Recommend physical security and environmental
controls to protect the data center which runs the on-
site applications.
Propose audit assessment and processes that will be
used to ensure that the cloud-based CRM software
provider uses appropriate physical security and
environmental controls to protect their data centers
which run your cloud-based CRM software.
Develop identity and access management policies for
both the on-site systems and the cloud-based CRM.
Recommend cryptography and public key infrastructure
(PKI) uses which could be used to increase security for
these systems.
Submit the assignment.

CMGT 400 Assignment Week 2 Penetration Testing Plan
Recent
400-assignment-week-2-penetration-testing-plan-
recent
CMGT 400 Assignment Week 2 Penetration Testing Plan
NEW
A Penetration Tester evaluates the security of an
information infrastructure by intentionally, and safely,
exploiting vulnerabilities.
Take on the role of Penetration Tester for the
organization you chose in Assignment Week 1.

Use the Penetration Testing Plan Template to create a 3-
to 4-page Penetration Testing Plan for the organization
you chose.
Pentest Pre-Planning
Engagement timeline: Tasks and who performs them
Team location: Where will the penetration team execute
their tests?
Organization locations tested: multiple locations,
countries (Export restrictions and government
restrictions)
Which pentest technologies will be used? Consider the
following as you research options:
Scanning Tools: Nmap, Nikto
Credential Testing Tools: Hashcat, Medussa, John the
Ripper, Cain and Abel
OSINT Tools: Whois, TheHarvester
Wireless Tools: Aircrack-ng, Kismet

Networking Tools: Wireshark, Hping
What client personal are aware of the testing?
What resources provided to pentest team?
Test Boundaries:
What is tested?
Social engineering test boundaries? What is acceptable?
What are the boundaries of physical security tests?
What are the restrictions on invasive pentest attacks?
What types of corporate policy affect your test?
Gain Appropriate authorization (Including third-party
authorization)
Pentest Execution Planning: Given the scope and
constraints you developed in your Pentest Pre-Plan,
plan the following pentest execution activities
Reconnaissance
Scanning
Gaining Access
Maintaining Access
Covering Tracks
Pentest Analysis and Report Planning:

Analyzepentest results
Report pentest results

CMGT 400 Assignment Week 3 Security Standards,
Policies, and Procedures Manual Recent
400-assignment-week-3-security-standards-policies-
and-procedures-manual-recent
CMGT 400 Assignment Week 3 Security Standards,
Policies, and Procedures Manual NEW
Cyber Security Engineers are responsible for
safeguarding computer networks and systems in an
organization in order to protect the sensitive data they
store.

Take on the role of Cyber Security Engineer for the
Develop a 5- to 6-page manual using the Security
Standards, Policies, and Procedures Template with
recommendations to management of security standards,
polices, and procedures which should be implemented
in your chosen organization.
Explain the importance to your organization of
implementing security policies, plans, and procedures.
Discuss how security policies, plans, and procedures will
improve the overall security of the organization.
Recommend appropriate policies and procedures for:
Data privacy
Data isolation
NDA
IP Protection
Passwords

Acceptable use of organizational assets and data
Employee policies (separation of duties/training)
Risk response
Avoidance
Transference
Mitigation
Acceptance
Compliance examples that might affect your
organization or others [Regulatory, Advisory,
Informative]
HIPPA
FERPA
ISO
NIST
SEC
Sarbanes/Oxley
Incident response
Preparation
Identification

Containment
Eradication
Recovery
Lessons learned
Auditing
Environmental/Physical
Administrative
Configuration

CMGT 400 Assignment Week 4 Security Risk Mitigation
Plan Recent
400-assignment-week-4-security-risk-mitigation-plan-
recent
CMGT 400 Assignment Week 4 Security Risk Mitigation
Plan NEW
A Risk Management Analyst identifies and analyzes
potential issues that could negatively impact a business
in order to help the business avoid or mitigate those
risks.

Take on the role of Risk Management Analyst for the
Using the Security Risk Mitigation Plan Template, create
a 4- to 5.5-page Security Risk Mitigation Plan for the
organization you chose.
Security Risk Mitigation Plan:
Select and document security policies and controls.
Create password policies.
Document administrator roles and responsibilities.
Document user roles and responsibilities.
Determine authentication strategy.
Determine intrusion detection and monitoring strategy.
Determine virus detection strategies and protection.
Create auditing policies and procedures.
Develop education plan for employees on security
protocols and appropriate use.

Provide risk response.
Avoidance
Transference
Mitigation
Acceptance
Address change Management/Version Control.
Outline acceptable use of organizational assets and data.
Present employee policies (separation of
duties/training).
Explain incident response.
Incident types/category definitions
Roles and responsibilities
Reporting requirements/escalation
Cyber-incident response teams
Discuss the incident response process.
Preparation
Identification
Containment
Eradication

CMGT 400 Assignment Week 5 Secure Staging
Environment Design and Coding Technique Standards
Technical Guide Recent
400-assignment-week-5-secure-staging-environment-
design-and-coding-technique-standards-technical-
guide-recent
CMGT 400 Assignment Week 5 Secure Staging
Environment Design and Coding Technique Standards
Technical Guide NEW
Technique Standards Technical Guide

A Software Engineer designs, develop, tests, and
evaluates the software and the systems that allow
computers to execute their applications.
Take on the role of Software Engineer for the
organization you selected in Assignment Week 1.
Use the technical guide template to create a 3- to 4-page
Secure Staging Environment Design and Coding
Technique Standards Technical Guide for the
organization you chose.
Design a secure staging environment for your
organization
Diagram your staging environment
Include descriptions for each object in your
environment
Create a secure coding technique/quality and testing
standard for your organization covering the following
secure coding techniques:
Proper error handling

Proper input validation
Normalization
Stored procedures
Code signing
Encryption
Obfuscation/camouflage
Code reuse/dead code
Server-side vs. client-side execution and validation
Memory management
Use of third-party libraries and ADKs
Data exposure
Code quality and testing
Automation
Static code analyzers
Dynamic analysis (e.g. fuzzing)
Stress testing
Sandboxing
Model verification

CMGT 400 Entire Course (2 Set) NEW
http://www.uopassignments.com/CMGT-
400/cmgt-400-entire-course-recent
This Tutorial contains 2 Paper/PPT for all
Assignments except Week 5 Team Paper (only 1
Set)
CMGT 400 Week 1 Assignment Introduction to
Security and Risk Management (2 Set) NEW
CMGT 400 Week 2 Team Organization Risks and
Threats (2 Set) NEW
CMGT 400 Week 2 Individual Common
Information Security Threats involving Ethical and
Legal Concerns ( 2 PPT and 1 Paper) NEW
CMGT 400 Week 3 Team Review of IT Systems
Development Practices (2 PPT) NEW
CMGT 400 Week 3 Individual Securing and
Protecting Information (2 Set) NEW

CMGT 400 Week 4 Team Create Secure
Environment (2 PPT) NEW
CMGT 400 Week 4 Individual The Role of
Information Security Policy ( 2 PPT and 1 Paper)
NEW
CMGT 400 Week 5 Team Educate the Board of
Directors on IT Security Issues and Costs NEW
CMGT 400 Week 5 Individual The Global Security
Policy (2 Set) NEW

CMGT 400 Week 1 Individual Assignment Risky
Situation
400/CMGT-400-Week-1-Individual-Assignment-
Risky-Situation
Complete the University Material: Risky Situations
table found on your student website. List three
types of sensitive information involved with each
situation. Identify three ways each information
item could be misused or harmed. Answer the
questions at the end of the table.

CMGT 400 Week 2 Individual Common
Information Security Threats involving Ethical and
Legal Concerns ( 2 PPT and 1 Paper) NEW
400/cmgt-400-week-2-individual-common-
information-security-threats-involving-ethical-
and-legal-concerns-recent
This Tutorial contains 2 Set of PPT and 1 Paper
Individual: Common Information Security Threats
involving Ethical and Legal Concerns
Use reading assignments and conduct valid and
necessary research to complete this assignment.
Social networking is one of the largest and most
frequent IT Security risks at your company. The
CIO wants a Microsoft PowerPoint Awareness
presentation with an Information Guide handout

for the of Senior IT employees. This presentation
will be shown at all company locations.
Create a 6-slide Microsoft PowerPoint
presentation on Awareness. Include the following:
• Adequate references to support your findings,
information, and opinions
• A minimum of two outside academic
references are required
• Videos, audio, photos, diagrams, or graphs as
appropriate
• Substantial speaker notes to elaborate on the
key points of your plan
• Audio narration within your presentation
• APA Formatting
Create a 1-page Microsoft Word Information Guide
on this presentation. Include the following:
• Goals and objectives of the presentation in
summary form
• APA Formatting
Click the Assignment Files tab to submit both parts
of the assignment.

CMGT 400 Week 2 Team Organization Risks and Threats (2 Set)
NEW
http://www.uopassignments.com/CMGT-400/cmgt-400-week-
2-team-organization-risks-and-threats-recent
This Tutorial contains 2 Set of Presentations
Learning Team: Organization Risks and Threats
Create a 5-slide Microsoft PowerPoint presentation
communicating the different risks the organization must
consider. These risks may include regulatory, criminal, and
others your team considers noteworthy. You may use examples
from current newsworthy cases of IT security failures. Include
the following:
• Videos, audio, photos, diagrams, or graphs as appropriate
• Substantial speaker notes to elaborate on the key points of
your plan
• APA Formatting

CMGT 400 Week 3 Individual Securing and
Protecting Information (2 Set) NEW
400/cmgt-400-week-3-individual-securing-and-
protecting-information-recent
This Tutorial contains 2 Set of Papers and 2 PPT
Individual: Securing and Protecting Information
Your company is debating transferring all of their
information to a Cloud storage provider. The CFO
feels this move is a big cash savings plan, one that
could save the company a lot of money. The CIO
feels the risk is too high and wants you to develop
an Awareness presentation and Information Guide
handout to outline the Pros and Cons of this
storage plan. You will present this presentation at
an executive session next week.
Create a 2-slide Microsoft PowerPoint Awareness

presentation. Include the following:
appropriate
• APA Formatting
Create a 1-page Microsoft Word Information Guide
on this
presentation. Include the following:
• Goals and objectives of the presentation in
summary form
• APA Formatting
of the assignment.

CMGT 400 Week 3 Team Review of IT Systems
Development Practices (2 PPT) NEW
400/cmgt-400-week-3-team-review-of-it-systems-
development-practices-recent
This Tutorial contains 2 Set of Presentation
Review of IT Systems Development Practices
Create a 6-7-slide Microsoft PowerPoint
presentation which communicates the changes
and/or best practices that must be incorporated
within the IT development function. This
development function is critical, since new
systems need to be designed for better security
than the legacy systems currently used. Include
the following:
appropriate

• APA Formatting

CMGT 400 Week 4 Individual The Role of
Information Security Policy ( 2 PPT and 1 Paper)
NEW
400/cmgt-400-week-4-individual-the-role-of-
information-security-policy-recent
This Tutorial contains 2 Set of Presentation and 1
Paper
Individual: The Role of Information Security Policy
This week, the CIO has asked you to conduct a
Supervisor Awareness seminar at your company.
The CIO believes employee awareness is essential
to IT Security and could easily reduce security
breaches, risks, and threats, by half. Additionally,
the CIO believes you can persuade the Supervisors

that our employees are key to reducing how IT
Security negatively affects the company.
presentation. Include the following: • Reasons
why, how, and what employees need to do to
positively reduce the
causes of IT Security negative events
• Clearly defined and explained suggestions
appropriate
• APA Formatting
of the assignment.

CMGT 400 Week 4 Team Create Secure
Environment (2 PPT) NEW
400/cmgt-400-week-4-team-create-secure-
environment-recent
This Tutorial contains 2 Presentation
Learning Team: Create Secure Environment
presentation communicating how the company
can manage the integration of security practices,
and tools, with human behavior. Include the
following:
• How to make security important to everyone
• The best methods to communicate
information on security related issues
appropriate
• APA Formatting

Click the Assignment Files tab to submit your
assignment.

Policy (2 Set) NEW
400/cmgt-400-week-5-individual-the-global-
security-policy-recent
Policy (2 Set) NEW

CMGT 400 Week 5 Team Educate the Board of
Directors on IT Security Issues and Costs NEW
400/cmgt-400-week-5-team-educate-the-board-
of-directors-on-it-security-issues-and-costs-recent
Learning Team:
Educate the Board of Directors on IT Security
Issues and Costs
Consolidate your assignments from Weeks Two,
Three, and Four, incorporating faculty feedback
into a 20- to 30-slide Microsoft PowerPoint
presentation. This presentation needs to persuade
the board of directors to consider company

security related issues, review current company
practices, and increase the IT security budget
along with staffing to meet industry standard
practices. Include the following:
appropriate
• APA Formatting
Click the Assignment Files tab to submit your
assignment.

CMGT 400 Complete Class
http://www.uopassignment
s.com/CMGT-400/CMGT-
400-Complete-Class-Guide

CMGT 400 Week 1 DQ 1
What is the mindset required to properly protect information? What
role does reasoned paranoia play in the minded and how can an
individual keep the proper balance between protecting information and
enabling business?
400-Week-1-DQ-1

How can information be an asset in a company? Discuss three different
examples of information that should be protected by a company and not
exposed. Include several examples of what management could do to
protect each example.
400-Week-1-DQ-
2%E2%80%8B

CMGT 400 Week 1 Individual Assignment
Risky Situation
Complete the University Material: Risky Situations table found on your
student website. List three types of sensitive information involved with
each situation. Identify three ways each information item could be
misused or harmed. Answer the questions at the end of the table.
400-Week-1-Individual-
Assignment-Risky-Situation

CMGT 400 Week 1 Team Assignment
Kudler Fine Foods IT Security Report
System Review
400-Week-1-Team-
Assignment-Kudler-Fine-
Foods-IT-Security-Report-
System-Review
Kudler Fine Foods is in the process of developing a customer loyalty
program and relatedsystem to give rewards to their customers based on
their purchases and other relevant information. Your team has been
asked to direct the development team in what they must do to ensure
the system is developed in a secure manner and that it properly protects
company and customer information at all stages of development Each
week, the team prepares different portions of the final paper and

presentation, which recommends exactly what the development team
should do at each step of the development process including any related
policy, training, and ongoing IT audit elements.
Review the material for Kudler Fine Foods in the Virtual Organizations.
Familiarize yourself with the company and its systems, and identify the
specific systems or areas where your team thinks informationsecurity is
particularly needed. You do not need to analyze for specific threats; that
will be done later. Simply identify those areas and systems where
security is warranted. Submit a memo to Kudler’s leadership that
outlines your team’s findings about areas in which the Kudler system
should have IT security measures.

Why do you think one of the methods in the Heimerl (2010) article
would be the most effective way for an organization to save money?
400-Week-2-DQ-1

Which of the threats from social networking in the Horn (2010) article
also apply to other businesses? Which do not? Why do you think so?
400-Week-2-DQ-2

Common Information Security Threats
Assignment-Common-
Information-Security-
Threats
Submit a formal academic paper that addresses at least three major
information security threats that a specific organization you choose
faces today. Describe potential risks to the information and the related
vulnerabilities within the organization. Identify the forces that drive
each threat and the related vulnerabilities. Discuss how the values for
threat and vulnerability combine to indicate the overall risk the
organization faces.

Describe how an organization can properly manage its information
security efforts using proper risk management techniques and cost-
benefit analyses for these informationsecurity efforts. Explain the legal,
ethical, and regulatory requirements for protecting data.

CMGT 400 Week 2 Learning Team Kudler
Fine Foods IT Security Report Top Threats
400-Week-2-Learning-
Team-Kudler-Fine-Foods-
IT-Security-Report-Top-
Threats
Submit a table that identifies the top threats to the new customer
rewards program at Kudler Fine Foods in preparation for your final
report (due in Week Five). Include the likely vulnerabilities each threat
might exploit. The following table is an example of one you might use:
Area of System
Threat
Potential Vulnerability

Include a summary of those threats that the team judges are most
critical to Kudler Fine Foods.

What are three of the controls in the Helton (2010) article that would be
effective in protecting health care information? For each item, describe
the risk in your own terms and suggested solutions to mitigate it. Also,
discuss whether this issue would face other types of organizations, or if
it is limited to only those in the health care field.
400-Week-3-DQ-1

How can a company protect data on corporate laptops according to the
Storn (2008) article? Why do more organizations not use this kind of
protection? Do you expect this to become a legal requirement in the
future? Explain why or why not.
400-Week-3-DQ-2

Disaster Securing and Protecting
Information
Assignment-Disaster-
Securing-and-Protecting-
Information
Submit a formal academic paper that describes the security
authentication process. Discuss how this and other information
security considerations will affect the design and development process
for new information systems. Include a brief discussion of how to

include preventative measures for securing data, such as backups and
remote or redundant storage.
Note what role this will play in the other areas covered in the
paper. Provide an overview of several systems and devices that can
provide security services to meet the needs raised by the other areas
covered in the paper.

CMGT 400 Week 3 Team Assignment
Kudler Fine Foods IT Security Report
Security Consideration
400-Week-3-Team-
Assignment-Kudler-Fine-
Foods-IT-Security-Report-
Security-Consideration
Submit a description of the security considerations for each phase of the
systems development process. Identify specific concerns if the system is
ever removed from service.
Specify what can and should be done in each systems development
process phase to properly mitigate the risk for each entry in the table
from the previous week. Be specific, but high-level in your mitigations.

Most or all items will have something to check or do in each stage of the
systems development process.

What are the top three areas that an organization should work on to
respond to the issues raised in the de Villiers (2010) article? Why are
these areas critical to the organization? Is the author’s assessment
correct? Explain why or why not. Choose a specific organization to
illustrate your argument.
400-Week-4-DQ-1

What is the value and effect of a good business impact analysis (BIA)?
How can using this help an organization develop an effective
information security policy?
400-Week-4-DQ-2

CMGT 400 Entire Course NEW

Recommended

Recommended

More Related Content

What's hot

What's hot (19)

Similar to CMGT 400 Entire Course NEW

Similar to CMGT 400 Entire Course NEW (20)

More from shyamuopfive

More from shyamuopfive (20)

Recently uploaded

Recently uploaded (20)

CMGT 400 Entire Course NEW