Final Project: Incident Response Exercise & ReportYour Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Your Deliverable
Complete and submit the Incident Report form found at the end of this file. Consult the “Notes to Students” for additional directions regarding completion of the form.
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also serves as ...
Final Project Incident Response Exercise & ReportYour TaskYou.docxlmelaine
Final Project: Incident Response Exercise & Report
Your Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Your Deliverable
Complete and submit the Incident Report form found at the end of this file. Consult the “Notes to Students” for additional directions regarding completion of the form.
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also serves a ...
Final Project Incident Response Exercise & ReportYour Taskalisondakintxt
Final Project: Incident Response Exercise & Report
Your Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Your Deliverable
Complete and submit the Incident Report form found at the end of this file. Consult the “Notes to Students” for additional directions regarding completion of the form.
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also ser ...
This week your focus should be on figuring out what the Red Team did.docxjuliennehar
This week your focus should be on figuring out what the Red Team did and how they did it. (See the - Incident Response Exercise & Report below - the detailed assignment description for the course final project).For your first posting this week, you must provide an analysis of the Red Team's report (as listed in the final project-check below). At a minimum you must identify and discuss three specific vulnerabilities that were exploited by the Red Team as part of its penetration testing. You will need to research similar types of attacks using Red Team or Ethical Hacking resources from the Internet.Final Project: Incident Response Exercise & Report
Your Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in G ...
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwkyra78
Project Deliverable 5: Infrastructure and Security
This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted. Additionally, the security of the network should be in the forefront of your design because protecting your data is a primary consideration.
Section 1: Infrastructure Document
1. Write a four pages infrastructure document in which you:
. Justify and support the relationship between infrastructure and security as it relates to this data-collection and analysis company.
. Present the rationale for the logical and physical topographical layout of the planned network.
. Design a logical and physical topographical layout of the current and planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
. Illustrate the possible placement of servers including access paths to the Internet, intrusion detection systems (IDS), and firewalls. Note: Facility limitations, workstations, databases, printers, routers, switches, bridges, and access points should be considered in the illustration.
. Create and describe a comprehensive security policy for this data-collection and analysis company that will:
· Protect the company infrastructure and assets by applying the principals of confidentiality, integrity, and availability (CIA). Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.
· Address ethical aspects relat ...
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
erm Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
d ...
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
Project Name
Your Full Name
Course Number and Name (As it appears on your Course Guide.)
Professor’s Name (As it appears on your Course Guide.)
University Name (As it appears on the Course Guide.)
Date (Month must be spelled out. Use the date that the paper is due.)
*
*
*
Project Description & ObjectivesDescribe the project in non-technical terms.Describe the project objectives and how the project has met each objective.Explanation #1Explanation #2Explanation #3State the project scope statement. Detail the requirements of the project.Adhere to quality management.
*
*
*
Work Breakdown Structure (WBS)Insert the WBS.Highlight brief task explanation on the slide but explain thoroughly on the speaker notes.
*
Project Schedule and MilestonesCreate timeline.List activity sequences and durations.Indicate the critical path.
*
Project Human Resource ManagementIdentify stakeholders.Indicate the project team matrix (weak, balanced, and strong).Explain how the project team was developed and managed.Identify procurement management, i.e., vendors, contractors, suppliers, etc.
*
Project CostEstablish the approved budget.Identify the cost for the resources.State the cost of the project. (Is it under or over budget?)Note the technology used with associated cost.BenefitsDrawbacks or barriers
*
Project CommunicationsEnsure that all project information is collected, documented, and archived.Distribute and share information with stakeholders, management, and project team members.Identify risks.Qualitative RisksQuantitative Risks
*
Competitive Analysis
*
*
*
Competitive Analysis, Cont.
*
*
*
Procedures
*
*
*
Assumptions, Constraints & DependenciesIdentify the assumptions used to determine the project scope.Evaluate project’s success from these assumptions.Evaluate project’s obstacles from these assumptions.Explain the scope, time, and cost constraints.List any dependencies. Explain.
*
Project Lessons LearnedRecommend methods to avoid similar obstacles in future projects.List of six (6) best practices arising from this project.#1#2#3#4#5#6
*
Next Steps
NOTE: Is there another phase for this project? What is the project closure?
*High-level GoalsRelationshipUltimate Goal
*
*
ReferencesYou must use references that coincide with the in-text citations in your presentation written in correct APA format. All references should come from Strayer University databases such as EbscoHost, eLibrary, ProQuest, etc. If your professor allows use of the internet avoid using .com sites, but you may use .org or .gov sites that are copyrighted.
*
ABC: INFORMATION TECHNOLOGY PROJECT CHARTER
Name:
Institutional Affiliation:
1.0. INTRODUCTIONPurpose of INFORMATION TECHNOLOGY Project Charterthe abc’s INFORMATIONA tECHNONOLOGY pROJECT PROPOSAL charter documents a research and formulation of a surveillance security system which is targeted to appraise in ...
Final Project Incident Response Exercise & ReportYour TaskYou.docxlmelaine
Final Project: Incident Response Exercise & Report
Your Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Your Deliverable
Complete and submit the Incident Report form found at the end of this file. Consult the “Notes to Students” for additional directions regarding completion of the form.
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also serves a ...
Final Project Incident Response Exercise & ReportYour Taskalisondakintxt
Final Project: Incident Response Exercise & Report
Your Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Your Deliverable
Complete and submit the Incident Report form found at the end of this file. Consult the “Notes to Students” for additional directions regarding completion of the form.
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in Grayson County, Kentucky, USA. The company’s physical address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The president of the company is Ira John Sifers, III. He is the great-grandson of one of the company’s founders and is also the head of the engineering department. The chief operating officer is Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth Sifers is the chief financial officer and also ser ...
This week your focus should be on figuring out what the Red Team did.docxjuliennehar
This week your focus should be on figuring out what the Red Team did and how they did it. (See the - Incident Response Exercise & Report below - the detailed assignment description for the course final project).For your first posting this week, you must provide an analysis of the Red Team's report (as listed in the final project-check below). At a minimum you must identify and discuss three specific vulnerabilities that were exploited by the Red Team as part of its penetration testing. You will need to research similar types of attacks using Red Team or Ethical Hacking resources from the Internet.Final Project: Incident Response Exercise & Report
Your Task
You have been assigned to work incident clean-up as part of the Sifers-Grayson Blue Team. Your task is to assist in analyzing and documenting the incident described below. The Blue Team has already created a set of enterprise architecture diagrams (see figures 1-4) to help with your analysis of the incident and preparation of the incident report as required by the company’s contracts with the federal government. After completing their penetration tests, the Red Team provided Sifers-Grayson executives with a diagram showing their analysis of the threat environment and potential weaknesses in the company’s security posture for the R&D DevOps Lab (see figure 5).
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it meet the security requirements of a contract with a federal agency. The consulting firm’s Red Team conducted a penetration test and was able to gain access to the engineering center’s R&D servers by hacking into the enterprise network through an unprotected network connection (see figure 2). The Red Team proceeded to exfiltrate files from those servers and managed to steal 100% of the design documents and source code for the AX10 Drone System. The Red Team also reported that it had stolen passwords for 20% of the employee logins using keylogging software installed on USB keys that were left on the lunch table in the headquarters building employee lounge (see Figure 3). The Red Team also noted that the Sifers-Grayson employees were quite friendly and talkative as they opened the RFID controlled doors for the “new folks” on the engineering staff (who were actually Red Teamers).
The Red Team continued its efforts to penetrate the enterprise and used a stolen login to install malware over the network onto a workstation connected to a PROM burner in the R&D DevOps lab (See Figure 3). This malware made its way onto a PROM that was then installed in an AX10-a test vehicle undergoing flight trials at the Sifers-Grayson test range (See Figures 1 and 4). The malware “phoned home” to the Red Team over a cellular connection to the R&D center. The Red Team took control of the test vehicle and flew it from the test range to a safe landing in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in G ...
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwkyra78
Project Deliverable 5: Infrastructure and Security
This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted. Additionally, the security of the network should be in the forefront of your design because protecting your data is a primary consideration.
Section 1: Infrastructure Document
1. Write a four pages infrastructure document in which you:
. Justify and support the relationship between infrastructure and security as it relates to this data-collection and analysis company.
. Present the rationale for the logical and physical topographical layout of the planned network.
. Design a logical and physical topographical layout of the current and planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
. Illustrate the possible placement of servers including access paths to the Internet, intrusion detection systems (IDS), and firewalls. Note: Facility limitations, workstations, databases, printers, routers, switches, bridges, and access points should be considered in the illustration.
. Create and describe a comprehensive security policy for this data-collection and analysis company that will:
· Protect the company infrastructure and assets by applying the principals of confidentiality, integrity, and availability (CIA). Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.
· Address ethical aspects relat ...
erm Paper Managing an IT Infrastructure AuditDue Week 10 and woeleanorabarrington
erm Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
d ...
Project NameYour Full NameCourse Number and Name (As i.docxwkyra78
Project Name
Your Full Name
Course Number and Name (As it appears on your Course Guide.)
Professor’s Name (As it appears on your Course Guide.)
University Name (As it appears on the Course Guide.)
Date (Month must be spelled out. Use the date that the paper is due.)
*
*
*
Project Description & ObjectivesDescribe the project in non-technical terms.Describe the project objectives and how the project has met each objective.Explanation #1Explanation #2Explanation #3State the project scope statement. Detail the requirements of the project.Adhere to quality management.
*
*
*
Work Breakdown Structure (WBS)Insert the WBS.Highlight brief task explanation on the slide but explain thoroughly on the speaker notes.
*
Project Schedule and MilestonesCreate timeline.List activity sequences and durations.Indicate the critical path.
*
Project Human Resource ManagementIdentify stakeholders.Indicate the project team matrix (weak, balanced, and strong).Explain how the project team was developed and managed.Identify procurement management, i.e., vendors, contractors, suppliers, etc.
*
Project CostEstablish the approved budget.Identify the cost for the resources.State the cost of the project. (Is it under or over budget?)Note the technology used with associated cost.BenefitsDrawbacks or barriers
*
Project CommunicationsEnsure that all project information is collected, documented, and archived.Distribute and share information with stakeholders, management, and project team members.Identify risks.Qualitative RisksQuantitative Risks
*
Competitive Analysis
*
*
*
Competitive Analysis, Cont.
*
*
*
Procedures
*
*
*
Assumptions, Constraints & DependenciesIdentify the assumptions used to determine the project scope.Evaluate project’s success from these assumptions.Evaluate project’s obstacles from these assumptions.Explain the scope, time, and cost constraints.List any dependencies. Explain.
*
Project Lessons LearnedRecommend methods to avoid similar obstacles in future projects.List of six (6) best practices arising from this project.#1#2#3#4#5#6
*
Next Steps
NOTE: Is there another phase for this project? What is the project closure?
*High-level GoalsRelationshipUltimate Goal
*
*
ReferencesYou must use references that coincide with the in-text citations in your presentation written in correct APA format. All references should come from Strayer University databases such as EbscoHost, eLibrary, ProQuest, etc. If your professor allows use of the internet avoid using .com sites, but you may use .org or .gov sites that are copyrighted.
*
ABC: INFORMATION TECHNOLOGY PROJECT CHARTER
Name:
Institutional Affiliation:
1.0. INTRODUCTIONPurpose of INFORMATION TECHNOLOGY Project Charterthe abc’s INFORMATIONA tECHNONOLOGY pROJECT PROPOSAL charter documents a research and formulation of a surveillance security system which is targeted to appraise in ...
IntroductionThe capstone project is a �structured walkthrough� pen.pdffantasiatheoutofthef
Introduction
The capstone project is a structured walkthrough penetration test of a fictional
company, Artemis, Incorporated (Artemis). A structured walkthrough is an
organized procedure for a group of peers to review and discuss the technical
aspects of various IT, IT Security, and IT Audit work products. The major objectives
of a structured walkthrough are to find errors and to improve the quality of the
product or service to be delivered.
This document provides a comprehensive overview of the project and the expected
deliverables.
Overview
You work for a firm specializing in cybersecurity consulting, namely penetration tests,
vulnerability assessments, and regulatory compliance. Artemis has hired your firm to
perform an external penetration test. In preparation for this engagement, you must lead
your team of new pen-testers in a structured walkthrough of the entire test so that:
a) Everyone on the team knows what to do.
b) The amount of time allotted for the actual test is utilized as efficiently as
possible.
c) The clients expectations are met or exceeded.
To accomplish this task, you must perform the following five phases:
1. Perform simulated reconnaissance of the client.
2. Simulate target identification and scans against the external network.
3. Simulate the identification of vulnerabilities.
4. Based on the above, assess the threats and make recommendations.
5. Create two mock reports for the client: An Executive Summary for the clients
senior management, and a Detailed Technical Report for the clients IT staff.
This project is an excellent addition to your portfolio as it demonstrates your
understanding of critical security issues and your skills in identifying and analyzing
threats and vulnerabilities. The project also allows you to speak knowledgeably about
the entire process of performing a pen test, using your project as a reference point.
Each phase will include its own deliverable(s). A full description of what is required can
be found under each phase.
Directions
When planning penetration tests, consulting firms always sit down with the clients key
stakeholders to confirm scope and approach, identify the clients concerns, and set
expectations regarding the outcome. To this end, you have been provided with an
overview of the client and an overview of the clients IT environment. This information is
critical because all risks must be evaluated within their context. The example below
illustrates this concept:
Technically Accurate Artemis web application does not restrict or filter user uploads
by file type. This is a vulnerability that could allow threat actors to connect remotely,
execute arbitrary code, and then elevate their privileges within the application.
With context Artemis RFQ/RFP web application does not restrict or filter user uploads
by file type. This is a vulnerability that could allow threat actors to connect remotely,
execute arbitrary code, and then elevate their privileges within the application. In this
instan.
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwoodruffeloisa
Project Deliverable 5: Infrastructure and Security
This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted. Additionally, the security of the network should be in the forefront of your design because protecting your data is a primary consideration.
Section 1: Infrastructure Document
1. Write a four to six (4-6) page infrastructure document in which you:
. Justify and support the relationship between infrastructure and security as it relates to this data-collection and analysis company.
. Present the rationale for the logical and physical topographical layout of the planned network.
. Design a logical and physical topographical layout of the current and planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
. Illustrate the possible placement of servers including access paths to the Internet, intrusion detection systems (IDS), and firewalls. Note: Facility limitations, workstations, databases, printers, routers, switches, bridges, and access points should be considered in the illustration.
. Create and describe a comprehensive security policy for this data-collection and analysis company that will:
· Protect the company infrastructure and assets by applying the principals of confidentiality, integrity, and availability (CIA). Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.
· Address ethical a ...
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
Term Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
...
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
Case Project 1-1: Defining and Designing a Network
The overview of this book’s running case project is in the front matter. Please review this information carefully to guide you in completing each chapter’s project as you work through the remaining chapters.
You have been hired as a consultant to design a network for LedGrafix, a video and PC game design company. LedGrafix’s newest game has become a hot seller, and the company anticipates rapid growth. It’s moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, LedGrafix wants the network fully secured, documented, and maintained while providing high availability, scalability, and performance.
Based on your current network technology and information security knowledge, for this project you design a network to meet the specified requirements and create a network diagram detailing your design. After you have created the diagram, you create a hardware and software inventory for the network. In addition to designing the network, you must also provide full documentation. The network should meet the following requirements:
· One location in Phoenix, AZ
· Capable of supporting 62 users in these departments: Accounting and Payroll, 4; Research and Development, 12; Sales and Marketing, 10; Order Processing, Shipping, and Receiving, 14; secretarial and office management staff, 4; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 6;Technology Support, 2.
· Full T-1 Internet connection
Tasks
1. Design a network that meets the preceding requirements.
2. Examine the facility diagram your instructor provides. Using whatever drawing application you have available (MS Paint will work, if you have no other options), create a diagram of your network, showing the physical layout of the system.
3. Create a hardware and software inventory. Your instructor has blank forms you can use, or you can create or find your own. Your inventory should include at least the following:
· Operating systems
· Server operating systems
· Office applications
· Antivirus software
· Computers, servers, and peripherals
· Network connectivity equipment, such as hubs, switches, or routers
· Specialized imaging or multimedia devices or software
· Developer tools (you can make up tool names, if necessary)
· Other applications you think are necessary
Case Project 2-1: Conducting Risk Assessment and Analysis
Risk assessment can be as simple as noting an unlocked door or a password written on a note, or it can be a complex process requiring several team members and months to complete. A large enterprise environment probably has multiple locations, diverse activities, and a wide array of resources to evaluate. You don’t need such a complex network, however, for your running case project; the main idea is to learn how to apply your knowledge in a methodical fashion to produce useful and accurate data. Approaching ...
Assignment 3
TCSS 143
Programming Assignment 3
Due: see canvas, by 11:55pm (submitted electronically).
NOTE: Be sure to adhere to the University’s Policy on Academic Integrity as discussed in class. Programming
assignments are to be written individually and submitted programs must be the result of your own efforts. Any
suspicion of academic integrity violation will be dealt with accordingly
Purpose: The purpose of this programming project is to apply concepts of Object-Oriented Programming and
work with Recursion. There are 2 problems that need to be solved as part of this assignment.
Program compiles 15 Points
Documentation
Java Docs for Problem 1 10 Points
Process
Problem 1 50 Points
o Fields, Constructor, Methods (Movie.java) 15 Points
o Handling Exceptions 10 Points
o Test.java implementation 15 Points
o Output 10 Points
Problem 2 25 Points
o Practice-It Problems
Total 100 Points
Assignment 3
Problem 1: Movie ADT
You have been hired to an inventory system for movies that will allow the user to add, remove, and search for
movies in the collection. In this exercise, you will complete and test an initial implementation of the Movie ADT
that will be the heart of this inventory system.
Step 1: Movie.java
Create a class file Movie.java based on the description provided in the class diagram given below:
Step 2: Implementation of the compareTo() method
We have discussed the Comparable interface in class and we have seen some methods in the Collection interface
and Collections class that use the compareTo() method. What would be a good method for determining whether
one movie is less than, equal to, or greater than another movie? This is called the “Natural” ordering for the movie
ADT. Implement your compareTo() method.
Step 3: Exception Handling
• The constructor should throw a java.lang.NullPointerException if title is null and
a java.lang.IllegalArgumentException if year is negative.
• equals() & compareTo() methods should throw a java.lang.NullPointerException if
its argument is null.
Step 4: Test.java
A driver file Test.java has been provided with the Assignment. You will modify the driver program to perform
the following steps:
1. Instantiate eight objects of type Movie and add them to the movie List.
2. Print out the unsorted list of movies.
3. Sort the list of movies using Collections.sort().
4. Print out the sorted list of movies.
5. Search for a particular movie in the list using Collections.binarySearch()
6. Test your equals method.
Assignment 3
Problem 2: Based on Practice-It
Do the following exercises from Practice-It:
• University of Washington CSE 143 (CS2)
(Under) Recursion Tracing:
a. mystery2
b. mystery3
c. mystery7
• University of Washington CSE 143 (CS2)
(Under) Recursion:
a. factorial
b. writeChars
c. stutter
d. countToB.
01-01-2017 This section will lay out the implementation plan o.docxhoney725342
01-01-2017
This section will lay out the implementation plan of the entire Authentic Assessment Project (AAP) design, which include configuration of key networking devices, detailing milestones, activities, resources, and budgets, as well as providing a deliverables schedule.
Project Implementation Plan
In this lecture I will discuss implementation plan through an example of an enterprise network.
The figure presents a fictitious enterprise factious network. The company would like to implement a scalable solution with a routing protocol that provides fast convergence. For optimal routing and packet forwarding, hierarchical addressing with summarization is required. Users require high-speed access to the server farm with redundant connectivity for protection. The company has many remote offices; a redundant connection to the Internet is required to provide the remote offices with nonstop access to its server farm. For remote offices, a secure connection must be implemented to prevent unauthorized persons from accessing data.
The first step before creating an implementation plan is to gather existing information about the networks and all the requirements.
The existing topology provides redundant connectivity among all the network devices. Internet connectivity is dual homed, which provides redundant access to the remote sites as well as World Wide Web resources. The equipment can provide all the functionalities that are required, but the software version of the operation system must be upgraded.
The networking equipment has existing IP addressing that needs to be changed to ensure optimal routing and forwarding of packets as well as summarization. Requirements for server farm access and remote office connectivity do not include changes in QoS configuration. The server farm hosts the critical applications of the company including VoIP, and these require preferred treatment. OSPF is configured in the network. This configuration must be changed, because a faster convergence time is required. EIGRP is better choice than OSPF.
Security configuration is required to provide secure access to terminal resources. In this case existing security is sufficient, therefor no changes are needed.
For this scenario implementation plan would be
· Project contact list
· Location information and means of accessing the premises
· Tools and resources
· Assumption
· Task and detailed description
· Network staging plan
Project Contact List
Consultant Project Team
Customer Project Team
Project Manager
Telephone
E-Mail
Project Manager
Telephone
E-Mail
Configuration Engineer
Telephone
E-mail
Configuration Engineer
Telephone
E-mail
Project Coordinator
Telephone
E-mail
Project Coordinator
Telephone
E-mail
Equipment installation Plan
Location
Details
Floor
Room
Rack Number
Tools Required
Item Number
Item
1
PC with a VT 100 emulator, 10Base-T interface, FTP Server, TFTP client application
2
Console port cable DB9-RJ45/DB25
3
10Base-T Ethernet cable
The implementa ...
Company Background & Operating EnvironmentThe assigned case study .docxbrownliecarmella
Company Background & Operating Environment
The assigned case study and attachments to this assignment provide information about “the company.”
·
Use the Baltimore field office as the target for the System Security Plan
·
Use Verizon FiOS as the Internet Services Provider (see
http://www.verizonenterprise.com/terms/us/products/internet/sla/
)
Policy Issue & Plan of Action
A recent risk assessment highlighted the need to formalize the security measures required to protect information, information systems, and the information infrastructures for the company’s field offices. This requirement has been incorporated into the company’s risk management plan and the company’s CISO has been tasked with developing, documenting, and implementing the required security measures. The IT Governance board also has a role to play since it must review and approve all changes which affect IT systems under its purview.
The CISO has proposed a plan of action which includes developing system security plans using guidance from NIST SP-800-18
Guide for Developing Security Plans for Federal Information Systems.
The IT Governance board, after reviewing the CISO’s proposed plan of action, voted and accepted this recommendation. In its discussions prior to the vote, the CISO explained why the best practices information for security plans from NIST SP 800-18 was suitable for the company’s use. The board also accepted the CISO’s recommendation for creating a single
System Security Plan
for a
General Support System
since, in the CISO’s professional judgement, this type of plan would best meet the “formalization” requirement from the company’s recently adopted risk management strategy.
Your Task Assignment
As a staff member supporting the CISO, you have been asked to research and then draft the required
system security plan
for a
General Support System.
In your research so far, you have learned that:
·
A general support system is defined as “an interconnected set of information resources under the same direct management control that shares common functionality.” (See NIST SP 800-18)
·
The Field Office manager is the designated
system owner
for the IT support systems in his or her field office.
·
The
system boundaries
for the field office
General Support System
have already been documented in the company’s enterprise architecture (see the case study).
·
The
security controls
required for the field office IT systems have been documented in a security controls baseline (see the controls baseline attached to this assignment).
Research:
1.
Review the information provided in the case study and in this assignment, especially the information about the field offices and the IT systems and networks used in their day to day business affairs.
2.
Review NIST’s guidance for developing a System Security Plan for a general support IT System.
This information is presented in NIST SP 800-18.
http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-fina ...
http://www.it-exams.fr/70-416.htm Les exercices et corrigés du livre de référence Microsoft 70-416 seront renouvelés à temps pour suivre l’évolution de l’examen Microsoft 70-416 (TS:Implementing Desktop Application Environments)Notre ouvrage recouvre plus de 96% des connaissances nécessaires à l’examen Microsoft 70-416 (TS:Implementing Desktop Application Environments), ce qui vous permettra de bien réussir l’examen à la première tentative !
For more course tutorials visit
www.tutorialrank.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
Assignment 2 Implementing Network and Personnel Security Meas.docxannrodgerson
Assignment 2: Implementing Network and Personnel Security Measures
Due Week 8 and worth 100 points
The security consulting firm that you work for has been awarded a contract to implement a new IT Security Infrastructure to secure the Information Technology data assets of a local government agency. This agency has many remote workers that are in the field and need to connect back to the agency’s system servers. The remote workers use a wireless network infrastructure to connect their electronic pads to servers located within the local government’s facility. The remote workers have needs to access property records, cite zoning violations electronically, and validate building permits. The public demand to expand IT services has grown faster than its ability to provide an adequately secured infrastructure. In fact, this government entity was previously featured on the news for having minimal security controls and methods for accessing property tax information of citizens. The inadequate security allowed many construction trade businesses to illegally access property records and zoning violations. Your role in this project is to enhance and optimize the security mechanisms for accessing these systems.
Write a four to five (4-5) page paper in which you:
1. Create an information flow diagram, using Visio or Dia, which:
a. Illustrates how remote users will securely connect to the government agency’s network.
b. Illustrates the patch of network devices that data packets must travel to get from server to remote user’s device and back to
server.
Note: The graphically depicted solution is not included in the required page length.
2. Provide an equipment list of network security devices that would be needed to ensure the integrity and sensitivity of private information. In this list:
a. Propose at least two (2) vendor brands per each device and the associate costs required to procure these items.
b. Identify the functionality each device serves and the expected benefits the government agency should experience upon the successful installation of this equipment.
3. Develop a maintenance plan that should be recommended to the government agency to ensure having the latest security measures available within the network in which you:
a. Describe the risks associated with not fulfilling the activities outlined within your maintenance plan.
b. Indicate specific activities, personnel / resources required, and frequency of execution.
4. Recommend at least four (4) physical security measures that could be developed to ensure the electronic perimeter of electronic assets.
5. Recommend at least two (2) physical security vendors that could achieve the four (4) security measures you identified. Justify your
recommendations with your response.
6. Evaluate and consider activities that the Human Resources Department could perform in order to complement and instill security ...
One of the most common used risk management tools is the Incident Re.docxAKHIL969626
One of the most common used risk management tools is the Incident Reporting.
More recently, incident Reporting system incorporated computer technology that will provide information like:
1. Major incident category.
2. Early identification of patterns and trends in the "how" and "why" of untoward events.
3. Code vulnerability inductors.
Discuss the potential benefits to use this technology. There is any Limitation for the system? Explain.
.
One of the first anthropologists to examine religion in Africa was E.docxAKHIL969626
One of the first anthropologists to examine religion in Africa was Edward Evans-Pritchard in the early 1900's. You will explore what he learned about the Azande by watching the first 23 minutes of "
Strange Beliefs: Sir Edward Evans-Pritchard
".
Instructions:
When you are done watching the video answer the following questions by referring to specific information from the video, NOT outside sources:
How do the Azande people featured in the film explain unfortunate events and what do they do about it?
According to your textbook, what is religion and how would Azande religious beliefs be classified?
Do you think Azande beliefs are any more or less rational than other religious beliefs like Judaism, Christianity, Islam, or Buddhism?
.
One of the most important concepts in clinical practice and group wo.docxAKHIL969626
One of the most important concepts in clinical practice and group work is confidentiality. All members of the group sign an informed consent form in order to address the rules and parameters of the group sessions. The rules regarding confidentiality are stated in one section of the form. Although every member must sign this agreement, ensuring that all information shared in the group remains confidential can be difficult. As the group leader, the clinical social worker is responsible for developing strategies so that all members feel safe to share.
For this Discussion, review the “Working With Groups: Latino Patients Living With HIV/AIDS” case study.
By Day 3
Post
strategies you might prefer to use to ensure confidentiality in a treatment group for individuals living with HIV/AIDS. Describe how informed consent addresses confidentiality in a group setting. How does confidentiality in a group differ from confidentiality in individual counseling? Also, discuss how you would address a breach of confidentiality in the group.
Required Readings
Plummer, S.-B., Makris, S., & Brocksen, S. M. (Eds.). (2014).
Social work case studies: Concentration year
. Baltimore, MD: Laureate International Universities Publishing [Vital Source e-reader].
“Working With Groups: Latino Patients Living With HIV/AIDS” (pp. 39–41)
Toseland, R. W., & Rivas, R. F. (2017). An introduction to group work practice (8th ed.). Boston, MA: Pearson.
Chapter 11, “Task Groups: Foundation Methods” (pp. 336-363)
Chapter 12, “Task Groups: Specialized Methods” (pp. 364–395)
Himalhoch, S., Medoff, D. R., & Oyeniyi, G. (2007). Efficacy of group psychotherapy to reduce depressive symptoms among HIV-infected individuals: A systematic review and meta-analysis.
AIDS Patient Care and STDs,
21
(10), 732–739
Lasky, G. B., & Riva, M. T. (2006). Confidentiality and privileged communication in group psychotherapy.
International Journal of Group Psychotherapy
,
56
(4), 455–476.
Toseland, R. W., & Rivas, R. F. (2017).
An introduction to group work practice
(8th ed.). Boston, MA: Pearson.
Chapter 1, “Introduction” (pp. 1–42)
Chapter 2, “Historical and Theoretical Developments” (pp. 45–66)
Working With Groups:
Latino
Patients Living
WithHIV/AIDS
The support group discussed here was created to address the unique needs of a vulnerable population receiving services at an outpatient interdisciplinary comprehensive care center. The center’s mission was to provide medical and psychosocial services to adult patients living with HIV/AIDS (PLWH). Both patients and providers at the center expressed a need for a group to address the needs of the center’s Latino population. At the time the group was created, 36% of the center’s population identified as Latino, and 25% of this cohort identified Spanish as their primary language. The purpose of the group was twofold: 1) to reduce the social isolation felt by Latino patients at the center and 2) to create a culturally sensitive environm.
One function of a leader is to provide the vision for the organizati.docxAKHIL969626
One function of a leader is to provide the vision for the organization that they lead. Being a role model and leading the way forward are important aspects of leadership.
If you were leading an Internet retailer or another organization that involves innovative technology and organizational flexibility, describe the process that you would use to create a vision for the organization.
How would you get the employees involved in the vision?
Describe how the process would differ between an Internet retailer and a brick and mortar retailer.
.
One could argue that old-fashioned attitudes regarding gender and t.docxAKHIL969626
One could argue that old-fashioned attitudes regarding gender and "traditional" gender roles are becoming obsolete. In many parts of the world women head major corporations and hold high positions of power—positions historically seen as being of the male domain. In turn, many men freely choose to be "stay-at-home-dads" or enter professions that were once considered to be "feminine." Naturally, our contemporary views of gender and gender roles illustrate the social progress we have made as one human culture.
Yet, prehistoric and ancient works of art tell a different story—one that reinforces old-fashioned gender roles (and maybe for good reason). Prehistoric and ancient representations of gender illustrate the social norms of their periods. Naturally, these works of art were produced by people whose lives and values were quite different from ours. Yet, the views of gender presented by these works of art are, despite our contemporary sensibilities, are still very recognizable.
Write an essay that analyzes the representation of gender and gender roles as seen in
Woman of Willendorf
(prehistoric: c. 25,000–20,000 B.C.E.) and
Kouros
/
Statue of Standing Youth
(ancient Greece: c. 580 B.C.E.).
.
One of the hallmarks of qualitative research is writing detailed obs.docxAKHIL969626
One of the hallmarks of qualitative research is writing detailed observations when collecting data. For this assignment, take a notebook with you to a public setting where social interaction takes place (restaurant, public library, public park, shopping mall, airport, etc.). Observe for an hour, then write up your notes into a descriptive vignette, looking for patterns in events and actions.
Observe as though you are a stranger in a new country, trying to make sense of the action around you. Describe how things look, smell, sound, feel, etc. Be as descriptive as possible. Write up your observations into a vignette with the intention of having readers feel as though they are in the environment you choose to observe. Do not be shy to talk to people and ask what they are doing for more information.
REMEMBER to concentrate on observing the
context
only (NO PERSONAL OPINIONS)! This paper should be no longer than 3 pages double-spaced. There is going to be follow-up with this assignment in Module 8.
Assignment Specifics:
· Student will write a 3 double-spaced reflective paper.
· Citations from any of the required reading/presentations from the assigned module
· APA format
.
One of the three main tenants of information security is availabilit.docxAKHIL969626
One of the three main tenants of information security is availability. It is also one of the least thought about. Explain the importance of availability? Do you believe it should be more important than the other two tenants (confidentiality/integrity)? Why is it important to know the value of your data when it comes to availability?
Requirements:
Initial posting by Wednesday
Reply to at least 2 other classmates by Sunday (Post a response on different days throughout the week)
Provide a minimum of 3 references on the initial post and on any response posts.
Proper APA Format (References & Citations)/No plagiarism
.
More Related Content
Similar to Final Project Incident Response Exercise & ReportYour TaskYou hav.docx
IntroductionThe capstone project is a �structured walkthrough� pen.pdffantasiatheoutofthef
Introduction
The capstone project is a structured walkthrough penetration test of a fictional
company, Artemis, Incorporated (Artemis). A structured walkthrough is an
organized procedure for a group of peers to review and discuss the technical
aspects of various IT, IT Security, and IT Audit work products. The major objectives
of a structured walkthrough are to find errors and to improve the quality of the
product or service to be delivered.
This document provides a comprehensive overview of the project and the expected
deliverables.
Overview
You work for a firm specializing in cybersecurity consulting, namely penetration tests,
vulnerability assessments, and regulatory compliance. Artemis has hired your firm to
perform an external penetration test. In preparation for this engagement, you must lead
your team of new pen-testers in a structured walkthrough of the entire test so that:
a) Everyone on the team knows what to do.
b) The amount of time allotted for the actual test is utilized as efficiently as
possible.
c) The clients expectations are met or exceeded.
To accomplish this task, you must perform the following five phases:
1. Perform simulated reconnaissance of the client.
2. Simulate target identification and scans against the external network.
3. Simulate the identification of vulnerabilities.
4. Based on the above, assess the threats and make recommendations.
5. Create two mock reports for the client: An Executive Summary for the clients
senior management, and a Detailed Technical Report for the clients IT staff.
This project is an excellent addition to your portfolio as it demonstrates your
understanding of critical security issues and your skills in identifying and analyzing
threats and vulnerabilities. The project also allows you to speak knowledgeably about
the entire process of performing a pen test, using your project as a reference point.
Each phase will include its own deliverable(s). A full description of what is required can
be found under each phase.
Directions
When planning penetration tests, consulting firms always sit down with the clients key
stakeholders to confirm scope and approach, identify the clients concerns, and set
expectations regarding the outcome. To this end, you have been provided with an
overview of the client and an overview of the clients IT environment. This information is
critical because all risks must be evaluated within their context. The example below
illustrates this concept:
Technically Accurate Artemis web application does not restrict or filter user uploads
by file type. This is a vulnerability that could allow threat actors to connect remotely,
execute arbitrary code, and then elevate their privileges within the application.
With context Artemis RFQ/RFP web application does not restrict or filter user uploads
by file type. This is a vulnerability that could allow threat actors to connect remotely,
execute arbitrary code, and then elevate their privileges within the application. In this
instan.
Project Deliverable 5 Infrastructure and SecurityThis assignm.docxwoodruffeloisa
Project Deliverable 5: Infrastructure and Security
This assignment consists of two (2) sections: an infrastructure document and a revised Gantt chart or project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.
The infrastructure which encompasses the network solution and security considerations is a major consideration for your company. Considering that the company will be expanding from one (1) floor to three (3) floors in the very near future you, as the CIO, are responsible for the design of the infrastructure and security protocols. You have been tasked with designing a network that is stable, redundant, and scalable. In addition, speed and reliability are important considerations. Assumptions should be drawn regarding network usage in relationship to network services and resources. All the established criteria that were set at the onset should be adhered to within your plan. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. In addition, access paths for Internet access should be depicted. Additionally, the security of the network should be in the forefront of your design because protecting your data is a primary consideration.
Section 1: Infrastructure Document
1. Write a four to six (4-6) page infrastructure document in which you:
. Justify and support the relationship between infrastructure and security as it relates to this data-collection and analysis company.
. Present the rationale for the logical and physical topographical layout of the planned network.
. Design a logical and physical topographical layout of the current and planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Note: The graphically depicted solution is not included in the required page length.
. Illustrate the possible placement of servers including access paths to the Internet, intrusion detection systems (IDS), and firewalls. Note: Facility limitations, workstations, databases, printers, routers, switches, bridges, and access points should be considered in the illustration.
. Create and describe a comprehensive security policy for this data-collection and analysis company that will:
· Protect the company infrastructure and assets by applying the principals of confidentiality, integrity, and availability (CIA). Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.
· Address ethical a ...
Term Paper Managing an IT Infrastructure AuditDue Week 10 a.docxmanningchassidy
Term Paper: Managing an IT Infrastructure Audit
Due Week 10 and worth 210 points
This assignment consists of four (4) sections: an internal IT audit policy, a management plan, a project plan, and a disaster recovery plan.
You must submit all four (4) sections as separate files for the completion of this assignment.
Label each file name according to the section of the assignment it is written for. Additionally, you may create and /or assume all necessary assumptions needed for the completion of this assignment.
Imagine you are an Information Security Manager for a large national retailer. You have been hired to be directly responsible for the planning and oversight of IT audits. At the request of the Board of Directors, the CEO has tasked you with developing a plan for conducting regular audits of the IT infrastructure. The planning and management aspects of IT audit are critical to the overall success of the audit, and as a result, the overall success of the systems implemented within the organization. You must develop a policy for conducting IT audits and develop a project plan for conducting two week IT audits.
In addition to the typical networking and Internetworking infrastructure of a medium-sized organization, the organization has the following characteristics:
They have a main office and 268 stores in the U.S.
They utilize a cloud computing environment for storage and applications.
Their IT infrastructure includes Cisco workgroup and core switches, Cisco routers, Cisco firewalls and intrusion prevention systems, and servers running Microsoft Windows Server 2012.
They have over 1000 desktops and approximately 500 organization-owned laptops in the main headquarters.
They allow employees to bring their own devices into the organization; however, they are subject to being searched upon entry and exit from the building.
They enable remote access to corporate information assets for employees and limited access to extranet resources for contractors and other business partners.
They enable wireless access at the main office and the stores.
They process an average of 67.2 credit card transactions per hour every day at each location and via their corporate Website.
Section 1: Internal IT Audit Policy
Write a three to four (3-4) page paper in which you:
1. Develop an Internal IT Audit Policy, which includes at a minimum:
a. Overview
b. Scope
c. Goals and objectives
d. Compliance with applicable laws and regulations
e. Management oversight and responsibility
f. Areas covered in the IT audits
g. Frequency of the audits
h. Use at least two (2) quality resources in this assignment.
Note
: Wikipedia and similar Websites do not qualify as quality resources.
Section 2: Management Plan
Write a four to six (4-6) page paper in which you:
2. Explain the management plan for conducting IT audits, including:
a. Risk management
b. System Software and Applications
c. Wireless Networking
...
Case Project 1-1 Defining and Designing a NetworkThe overview.docxtidwellveronique
Case Project 1-1: Defining and Designing a Network
The overview of this book’s running case project is in the front matter. Please review this information carefully to guide you in completing each chapter’s project as you work through the remaining chapters.
You have been hired as a consultant to design a network for LedGrafix, a video and PC game design company. LedGrafix’s newest game has become a hot seller, and the company anticipates rapid growth. It’s moving into a new facility and will be installing a new network. Because competition is fierce in the game industry, LedGrafix wants the network fully secured, documented, and maintained while providing high availability, scalability, and performance.
Based on your current network technology and information security knowledge, for this project you design a network to meet the specified requirements and create a network diagram detailing your design. After you have created the diagram, you create a hardware and software inventory for the network. In addition to designing the network, you must also provide full documentation. The network should meet the following requirements:
· One location in Phoenix, AZ
· Capable of supporting 62 users in these departments: Accounting and Payroll, 4; Research and Development, 12; Sales and Marketing, 10; Order Processing, Shipping, and Receiving, 14; secretarial and office management staff, 4; upper management (including the president, vice president, and general manager), 10; Customer Relations and Support, 6;Technology Support, 2.
· Full T-1 Internet connection
Tasks
1. Design a network that meets the preceding requirements.
2. Examine the facility diagram your instructor provides. Using whatever drawing application you have available (MS Paint will work, if you have no other options), create a diagram of your network, showing the physical layout of the system.
3. Create a hardware and software inventory. Your instructor has blank forms you can use, or you can create or find your own. Your inventory should include at least the following:
· Operating systems
· Server operating systems
· Office applications
· Antivirus software
· Computers, servers, and peripherals
· Network connectivity equipment, such as hubs, switches, or routers
· Specialized imaging or multimedia devices or software
· Developer tools (you can make up tool names, if necessary)
· Other applications you think are necessary
Case Project 2-1: Conducting Risk Assessment and Analysis
Risk assessment can be as simple as noting an unlocked door or a password written on a note, or it can be a complex process requiring several team members and months to complete. A large enterprise environment probably has multiple locations, diverse activities, and a wide array of resources to evaluate. You don’t need such a complex network, however, for your running case project; the main idea is to learn how to apply your knowledge in a methodical fashion to produce useful and accurate data. Approaching ...
Assignment 3
TCSS 143
Programming Assignment 3
Due: see canvas, by 11:55pm (submitted electronically).
NOTE: Be sure to adhere to the University’s Policy on Academic Integrity as discussed in class. Programming
assignments are to be written individually and submitted programs must be the result of your own efforts. Any
suspicion of academic integrity violation will be dealt with accordingly
Purpose: The purpose of this programming project is to apply concepts of Object-Oriented Programming and
work with Recursion. There are 2 problems that need to be solved as part of this assignment.
Program compiles 15 Points
Documentation
Java Docs for Problem 1 10 Points
Process
Problem 1 50 Points
o Fields, Constructor, Methods (Movie.java) 15 Points
o Handling Exceptions 10 Points
o Test.java implementation 15 Points
o Output 10 Points
Problem 2 25 Points
o Practice-It Problems
Total 100 Points
Assignment 3
Problem 1: Movie ADT
You have been hired to an inventory system for movies that will allow the user to add, remove, and search for
movies in the collection. In this exercise, you will complete and test an initial implementation of the Movie ADT
that will be the heart of this inventory system.
Step 1: Movie.java
Create a class file Movie.java based on the description provided in the class diagram given below:
Step 2: Implementation of the compareTo() method
We have discussed the Comparable interface in class and we have seen some methods in the Collection interface
and Collections class that use the compareTo() method. What would be a good method for determining whether
one movie is less than, equal to, or greater than another movie? This is called the “Natural” ordering for the movie
ADT. Implement your compareTo() method.
Step 3: Exception Handling
• The constructor should throw a java.lang.NullPointerException if title is null and
a java.lang.IllegalArgumentException if year is negative.
• equals() & compareTo() methods should throw a java.lang.NullPointerException if
its argument is null.
Step 4: Test.java
A driver file Test.java has been provided with the Assignment. You will modify the driver program to perform
the following steps:
1. Instantiate eight objects of type Movie and add them to the movie List.
2. Print out the unsorted list of movies.
3. Sort the list of movies using Collections.sort().
4. Print out the sorted list of movies.
5. Search for a particular movie in the list using Collections.binarySearch()
6. Test your equals method.
Assignment 3
Problem 2: Based on Practice-It
Do the following exercises from Practice-It:
• University of Washington CSE 143 (CS2)
(Under) Recursion Tracing:
a. mystery2
b. mystery3
c. mystery7
• University of Washington CSE 143 (CS2)
(Under) Recursion:
a. factorial
b. writeChars
c. stutter
d. countToB.
01-01-2017 This section will lay out the implementation plan o.docxhoney725342
01-01-2017
This section will lay out the implementation plan of the entire Authentic Assessment Project (AAP) design, which include configuration of key networking devices, detailing milestones, activities, resources, and budgets, as well as providing a deliverables schedule.
Project Implementation Plan
In this lecture I will discuss implementation plan through an example of an enterprise network.
The figure presents a fictitious enterprise factious network. The company would like to implement a scalable solution with a routing protocol that provides fast convergence. For optimal routing and packet forwarding, hierarchical addressing with summarization is required. Users require high-speed access to the server farm with redundant connectivity for protection. The company has many remote offices; a redundant connection to the Internet is required to provide the remote offices with nonstop access to its server farm. For remote offices, a secure connection must be implemented to prevent unauthorized persons from accessing data.
The first step before creating an implementation plan is to gather existing information about the networks and all the requirements.
The existing topology provides redundant connectivity among all the network devices. Internet connectivity is dual homed, which provides redundant access to the remote sites as well as World Wide Web resources. The equipment can provide all the functionalities that are required, but the software version of the operation system must be upgraded.
The networking equipment has existing IP addressing that needs to be changed to ensure optimal routing and forwarding of packets as well as summarization. Requirements for server farm access and remote office connectivity do not include changes in QoS configuration. The server farm hosts the critical applications of the company including VoIP, and these require preferred treatment. OSPF is configured in the network. This configuration must be changed, because a faster convergence time is required. EIGRP is better choice than OSPF.
Security configuration is required to provide secure access to terminal resources. In this case existing security is sufficient, therefor no changes are needed.
For this scenario implementation plan would be
· Project contact list
· Location information and means of accessing the premises
· Tools and resources
· Assumption
· Task and detailed description
· Network staging plan
Project Contact List
Consultant Project Team
Customer Project Team
Project Manager
Telephone
E-Mail
Project Manager
Telephone
E-Mail
Configuration Engineer
Telephone
E-mail
Configuration Engineer
Telephone
E-mail
Project Coordinator
Telephone
E-mail
Project Coordinator
Telephone
E-mail
Equipment installation Plan
Location
Details
Floor
Room
Rack Number
Tools Required
Item Number
Item
1
PC with a VT 100 emulator, 10Base-T interface, FTP Server, TFTP client application
2
Console port cable DB9-RJ45/DB25
3
10Base-T Ethernet cable
The implementa ...
Company Background & Operating EnvironmentThe assigned case study .docxbrownliecarmella
Company Background & Operating Environment
The assigned case study and attachments to this assignment provide information about “the company.”
·
Use the Baltimore field office as the target for the System Security Plan
·
Use Verizon FiOS as the Internet Services Provider (see
http://www.verizonenterprise.com/terms/us/products/internet/sla/
)
Policy Issue & Plan of Action
A recent risk assessment highlighted the need to formalize the security measures required to protect information, information systems, and the information infrastructures for the company’s field offices. This requirement has been incorporated into the company’s risk management plan and the company’s CISO has been tasked with developing, documenting, and implementing the required security measures. The IT Governance board also has a role to play since it must review and approve all changes which affect IT systems under its purview.
The CISO has proposed a plan of action which includes developing system security plans using guidance from NIST SP-800-18
Guide for Developing Security Plans for Federal Information Systems.
The IT Governance board, after reviewing the CISO’s proposed plan of action, voted and accepted this recommendation. In its discussions prior to the vote, the CISO explained why the best practices information for security plans from NIST SP 800-18 was suitable for the company’s use. The board also accepted the CISO’s recommendation for creating a single
System Security Plan
for a
General Support System
since, in the CISO’s professional judgement, this type of plan would best meet the “formalization” requirement from the company’s recently adopted risk management strategy.
Your Task Assignment
As a staff member supporting the CISO, you have been asked to research and then draft the required
system security plan
for a
General Support System.
In your research so far, you have learned that:
·
A general support system is defined as “an interconnected set of information resources under the same direct management control that shares common functionality.” (See NIST SP 800-18)
·
The Field Office manager is the designated
system owner
for the IT support systems in his or her field office.
·
The
system boundaries
for the field office
General Support System
have already been documented in the company’s enterprise architecture (see the case study).
·
The
security controls
required for the field office IT systems have been documented in a security controls baseline (see the controls baseline attached to this assignment).
Research:
1.
Review the information provided in the case study and in this assignment, especially the information about the field offices and the IT systems and networks used in their day to day business affairs.
2.
Review NIST’s guidance for developing a System Security Plan for a general support IT System.
This information is presented in NIST SP 800-18.
http://csrc.nist.gov/publications/nistpubs/800-18-Rev1/sp800-18-Rev1-fina ...
http://www.it-exams.fr/70-416.htm Les exercices et corrigés du livre de référence Microsoft 70-416 seront renouvelés à temps pour suivre l’évolution de l’examen Microsoft 70-416 (TS:Implementing Desktop Application Environments)Notre ouvrage recouvre plus de 96% des connaissances nécessaires à l’examen Microsoft 70-416 (TS:Implementing Desktop Application Environments), ce qui vous permettra de bien réussir l’examen à la première tentative !
For more course tutorials visit
www.tutorialrank.com
Project 1
Step 1: Conduct a Security Analysis Baseline
In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).
You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]
Assignment 2 Implementing Network and Personnel Security Meas.docxannrodgerson
Assignment 2: Implementing Network and Personnel Security Measures
Due Week 8 and worth 100 points
The security consulting firm that you work for has been awarded a contract to implement a new IT Security Infrastructure to secure the Information Technology data assets of a local government agency. This agency has many remote workers that are in the field and need to connect back to the agency’s system servers. The remote workers use a wireless network infrastructure to connect their electronic pads to servers located within the local government’s facility. The remote workers have needs to access property records, cite zoning violations electronically, and validate building permits. The public demand to expand IT services has grown faster than its ability to provide an adequately secured infrastructure. In fact, this government entity was previously featured on the news for having minimal security controls and methods for accessing property tax information of citizens. The inadequate security allowed many construction trade businesses to illegally access property records and zoning violations. Your role in this project is to enhance and optimize the security mechanisms for accessing these systems.
Write a four to five (4-5) page paper in which you:
1. Create an information flow diagram, using Visio or Dia, which:
a. Illustrates how remote users will securely connect to the government agency’s network.
b. Illustrates the patch of network devices that data packets must travel to get from server to remote user’s device and back to
server.
Note: The graphically depicted solution is not included in the required page length.
2. Provide an equipment list of network security devices that would be needed to ensure the integrity and sensitivity of private information. In this list:
a. Propose at least two (2) vendor brands per each device and the associate costs required to procure these items.
b. Identify the functionality each device serves and the expected benefits the government agency should experience upon the successful installation of this equipment.
3. Develop a maintenance plan that should be recommended to the government agency to ensure having the latest security measures available within the network in which you:
a. Describe the risks associated with not fulfilling the activities outlined within your maintenance plan.
b. Indicate specific activities, personnel / resources required, and frequency of execution.
4. Recommend at least four (4) physical security measures that could be developed to ensure the electronic perimeter of electronic assets.
5. Recommend at least two (2) physical security vendors that could achieve the four (4) security measures you identified. Justify your
recommendations with your response.
6. Evaluate and consider activities that the Human Resources Department could perform in order to complement and instill security ...
One of the most common used risk management tools is the Incident Re.docxAKHIL969626
One of the most common used risk management tools is the Incident Reporting.
More recently, incident Reporting system incorporated computer technology that will provide information like:
1. Major incident category.
2. Early identification of patterns and trends in the "how" and "why" of untoward events.
3. Code vulnerability inductors.
Discuss the potential benefits to use this technology. There is any Limitation for the system? Explain.
.
One of the first anthropologists to examine religion in Africa was E.docxAKHIL969626
One of the first anthropologists to examine religion in Africa was Edward Evans-Pritchard in the early 1900's. You will explore what he learned about the Azande by watching the first 23 minutes of "
Strange Beliefs: Sir Edward Evans-Pritchard
".
Instructions:
When you are done watching the video answer the following questions by referring to specific information from the video, NOT outside sources:
How do the Azande people featured in the film explain unfortunate events and what do they do about it?
According to your textbook, what is religion and how would Azande religious beliefs be classified?
Do you think Azande beliefs are any more or less rational than other religious beliefs like Judaism, Christianity, Islam, or Buddhism?
.
One of the most important concepts in clinical practice and group wo.docxAKHIL969626
One of the most important concepts in clinical practice and group work is confidentiality. All members of the group sign an informed consent form in order to address the rules and parameters of the group sessions. The rules regarding confidentiality are stated in one section of the form. Although every member must sign this agreement, ensuring that all information shared in the group remains confidential can be difficult. As the group leader, the clinical social worker is responsible for developing strategies so that all members feel safe to share.
For this Discussion, review the “Working With Groups: Latino Patients Living With HIV/AIDS” case study.
By Day 3
Post
strategies you might prefer to use to ensure confidentiality in a treatment group for individuals living with HIV/AIDS. Describe how informed consent addresses confidentiality in a group setting. How does confidentiality in a group differ from confidentiality in individual counseling? Also, discuss how you would address a breach of confidentiality in the group.
Required Readings
Plummer, S.-B., Makris, S., & Brocksen, S. M. (Eds.). (2014).
Social work case studies: Concentration year
. Baltimore, MD: Laureate International Universities Publishing [Vital Source e-reader].
“Working With Groups: Latino Patients Living With HIV/AIDS” (pp. 39–41)
Toseland, R. W., & Rivas, R. F. (2017). An introduction to group work practice (8th ed.). Boston, MA: Pearson.
Chapter 11, “Task Groups: Foundation Methods” (pp. 336-363)
Chapter 12, “Task Groups: Specialized Methods” (pp. 364–395)
Himalhoch, S., Medoff, D. R., & Oyeniyi, G. (2007). Efficacy of group psychotherapy to reduce depressive symptoms among HIV-infected individuals: A systematic review and meta-analysis.
AIDS Patient Care and STDs,
21
(10), 732–739
Lasky, G. B., & Riva, M. T. (2006). Confidentiality and privileged communication in group psychotherapy.
International Journal of Group Psychotherapy
,
56
(4), 455–476.
Toseland, R. W., & Rivas, R. F. (2017).
An introduction to group work practice
(8th ed.). Boston, MA: Pearson.
Chapter 1, “Introduction” (pp. 1–42)
Chapter 2, “Historical and Theoretical Developments” (pp. 45–66)
Working With Groups:
Latino
Patients Living
WithHIV/AIDS
The support group discussed here was created to address the unique needs of a vulnerable population receiving services at an outpatient interdisciplinary comprehensive care center. The center’s mission was to provide medical and psychosocial services to adult patients living with HIV/AIDS (PLWH). Both patients and providers at the center expressed a need for a group to address the needs of the center’s Latino population. At the time the group was created, 36% of the center’s population identified as Latino, and 25% of this cohort identified Spanish as their primary language. The purpose of the group was twofold: 1) to reduce the social isolation felt by Latino patients at the center and 2) to create a culturally sensitive environm.
One function of a leader is to provide the vision for the organizati.docxAKHIL969626
One function of a leader is to provide the vision for the organization that they lead. Being a role model and leading the way forward are important aspects of leadership.
If you were leading an Internet retailer or another organization that involves innovative technology and organizational flexibility, describe the process that you would use to create a vision for the organization.
How would you get the employees involved in the vision?
Describe how the process would differ between an Internet retailer and a brick and mortar retailer.
.
One could argue that old-fashioned attitudes regarding gender and t.docxAKHIL969626
One could argue that old-fashioned attitudes regarding gender and "traditional" gender roles are becoming obsolete. In many parts of the world women head major corporations and hold high positions of power—positions historically seen as being of the male domain. In turn, many men freely choose to be "stay-at-home-dads" or enter professions that were once considered to be "feminine." Naturally, our contemporary views of gender and gender roles illustrate the social progress we have made as one human culture.
Yet, prehistoric and ancient works of art tell a different story—one that reinforces old-fashioned gender roles (and maybe for good reason). Prehistoric and ancient representations of gender illustrate the social norms of their periods. Naturally, these works of art were produced by people whose lives and values were quite different from ours. Yet, the views of gender presented by these works of art are, despite our contemporary sensibilities, are still very recognizable.
Write an essay that analyzes the representation of gender and gender roles as seen in
Woman of Willendorf
(prehistoric: c. 25,000–20,000 B.C.E.) and
Kouros
/
Statue of Standing Youth
(ancient Greece: c. 580 B.C.E.).
.
One of the hallmarks of qualitative research is writing detailed obs.docxAKHIL969626
One of the hallmarks of qualitative research is writing detailed observations when collecting data. For this assignment, take a notebook with you to a public setting where social interaction takes place (restaurant, public library, public park, shopping mall, airport, etc.). Observe for an hour, then write up your notes into a descriptive vignette, looking for patterns in events and actions.
Observe as though you are a stranger in a new country, trying to make sense of the action around you. Describe how things look, smell, sound, feel, etc. Be as descriptive as possible. Write up your observations into a vignette with the intention of having readers feel as though they are in the environment you choose to observe. Do not be shy to talk to people and ask what they are doing for more information.
REMEMBER to concentrate on observing the
context
only (NO PERSONAL OPINIONS)! This paper should be no longer than 3 pages double-spaced. There is going to be follow-up with this assignment in Module 8.
Assignment Specifics:
· Student will write a 3 double-spaced reflective paper.
· Citations from any of the required reading/presentations from the assigned module
· APA format
.
One of the three main tenants of information security is availabilit.docxAKHIL969626
One of the three main tenants of information security is availability. It is also one of the least thought about. Explain the importance of availability? Do you believe it should be more important than the other two tenants (confidentiality/integrity)? Why is it important to know the value of your data when it comes to availability?
Requirements:
Initial posting by Wednesday
Reply to at least 2 other classmates by Sunday (Post a response on different days throughout the week)
Provide a minimum of 3 references on the initial post and on any response posts.
Proper APA Format (References & Citations)/No plagiarism
.
One of the challenges in group problem solving is identifying the ac.docxAKHIL969626
One of the challenges in group problem solving is identifying the actual problem. Often as a group, we try to fix the symptoms of the problem instead of the actual problem. Review the attached scenario. Identify the problem, write a problem statement, and explain why you believe the problem you identified is not a symptom but the actual root cause.
*Post must be 200 to 250 words
*Answer must be clear, concise and straight forward
* PE is attached
.
One is the personal plot that unfolds around the relationships betwe.docxAKHIL969626
One is the personal plot that unfolds around the relationships between the characters—O thello, Iago, Desdemona, Cassio, Rodrigo, and Emelia. The other plot is the more public one in which Venice is at war with the Turks. How do these plots intersect, and do they overlap in terms of some of the main themes of the play? For instance, don’t overlook the line in Act I, iii, regarding where the Turks are headed in their ships—“or this cannot be, by no assay of reason: 'tis a pageant,to keep us in false gaze.”
.
One and half pagesimple, noplagarism Title page, abstr.docxAKHIL969626
One and half page
simple, noplagarism
Title page, abstract, table of contents, list of figures, list of tables are all
not required
in the discussion forums. All other aspects of
APA (citations, list of references, correct spacing & formatting, etc.)
are
required to receive full credit
You must
engage
(not just agree, disagree, or repost you own posting) at least two of your classmates in the discussions each week to receive full credit
Each question should be researched and supported with some peer reviewed sources other than or in addition to your textbook
Discussion posts are assessed on a rubric with equal weight given to 5 assessable items: Comprehension, Timeliness, Engagement, Critical Thinking, and APA/Mechanics
Digital Forensics
There are three primary goals with digital forensics:
Collect electronically stored information in a sound, defensible manner,
Analyze the results of the collections, and
Present the findings either in formal legal proceedings or less formally to inform a client.
Electronic evidence can be short-lived and fragile. It needs to be collected in a defensible, methodological manner to preserve it accurately, and to withstand scrutiny in legal proceedings. (chain of custody)
Electronic evidence can be highly probative, both as it appears to users, and behind the scenes. There is a lot of information that a computer user never sees (e.g. metadata, logs, registry entries). This behind-the-scenes evidence may provide a wealth of information about who did what when and where. Forensic analysts are trained to preserve, collect and interpret this kind of evidence.
Some digital files can be recovered, even if a user has tried to delete them.
Locate a famous case where digital forensics played a role, and share it with the class. Discuss how digital forensics was critical in cracking the case. Examples are listed below, but
you can’t use them – find your own.
Famous cases cracked with digital forensics
Be it a text message, Google searches or GPS information, a person’s digital footprint can provide plenty of ammunition in the courtroom. Here are a few cases where digital forensics played a critical role in bringing about justice
.
1. The BTK Killer, Dennis Rader
Perhaps the most famous case to be solved through digital forensics is that of
the BTK Killer Dennis Rader
, with “BTK” referring to his MO of “bind, torture and kill.” Rader enjoyed taunting police during his killing sprees in Wichita, KS. But this also proved to be his fatal flaw. A floppy disk Rader sent to police revealed his true identity. He was soon arrested, pled guilty and was put behind bars for life, much to the relief of his long-terrorized community.
2. Dr. Conrad Murray’s lethal prescriptions
Another recent case solved with digital forensics was that of
Dr. Conrad Murray, personal physician of Michael Jackson
. Digital forensics played a crucial role in the trial. After Jackson passed away unexpectedly in 20.
One 750 - word essay exploring an art historical issue presented in .docxAKHIL969626
One 750 - word essay exploring an art historical issue presented in the class.(following file)
The file is 6 pages long. write a reaction and add some of the own thinking.
The file preview
The Combahee River Collective Statement
Combahee River Collective
We are a collective of Black feminists who have been meeting ...........
.
One of the most interesting items in the communication realm of orga.docxAKHIL969626
One of the most interesting items in the communication realm of organization management is the informal grapevine. The informal grapevine has the capacity to undermine the official communication function of a criminal justice organization.
Discuss what a grapevine is and the best methods to counteract it.
.
One of the most important filmmakers of the twentieth centur.docxAKHIL969626
One of the most important filmmakers of the twentieth century to release such popular films such as Ferris Bueller’s Day Off, and The Breakfast Club was someone by the name of John Hughes. Born February 18 in 1950, he sadly died 11 years ago due to a heart attack. Brought up in Michigan, John Hughes started off by creating jokes for already famous comedians. He then began to capture the interest of adolescents in the 1980’s with his work. Movies such as The Breakfast Club;Sixteen Candles;Ferris Bueller's Day Off;Plane, Trains, and Automobiles; and Home Alone gained a huge amount of popularity over time. These movies usually ended in a good way but not without a struggle along the way.
One of John Hughes most popular film’s, titled The Breakfast club takes place in a school library setting as the main 5 students are tasked with learning and understanding each other. Understanding their dislikes for teachers, parents, as well as going through the peer pressure of their respective social groups. This film highly resembles Hughes' work as it reaches toward the best of society with all different types of popular culture which explains why the movie takes place in a library, with the students surrounded by art, books, and statues.
Hughes was very well known as being the king of highschool movies. All of his work dealt with teenagers and the issues they dealt with. Ferris Bueller
Ferris Buellers was one of Hughes' first comedies, and it is the most original movie about high school that has ever been made. There wasn't a movie like it before it was made, and since many attempts have been made to recapture what Ferris Buellers brought to the table. Unfortunately, that is impossible. A big part of Ferris Bueller's magic was the originality of Hughes' vision. He looked at teenagers and high school life from a completely new perspective. Hughes created a world where everything worked out for the hero, and everyone can identify with that.
.
One of the ways businesses provide secure access to their networ.docxAKHIL969626
One of the ways businesses provide secure access to their network (or a subset of their network) to remote (or mobile) users is to use virtual private networks (VPNs). VPNs allow users to connect securely (over an encrypted link) to a network. For this discussion:
Define the term virtual private network
Discuss the goal(s) of a VPN
Describe different types of VPNs (hardware or software based)
Discuss how the use of a VPN may support BYOD (bring your own device)
List several commonly available (open source) VPNs
Describe best practices for using a VPN
300 Words NO Plagiarism
.
On Stretching Time (250 Words)The given paradigms by which we.docxAKHIL969626
On Stretching Time (250 Words)
“The given paradigms by which we are to understand and use academic freedom isolate utterances and individuals to insist that the contexts that matter are professional and institutional. But if we stretch time, the potent context of modern nationalism/settler colonialism becomes strongly palpable.”
Kandice Chuh argues that it is imperative for us to “stretch time”: to be able to place utterances and individuals in the academic context in the broader context of modern nationalism and settler colonialism. What is something someone can only understand about you by bringing in a larger context? Write that, and also the larger context needed to understand.
.
On the evening news, social media and even in conversation, do you f.docxAKHIL969626
On the evening news, social media and even in conversation, do you feel that noting where data and other vital information being shared came from could alleviate confusion, frustration and "gossip"? If so, where should we draw the line? Do you trust what others discuss with you? Or do you "fact check"?
.
On p. 98-99 of Music and Capitalism, Tim Taylor writes, The.docxAKHIL969626
On p. 98-99 of
Music and Capitalism,
Tim Taylor writes, “These and other Western star musicians employ other common discourses about the musicians with whom they worked and the musics they appropriated or collaborated with. The dominant ideology and discourse are that non-Western musics are a kind of natural resource that is available for the taking, though these acts of appropriation are frequently tempered by the Western star’s appearance alongside the non-Western musicians in publicity photographs, on recordings, and in liner notes.”
Review your notes from class about important words, or look these up as necessary: discourse, appropriation, collaboration, ideology
Then, write a response that does the following:
Explain: what does this quotation mean in your own words?
How does the
Graceland
example fit in with what Tim Taylor is talking about here
?
Think of another time that musicians with different power positions are part of a musical performance or recording (you can use one in the chapter, like
Buena Vista Social Club, Deep Forest,
“The Lion Sleeps Tonight,” “Return to Innocence,” “El Condor Pasa,” or
Talking Timbuktu
, or one not in the reading that interests you). Describe the relationship between the musicians, and argue whether you think the album/performance is appropriation, collaboration, sampling, or something else. If the artists have different positionalities in terms of race, gender, and/or country of origin, comment on the effect this has. Give your opinion on ethical questions raised in this particular situation.
Your response should be about 3-5 paragraphs (minimum 12 sentences) in length. For part c, you will need to reference and cite an additional source (i.e. web site, album, academic source, news article, etc.)
.
On 1 January 2016, the 17 Sustainable Development Goals (SDGs) o.docxAKHIL969626
On 1 January 2016, the 17 Sustainable Development Goals (SDGs) of the 2030 Agenda for Sustainable Development — adopted by world leaders in September 2015 at an historic UN Summit — officially came into force. These goals address every topic of concern we have discussed this semester. Over the coming decade, it's the hope of UN member nations (which includes the U.S.) that the SDGs will universally be applied to all, countries will mobilize efforts to end all forms of poverty, fight inequalities and tackle climate change, while ensuring that no one is left behind.
With the SDGs as your reference, answer these questions:
Are any of the 17goals from the UN website particularly unrealistic—describe, in detail, why you think so (or not).
Which of the 17 goals do you believe is the highest priority for the world and why? Cite specific examples from class content, discussions and assessments.
.
On September 11, 2001 the U.S. changed forever. While the U.S. had s.docxAKHIL969626
On September 11, 2001 the U.S. changed forever. While the U.S. had suffered attacks before, nothing to this scale and magnitude. The attacks were aimed at highly populated areas (NYC) and homes for the government and armed forces (Washington, D.C. and the Pentagon). The World Trade Centers were an ideal target for their height and location. For your own post, consider vulnerable populations. What constitutes vulnerability in populations living in disaster prone areas? Consider NYC, these attacks were neither the first nor the last attacks NYC has suffered. Why is NYC such a hub for terrorist attacks? Try considering other areas, other than NYC, and provide an example from a recent disaster. Unfortunately, there are many. You can discuss man-made disasters or natural disasters.
250 Words
.
On January 28, 1986, the Space Shuttle Challenger was destroyed upo.docxAKHIL969626
On January 28, 1986, the Space Shuttle Challenger was destroyed upon launch from Cape Canaveral, Florida killing all seven astronauts on board. Conduct a literature and an Internet search on the topics of the Challenger disaster and groupthink. Then, discuss how groupthink might have created decision-making problems for NASA and its booster contractor. Cite at least two sources in your answer.
250 words and list references
.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
How to Split Bills in the Odoo 17 POS ModuleCeline George
Bills have a main role in point of sale procedure. It will help to track sales, handling payments and giving receipts to customers. Bill splitting also has an important role in POS. For example, If some friends come together for dinner and if they want to divide the bill then it is possible by POS bill splitting. This slide will show how to split bills in odoo 17 POS.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Students, digital devices and success - Andreas Schleicher - 27 May 2024..pptxEduSkills OECD
Andreas Schleicher presents at the OECD webinar ‘Digital devices in schools: detrimental distraction or secret to success?’ on 27 May 2024. The presentation was based on findings from PISA 2022 results and the webinar helped launch the PISA in Focus ‘Managing screen time: How to protect and equip students against distraction’ https://www.oecd-ilibrary.org/education/managing-screen-time_7c225af4-en and the OECD Education Policy Perspective ‘Students, digital devices and success’ can be found here - https://oe.cd/il/5yV
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
How to Create Map Views in the Odoo 17 ERPCeline George
The map views are useful for providing a geographical representation of data. They allow users to visualize and analyze the data in a more intuitive manner.
Palestine last event orientationfvgnh .pptxRaedMohamed3
An EFL lesson about the current events in Palestine. It is intended to be for intermediate students who wish to increase their listening skills through a short lesson in power point.
Overview on Edible Vaccine: Pros & Cons with Mechanism
Final Project Incident Response Exercise & ReportYour TaskYou hav.docx
1. Final Project: Incident Response Exercise & ReportYour Task
You have been assigned to work incident clean-up as part of the
Sifers-Grayson Blue Team. Your task is to assist in analyzing
and documenting the incident described below. The Blue Team
has already created a set of enterprise architecture diagrams
(see figures 1-4) to help with your analysis of the incident and
preparation of the incident report as required by the company’s
contracts with the federal government. After completing their
penetration tests, the Red Team provided Sifers-Grayson
executives with a diagram showing their analysis of the threat
environment and potential weaknesses in the company’s
security posture for the R&D DevOps Lab (see figure 5).
Your Deliverable
Complete and submit the Incident Report form found at the end
of this file. Consult the “Notes to Students” for additional
directions regarding completion of the form.
Overview of the Incident
Sifers-Grayson hired a cybersecurity consulting firm to help it
meet the security requirements of a contract with a federal
agency. The consulting firm’s Red Team conducted a
penetration test and was able to gain access to the engineering
center’s R&D servers by hacking into the enterprise network
through an unprotected network connection (see figure 2). The
Red Team proceeded to exfiltrate files from those servers and
managed to steal 100% of the design documents and source code
for the AX10 Drone System. The Red Team also reported that it
had stolen passwords for 20% of the employee logins using
keylogging software installed on USB keys that were left on the
lunch table in the headquarters building employee lounge (see
Figure 3). The Red Team also noted that the Sifers-Grayson
employees were quite friendly and talkative as they opened the
RFID controlled doors for the “new folks” on the engineering
staff (who were actually Red Teamers).
2. The Red Team continued its efforts to penetrate the enterprise
and used a stolen login to install malware over the network onto
a workstation connected to a PROM burner in the R&D DevOps
lab (See Figure 3). This malware made its way onto a PROM
that was then installed in an AX10-a test vehicle undergoing
flight trials at the Sifers-Grayson test range (See Figures 1 and
4). The malware “phoned home” to the Red Team over a cellular
connection to the R&D center. The Red Team took control of
the test vehicle and flew it from the test range to a safe landing
in the parking lot at Sifers-Grayson headquarters.
Background
Sifers-Grayson is a family owned business headquartered in
Grayson County, Kentucky, USA. The company’s physical
address is 1555 Pine Knob Trail, Pine Knob, KY 42721. The
president of the company is Ira John Sifers, III. He is the great-
grandson of one of the company’s founders and is also the head
of the engineering department. The chief operating officer is
Michael Coles, Jr. who is Ira John’s great nephew. Mary Beth
Sifers is the chief financial officer and also serves as the head
of personnel for the company.
Recent contracts with the Departments of Defense and
Homeland Security have imposed additional security
requirements upon the company and its R&D DevOps and
SCADA labs operations. The company is now required to
comply with NIST Special Publication 800-171 Protecting
Controlled Unclassified Information in Nonfederal Information
Systems and Organizations. The company must also comply
with provisions of the Defense Federal Acquisition Regulations
(DFARS) including section 252-204-7012 Safeguarding Covered
Defense Information and Cyber Incident Reporting. These
requirements are designed to ensure that sensitive technical
information, provided by the federal government and stored on
computer systems in the Sifers-Grayson R&D DevOps and
SCADA labs, is protected from unauthorized disclosure. This
3. information includes software designs and source code. The
contract requirements also mandate that Sifers-Grayson report
cyber incidents to the federal government in a timely
manner.SCADA Lab
The SCADA lab was originally setup in 1974. It has been
upgraded and rehabbed several times since then. The most
recent hardware and software upgrades were completed three
years ago after the lab was hit with a ransomware attack that
exploited several Windows XP vulnerabilities. At that time, the
engineering and design workstations were upgraded to Windows
8.1 professional. A second successful ransomware attack
occurred three months ago. The company paid the ransom in
both cases because the lab did not have file backups that it
could use to recover the damaged files (in the first case) and did
not have system backups that it could use to rebuild the system
hard drives (in the second case).
The SCADA Lab is locked into using Windows 8.1. The planned
transition to Windows 10 is on indefinite hold due to technical
problems encountered during previous attempts to modify
required software applications to work under the new version of
the operating system. This means that an incident response and
recovery capability for the lab must support the Windows 8.1
operating system and its utilities.R&D DevOps Lab
The R&D DevOps Lab was built in 2010 and is used to develop,
integrate, test, support, and maintain software and firmware
(software embedded in chips) for the company’s robots, drones,
and non-SCADA industrial control systems product lines. The
workstations in this lab are running Windows 10 and are
configured to receive security updates per Microsoft’s monthly
schedule. Enterprise IT Operations
The company uses a combination of Windows 10 workstations
and laptops as the foundation of its enterprise IT capabilities.
The servers in the data center and the engineering R&D center
are built upon Windows Server 2012.
Issues Summary:
4. 1. Newly won government contracts now require compliance
with DFARS §252.204-7008, 7009, and 7012
·
http://www.acq.osd.mil/dpap/dars/dfars/html/current/252204.ht
m
· http://www.acq.osd.mil/se/docs/DFARS-guide.pdf
2. Derivative requirements include:
· Implementation of and compliance with NIST SP 800-171
Protecting Controlled Unclassified Information in Nonfederal
Information Systems and Organizations
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.8
00-171.pdf
· Compliance with DFARS 252.239-7009 Representation of Use
of Cloud Computing and 7010 Cloud Computing Services (see
http://www.acq.osd.mil/dpap/dars/dfars/html/current/252239.ht
m)
3. Additional Contractual Requirements for Lab Operations
include:
· Incident Response per NIST SP-800-61 (Computer Security
Incident Handling Guide)
· SCADA Security per NIST SP 800-82 (Guide to Industrial
Control Systems Security)
· Software / Systems Development Lifecycle (SDLC) Security
per NIST SP 800-64 (Security Considerations in the System
Development Life Cycle)
· Configuration Management per NIST SP 800-128 (Guide for
Security-Focused Configuration Management of Information
Systems)
Notes to Students:
1. Your final deliverable should be professionally formatted and
should not exceed 10 pages. The goal is to be clear and concise
in your reporting of your analysis of this incident.
2. You may include annotated diagrams if necessary to illustrate
your analysis and/or make your point(s). You may use the
figures in this assignment as the foundation for diagrams in
5. your final report (no citations required).
3. Use the NIST Incident Handling Process (see Table 1) to
guide your incident analysis.
4. You may assume that the company has implemented one or
more of the IT products that you recommended in your Case
Studies for this course. You may also assume that the company
is using the incident response guidance documents that you
wrote for your labs and that the associated operating systems
utilities are in use (e.g. you can assume that system backups are
being made, etc.).
5. DOCUMENT YOUR ASSUMPTIONS about people,
processes, and technologies as if they were fact. But, don’t
change any of the factual information provided in the incident
report from the Red Team.
6. Use the incident report form that appears at the end of this
file. Copy it to a new MS Word document. After you perform
your incident analysis, fill in the required information, attach
the file to your assignment folder entry, and submit it for
grading as your final project.
7. For section 1 of the form, use your own name but provide
reasonable but fictitious information for the remaining fields.
8. For section 2 of the form, assign IP addresses in the
following ranges to any servers, workstations, or network
connections that you need to discuss.
a. R&D Center 10.10.150.0/24
b. Test Range 10.10.148.0/24
c. Corporate Headquarters 10.10.155.0/24
9. For sections 2, 3, and 5, you should use and interpret
information provided in this file (Overview, Background, Issues
Summary). You may use a judicious amount of creativity, if
necessary, to fill in any missing information.
10. For section 4 of the form you may provide a fictitious cost
estimate based upon $100 per hour for IT staff to perform
“clean-up” activities. Reasonable estimates are probably in the
range of 150 to 300 person hours. What’s important is that you
document how you arrived at your cost estimate.
6. 11. Discuss the contract requirements and derivative
requirements for cybersecurity at Sifers-Grayson in 3 to 5
paragraphs under “Section 6 General Comments.”
·
Figure 1. Overview of Sifers-Grayson Enterprise IT
Architecture
Figure 2. Combined Network and Systems Views:
Sifers-Grayson Headquarters, R&D Center, and Data Center
Figure 3. Combined Network and Systems View for Sifers-
Grayson R&D DevOps Lab
Figure 4. Combined Communications and Systems Views for
Sifers-Grayson Test Range
Figure 5. Threat Landscape for Sifers-Grayson R&D DevOps
Lab
NIST Incident Handling Checklist by Phase
Detection and Analysis
1.
7. Determine whether an incident has occurred
1.1
Analyze the precursors and indicators
1.2
Look for correlating information
1.3
Perform research (e.g., search engines, knowledge base)
1.4
As soon as the handler believes an incident has occurred, begin
documenting the investigation and gathering evidence
2.
Prioritize handling the incident based on the relevant factors
(functional impact, information impact, recoverability effort,
etc.)
3.
Report the incident to the appropriate internal personnel and
external organizations
Containment, Eradication, and Recovery
4.
Acquire, preserve, secure, and document evidence
5.
Contain the incident
6.
Eradicate the incident
6.1
Identify and mitigate all vulnerabilities that were exploited
6.2
Remove malware, inappropriate materials, and other
components
6.3
If more affected hosts are discovered (e.g., new malware
infections), repeat the Detection and Analysis steps (1.1, 1.2) to
identify all other affected hosts, then contain (5) and eradicate
(6) the incident for them
7.
Recover from the incident
8. 7.1
Return affected systems to an operationally ready state
7.2
Confirm that the affected systems are functioning normally
7.3
If necessary, implement additional monitoring to look for future
related activity
Post-Incident Activity
8.
Create a follow-up report
9.
Hold a lessons learned meeting (mandatory for major incidents,
optional otherwise)
Source: NIST SP 800-61r2
Cichonski, P., Millar, T., Grance, T., & Scarfone, K. (2012).
Computer security incident handling guide (NIST SP 800-62
rev. 2). http://dx.doi.org/10.6028/NIST.SP.800-61r2
1. Contact Information for the Incident Reporter and Handler
– Name
– Role
– Organizational unit (e.g., agency, department, division, team)
and affiliation
– Email address
– Phone number
– Location (e.g., mailing address, office room number)
2. Incident Details
– Status change date/timestamps (including time zone): when
the incident started, when the incident was discovered/detected,
when the incident was reported, when the incident was
resolved/ended, etc.
– Physical location of the incident (e.g., city, state)
– Current status of the incident (e.g., ongoing attack)
– Source/cause of the incident (if known), including hostnames
and IP addresses
9. – Description of the incident (e.g., how it was detected, what
occurred)
– Description of affected resources (e.g., networks, hosts,
applications, data), including systems’ hostnames, IP addresses,
and function
– If known, incident category, vectors of attack associated with
the incident, and indicators related to the incident (traffic
patterns, registry keys, etc.)
– Prioritization factors (functional impact, information impact,
recoverability, etc.)
– Mitigating factors (e.g., stolen laptop containing sensitive
data was using full disk encryption)
– Response actions performed (e.g., shut off host, disconnected
host from network)
– Other organizations contacted (e.g., software vendor)
3. Cause of the Incident (e.g., misconfigured application,
unpatched host)
4. Cost of the Incident
5. Business Impact of the Incident
6. General Comments
10/6/2017 Final Project: Incident Response Exercise & Report -
Submit Files - CSIA 310 6381 Cybersecurity Processes and
Technologies (2178) - UMUC …
https://learn.umuc.edu/d2l/lms/dropbox/user/folder_submit_files
.d2l?db=532069&grpid=0&isprv=0&bp=0&ou=247136 1/2
Rubric Name: Final Project - Incident Report
Criteria Excellent Outstanding Acceptable Needs Improvement
Needs Significant Improvement Missing or Unacceptable
10. Section 1:
Contact
Information
10 points
Provided an
acceptable �tle page
for the file. Provided
a complete sec�on 1
of the Incident
Report Form that
included realis�c but
fic�onalized data for
all of the following
fields:
Name
Role
Organiza�onal
Unit and
affilia�on
Email address
Phone
Number
loca�on
8.5 points
Provided an
acceptable �tle page
for the file. Provided
11. a complete sec�on 1
of the Incident
Report Form that
included realis�c but
fic�onalized data for
at least four of the
following fields:
Name
Role
Organiza�onal
Unit and
affilia�on
Email address
Phone
Number
loca�on
7 points
Provided an
acceptable �tle page
for the file. Provided
a complete sec�on 1
of the Incident
Report Form that
included realis�c but
fic�onalized data for
at least three of the
following fields:
Name
Role
12. Organiza�onal
Unit and
affilia�on
Email address
Phone
Number
loca�on
6 points
Provided an acceptable
�tle page for the file.
Provided informa�on
in at least 3 of the
following fields:
Name
Role
Organiza�onal
Unit and
affilia�on
Email address
Phone Number
loca�on
4 points
Provided a �tle page and sec�on 1.
The fields were sparsely completed.
0 points
13. Required content was
missing.
Section 2:
Incident Details
25 points
Provided an
excellent report of
the incident details
as required by the
NIST template.
Responses for all
items were clear,
concise, and
reflected the
analysis of the Blue
Team with addi�onal
contribu�ons by this
student.
22.5 points
Provided an
outstanding report
of the incident
details as required
by the NIST
template. Responses
14. for all items were
clear and reflected
the analysis efforts
of the Blue Team
with addi�onal
contribu�ons by this
student.
21 points
Provided an
acceptable report of
the incident details
as required by the
NIST template.
Responses for most
items were clear and
reflected some of
the analysis efforts
of the Blue Team
with addi�onal
contribu�ons by this
student.
15 points
Provided a report of
the incident details as
using the fields listed in
the NIST template.
Responses reflected
some of the analysis
efforts of the Blue
Team with a few
15. addi�onal
contribu�ons by this
student.
10 points
A�empted to complete Sec�on 2 of
the incident report form but the
informa�on was seriously lacking (a)
details and/or (b) originality (copied
rather than paraphrased).
0 points
No work submitted for
this section.
Section 3:
Cause of the
Incident
25 points
Provided an
excellent report of
the incident causes
using informa�on
reported by the Red
Team (from the
assignment) and
addi�onal analysis
performed by the
16. Blue Team and this
student.
Appropriately used
informa�on from the
Sifers-Grayson
Overview and
Enterprise
Architecture
diagrams. Repor�ng
of the analysis was
clear, concise, and
reflected the
analysis of the Blue
Team with addi�onal
contribu�ons by this
student.
22.5 points
Provided an
outstanding report
of the incident
causes using
informa�on reported
by the Red Team
(from the
assignment) and
addi�onal analysis
performed by the
Blue Team and this
student.
Appropriately used
informa�on from the
Sifers-Grayson
17. Overview and
Enterprise
Architecture
diagrams. Repor�ng
of the analysis was
clear and reflected
the analysis of the
Blue Team with
addi�onal
contribu�ons by this
student.
21 points
Provided an
acceptable analysis
and wri�en report of
the incident causes
using informa�on
reported by the Red
Team (from the
assignment) and
addi�onal analysis
performed by the
Blue Team and this
student.
Appropriately used
informa�on from the
Sifers-Grayson
Overview and
Enterprise
Architecture
diagrams. Repor�ng
of the analysis
included informa�on
18. from the Blue Team
with addi�onal
contribu�ons by this
student.
15 points
Provided an analysis of
the incident causes
using some
informa�on from the
Red Team and Blue
Team with a few
addi�onal
contribu�ons by this
student.
10 points
A�empted to complete Sec�on 3 of
the incident report form but the
informa�on was seriously lacking (a)
details and/or (b) originality (copied
rather than paraphrased).
0 points
No work submitted for
this section.
Sections 4 & 5:
Cost and Impact
19. 10 points
Provided an
excellent analysis
of the potential
costs and impacts
of the incident as
reported by the
Red Team.
Analysis was clear
and concise.
Included
information from
the Blue Team and
8.5 points
Provided an
outstanding
analysis of the
potential costs and
impacts of the
incident as
reported by the
Red Team.
Analysis was clear
and included
information from
the Blue Team and
7 points
20. Provided an
acceptable analysis
of the potential
costs and impacts
of the incident as
reported by the
Red Team.
Analysis included
some information
from the Blue
Team and limited
6 points
Attempted to provide
an analysis of the
potential costs and
impacts of the
incident.
4 points
Addressed the potential impacts
of the incident but the analysis
was significantly lacking in (a)
details and/or (b) originality
(excessive copying with no
paraphrasing).
0 points
No work submitted.
21. 10/6/2017 Final Project: Incident Response Exercise & Report -
Submit Files - CSIA 310 6381 Cybersecurity Processes and
Technologies (2178) - UMUC …
https://learn.umuc.edu/d2l/lms/dropbox/user/folder_submit_files
.d2l?db=532069&grpid=0&isprv=0&bp=0&ou=247136 2/2
supplemented it
with additional
analysis by this
student.
supplemented it
with additional
analysis by this
student.
additional analysis
by this student.
Section 6:
General
Comments
10 points
Provided an
excellent
discussion of the
contract
requirements and
derivative
requirements for
22. cybersecurity at
Sifers-Grayson
(clear, concise,
accurate). Included
information from
the Blue Team and
supplemented it
with additional
analysis by this
student.
Included additional
information as
necessary to
provide
explanations and
improve overall
clarity for the
incident response
report.
8.5 points
Provided an
outstanding
discussion of the
contract
requirements and
derivative
requirements for
cybersecurity at
Sifers-Grayson
(clear and
accurate). Included
information from
23. the Blue Team and
supplemented it
with additional
analysis by this
student.
Included additional
information as
necessary to
provide
explanations and
improve overall
clarity for the
incident response
report.
7 points
Provided an
acceptable
discussion of the
contract
requirements and
derivative
requirements for
cybersecurity at
Sifers-Grayson.
Included
information from
the Blue Team and
supplemented it
with additional
analysis by this
student.
24. 6 points
Discussed some of
the contract
requirements and/or
derivative
requirements for
cybersecurity at
Sifers-Grayson.
Included information
from the Blue Team
and supplemented it
with additional
analysis by this
student. Important
points were missing
or were not
adequately covered.
4 points
Attempted to complete Section 6
of the incident report form but the
information was seriously lacking
(a) details and/or (b) originality
(copied rather than paraphrased).
0 points
Missing or no work
submitted.
Professionalism:
25. Execution
20 points
Work is
professional in
appearance and
organization
(appropriate and
consistent use of
fonts, headings,
color).
No word usage,
grammar, spelling, or
punctua�on errors.
All quota�ons
(copied text) are
properly marked and
cited using a
professional format.
(APA format
recommended but
not required.)
18 points
Work is
professional in
appearance and
organization
(appropriate and
consistent use of
26. fonts, headings,
color).
Work contains minor
errors in word usage,
grammar, spelling or
punctua�on which
do not significantly
impact professional
appearance. All
quota�ons (copied
text) are properly
marked and cited
using a professional
format. (APA format
recommended but
not required.)
16 points
Work is
professional in
appearance and
organization
(minor issues
allowable but
overall the work
contains
appropriate and
consistent use of
fonts, headings,
color).
Errors in word usage,
27. spelling, grammar, or
punctua�on which
detract from
professional
appearance of the
submi�ed work. All
quota�ons (copied
text) are properly
marked and cited
using a professional
format. (APA format
recommended but
not required.)
14 points
Submi�ed work has
numerous errors in
forma�ng,
organiza�on, word
usage, spelling,
grammar, or
punctua�on which
detract from
readability and
professional
appearance.
Punctua�on errors may
include failure to
properly mark quoted
or copied material (an
a�empt to name
original source is
required).
28. 10 points
Submi�ed work is difficult to read /
understand and has significant
errors in forma�ng, appearance /
organiza�on, spelling, grammar,
punctua�on, or word usage.
Significant errors in presenta�on of
copied text (lacks proper
punctua�on and failed to a�ribute
material to original source).
0 points
No work submi�ed for this
assignment.
Overall Score
Excellent
90 or more
Outstanding
80 or more
Acceptable
70 or more
Needs Improvement
29. 50 or more
Needs Significant Improvement
1 or more
No Submission
0 or more