Saint COm510 full course (all discussion + assignment + exercises +exams)

Module 1 Case

Read Reading #8 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.
Post your question in the Module 1 Discussion Board no later than Thursday 11:59 PM EST/EDT.

Respond to at least two questions posted by your fellow students by no later than Sunday 11:59 PM EST/EDT.

Module 2 Case

Read Reading #2 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.

Module 3 Case

Read Reading #3 inReadings and Cases in the Management of Information Security. On the discussion board post one question that is not already posted by another student regarding the issue(s) discussed in the case.

Module 4 Case

Read Reading #7 inReadings and Cases in the Management of Information Security. On the discussion board post one question that is not already posted by another student regarding the issue(s) discussed in the case.Remember to Incorporate the Saint Leo core value of integrity into your question.

Module 5 Case

Read Reading #5 inReadings and Cases in the Management of Information Security. On the discussion board post one question that is not already posted by another student regarding the issue(s) discussed in the case.

Module 6 Case

Read Reading #6 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.

Module 7 Case

Read Reading #11 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.

Discussion Question

Read Reading #8 inReadings and Cases in the Management of Information Security. On the Discussion Board post one question that is not already posted by another student regarding the issue(s) discussed in the case.

Module 1 Summary Pape

Summary Paper:Using sources such as the Internet, newspaper, magazine, journal, or Saint Leo online library resources, find a recent article (less than six months old) on cyber attack or on an information security breach. Submit at least a 1,000 word summary of the article. Describe the issue and cause, and give recommendations for how such an incident can be prevented in the future. The source of the article must be cited following APA format.

Please upload this in the Drop box bin named “Module 1 Summary Paper”.

Project Description
Carry out a security self-assessment of an organization using the NIST Special Publication 800-26 as a
guide. This may be your current or previous employer or your own organization. You must seek
permission from the individual responsible for the information security of that organization.
The SP 800-26 document is a self-assessment guide to assess the IT system of an organization. This
document is no longer available from NIST but it is contained in Appendix A at the end of the textbook
starting at page 505. You may use this appendix as a guide. I recommend that you use primary areas
such as Management controls, Operational controls, Technical controls, etc., as a guide to assess a
system.

A new publication, SP 800-53A “Guide for Assessing the Security Controls in Federal Information
Systems,” is available for download from the NIST website at: http://csrc.nist.gov. At the moment this
document is in draft form. Those of you who are working or are experienced in Federal IT Systems may
use this publication as an alternative to SP 800-26.
Basically you have a choice of using SP 800-26 or 53A.
Report
Write a report based on the self-assessment of an organization. It should be 4-5 pages long, 12 point
character size, single line spacing, and 1” margins (left, right, top, and bottom). It is recommended that
you do not use the actual name of the organization in the report; use a title, such as “ABC Inc.” Your
report should include a brief description of the organization, nature of the business, analysis of the
results, and recommendations for improvement in the form of an action plan.

You should also prepare a PowerPoint presentation (10-

15 slides) explaining the results and recommendations of your assessment to senior management of the organization.

Deliverables:

1.

Word document containing report

2. PowerPoint file containing presentation

Midterm

Question 1. 1. The process that develops, creates, and implements strategies for the accomplishment of objectives is called ____. (Points : 5)  leading  controlling  organizing  planning

Question 2. 2. ____ implements and oversees the use of controls to reduce risk. (Points : 5)  Risk assessment  Incident response  Risk management  Network security administration

Question 3. 3. Which of the following is an advantage of the user support group form of training? (Points : 5)  usually conducted in an informal social setting  formal training plan  can be live, or can be archived and viewed at the trainee’s convenience  can be customized to the needs of the trainee

Question 4. 4. Which of the following is the first step in the process of implementing training? (Points : 5)  identify training staff  identify target audiences  identify program scope, goals, and objectives  motivate management and employees

Question 5. 5. ____ occurs when a control provides proof that a user possesses the identity that he or she claims. (Points : 5)  Identification  Authentication  Authorization  Accountability

Question 6. 6. According to the C.I.A. triangle, the three desirable characteristics of information are confidentiality, integrity, and ____. (Points : 5)  accountability  availability  authorization  authentication

Question 7. 7. Which of the following is a definite indicator of an actual incident? (Points : 5)  unusual system crashes  reported attack  presence of new accounts  use of dormant accounts

Question 8. 8. Which of the following certifications is considered among the most prestigious for security managers? (Points : 5)  CISSP  CISA  GIAC  Security +

Question 9. 9. The COSO framework component ____, based on the establishment of objectives, assists in the identification and examination of valid risks to objectives as well as information. (Points : 5)  Control environment  Risk assessment  Control activities  Information management

Question 10. 10. A medium-sized organization has ____. (Points : 5)  a larger security staff than a small organization  a larger security budget than a small organization  1,000 to 10,000 computers  larger security needs than a small organization

Question 11. 11. The ____ component of an EISP defines the organizational structure designed to support information security within the organization. (Points : 5)  Information Technology Security Responsibilities and Roles  Need for Information Technology Security  Reference to Other Information Technology Standards and Guidelines  Information Technology Security Elements

Question 12. 12. The IRP is usually activated ____. (Points : 5)  before an incident takes place  when an incident is detected  once the DRP is activated  once the BCP is activated

Question 13. 13. ____ is the process of measuring against established standards. (Points : 5)  Baselining  Benchmarking  Targeting  Profiling

Question 14. 14. ____ is the quality or state of being whole, complete, and uncorrupted. (Points : 5)  Integrity  Authorization  Security  Confidentiality

Question 15. 15. Very large organizations have ____ computers. (Points : 5)  100 to 1,000  1,000 to 5,000  10,000 to 50,000  more than 10,000

Question 16. 16. A(n) ____ is a detailed description of the activities that occur during an attack. (Points : 5)  attack roster  attack profile  attack message  attack diagnostic

Question 17. 17. Identification is typically performed by means of a(n) ____. (Points : 5)  audit log  user name  cryptographic certificate  access control list

Question 18. 18. The COSO framework component ____ includes the policies and procedures to support management directives. (Points : 5)  Control environment  Risk assessment  Control activities  Information management

Question 19. 19. Defining the scope of an ISMS is part of which phase of the BS7799 Part 2 Plan-Do-Check-Act cycle? (Points : 5)  Plan  Do  Check  Act

Question 20. 20. A(n) ____ security policy provides detailed, targeted guidance to instruct all members of the organization in the use of technology-based systems. (Points : 5)  issue-specific  enterprise information  system-specific  information

Question 21. 21. Internal ISMS audits are conducted during the ____ phase of the Plan-Do-Check-Act cycle. (Points : 5)  Plan  Do  Check  Act

Question 22. 22. ____ control tools evaluate the efficiency and effectiveness of business processes. (Points : 5)  Financial  Behavioral  Information  Operational

Question 23. 23. Which of the following is a disadvantage of user support groups? (Points : 5)  relatively inflexible  resource intensive, to the point of being inefficient  centered on a specific topic or product  software can be very expensive

Question 24. 24. Corrective or preventive action is taken during the ____ phase of the Plan-Do-Check-Act cycle. (Points : 5)  Plan  Do  Check  Act

Question 25. 25. To ensure ____, an organization must demonstrate that it is continuously attempting to meet the requirements of the market in which it operates. (Points : 5)  policy administration  due diligence  adequate security measures  certification and accreditation

Question 26. 26. When users call an organization with problems with their computers, the network, or an Internet connection, they speak with the ____. (Points : 5)  security officers  help desk personnel  security staffers  security consultants

Question 27. 27. Communications security involves the protection of an organization’s ____. (Points : 5)  employees  physical assets  technology  data network devices

Question 28. 28. ____ evaluates patches used to close software vulnerabilities and acceptance testing of new systems to assure compliance with policy and effectiveness. (Points : 5)  Systems testing  Risk assessment  Incident response  Planning

Question 29. 29. A risk assessment is performed during the ____ phase of the SecSDLC. (Points : 5)  implementation  analysis  design  investigation

Question 30. 30. An identified weakness of a controlled system is known as a ____. (Points : 5)  liability  threat  vulnerability  fault

Question 31. 31. Which of the following is NOT a question you should ask when considering best practices for your organization? (Points : 5)  Do you have a similar customer base as the target?  Is your organization structure similar to the target?  Do you face similar challenges as the target?  Are you in a similar industry as the target?

Question 32. 32. Best business practices are also known as ____. (Points : 5)  recommended practices  universal practices  industry practices  best models

Question 33. 33. The ____ layer of the bull’s-eye model consists of computers used as servers, desktop computers, and systems used for process control and manufacturing systems. (Points : 5)  Policies  Networks  Applications  Systems

Question 34. 34. A ____ is a value or profile of a performance metric against which changes in the performance metric can be usefully compared. (Points : 5)  target  framework  benchmark  baseline

Question 35. 35. Which of the following is true about a hot site? (Points : 5)  It is an empty room with standard heating, air conditioning, and electrical service.  It includes computing equipment and peripherals with servers but not client workstations.  It duplicates computing resources, peripherals, phone systems, applications, and workstations.  All communications services must be installed after the site is occupied.

Question 36. 36. The DRP is usually managed by the ____. (Points : 5)  CEO  CIO  CISO  IT community of interest

Question 37. 37. Operational plans are used by ____. (Points : 5)  managers  security managers  the CISO  the CIO

Question 38. 38. A SDLC-based project that is the result of a carefully developed strategy is said to be ____. (Points : 5)  employee-driven  plan-driven  sequence-driven  event-driven

Question 39. 39. A disadvantage of creating a number of independent ISSP documents is that the result may ____. (Points : 5)  overgeneralize the issues  suffer from poor policy dissemination  skip over vulnerabilities  be written by those with less complete subject matter expertise

Question 40. 40. A joint application development team can survive employee turnover by ____. (Points : 5)

 having as few employees in the team as possible
 having as many employees in the team as possible
 documenting the processes and procedures used by the team
 having all the members work independently

Final exam
Question 1.1.Which of the following is a subprocess of the unfreezing process in Lewin’s change model? (Points : 5) cognitive redefinition
realization that a new method is the best way
creation of psychological safety or overcoming learning anxiety
imitation and positive or defensive identification with a role model

Question 2.2.A _____ is an example of the “something you are” authentication mechanism. (Points : 5) fingerprint password smart card signature pattern recognition

Question 3.3.A security technician usually reports to a person with a ____ level of authority. (Points : 5) CIO CFO CEO CISO

Question 4.4.The ____ certification program is an option for individuals who wish to take the CISSP or SSCP exams before obtaining the requisite experience for certification. (Points : 5) TICSA SCP MCSE (ISC)² Associate

Question 5.5._____ allow only specific packets with a particular source, destination, and port address to pass through it. (Points : 5) dynamic packet filtering firewalls packet filtering firewalls stateful inspection firewalls application-level firewalls

Question 6.6.The analysis team presents its proposed mitigation plans to the _____ group. (Points : 5) information technology senior management information security middle management

Question 7.7._____ is the third generation of firewalls. (Points : 5) stateful inspection firewall application-level firewall dynamic packet filtering firewall packet filtering firewalls

Question 8.8.The _____ team is involved in the operational area management knowledge process. (Points : 5) middle managers senior managers information security independent consultants

Question 9.9.____ work on special projects for organizations, and are self-employed people with their own contractual obligations and security requirements. (Points : 5) Consultants Contractors Business partners Temporary workers

Question 10.10._____ is the most critical success factor for security risk evaluations. (Points : 5) selecting the analysis team scoping the OCTAVE Method getting senior management sponsorship selecting participants

Question 11.11.The ____ is a division of the NSA, and provides a wide variety of information security solutions for cyber defense. (Points : 5) IAD NIPC FBI CIA

Question 12.12.In a cost-benefit analysis, the _____ is the value to the organization of using controls to prevent losses associated with a specific vulnerability? (Points : 5) cost benefit loss expectancy asset value

Question 13.13.Deliberate software attacks include worms, denial of service, macros, and ____. (Points : 5) unknown loopholes piracy bugs viruses

Question 14.14.The Public Company Accounting Reform and Investor Protection Act demands that the CEO and ____ assume direct and personal accountability for the completeness and accuracy of a publicly traded organization’s financial reporting and record-keeping systems. (Points : 5) CIO CISO CFO COO

Question 15.15._____ is the primary and dominant cryptographic authentication and encryption framework for security development within the TCP/IP family of protocol standards. (Points : 5) Secure Hypertext Transfer Protocol Secure Shell IP Security Secure Sockets Layer

Question 16.16.An information security project wrap-up is usually a procedural task that would be assigned to a ____ staff member or an information security manager. (Points : 5) low-level COO mid-level CIO

Question 17.17.Which of the following is not an example of a disaster recovery plan? (Points : 5) data recovery procedures reestablishment of lost service procedures information gathering procedures shut down procedures

Question 18.18.In keeping with the requirements of the Public Company Accounting Reform and Investor Protection Act, the executives in an organization rely on the expertise of the ____ to ensure that the systems used to report and record information are sound. (Points : 5) COO CISO CFO Comptroller

Question 19.19._____ technical controls defend against threats from outside of the organization. (Points : 5) security planning policy and law education and training firewall

Question 20.20.A(n) _____ is a valuable tool in managing an intrusion detection system. (Points : 5) port scanner agent firewall consolidated enterprise manager

Question 21.21.In the US military classification scheme, ____ refers to information assets that would adversely affect US national interests if lost, misused, or made available to sources with unauthorized access. (Points : 5) Confidential Data Sensitive But Unclassified Top Secret Data Secret Data

Question 22.22.Which of the following is NOT part of the Implementing Controls phase of the Microsoft Security Risk Management program? (Points : 5) seek holistic approach organize by defense-in-depth develop risk scorecard all of these are part of this phase

Question 23.23.Enacted in 1999, the Gramm-Leach-Bliley Act addresses ____ issues. (Points : 5) banking trade secrets cryptography privacy

Question 24.24.Which of the following is a software asset type? (Points : 5) test equipment custom application networking devices desktops

Question 25.25.When it is developed, the CIFI body of knowledge is expected to cover ____. (Points : 5) traceback information security governance response management risk management

Question 26.26.Which law governs the federal agency use of personal information? (Points : 5) The Telecommunications Deregulation and Competition Act of 1996 Computer Security Act of 1987 USA Patriot Act of 2001 Federal Privacy Act of 1974

Question 27.27.____ should not be allowed to wander freely in and out of buildings. (Points : 5) Consultants Business partners Service contractors Temporary workers

Question 28.28.Which of the following is a domain of the CompTIA Security+ exam? (Points : 5) general security concepts business risk management IS audit process disaster recovery and business continuity

Question 29.29.Which access controls are structured and coordinated with a data classification scheme? (Points : 5) mandatory access controls discretionary access controls role-based controls nondiscretionary controls

Question 30.30.The ____ was enacted to prevent abuse of information while employed elsewhere. (Points : 5) Electronic Communications Privacy Act of 1986 Public Company Accounting Reform and Investor Protection Act of 2002 Economic Espionage Act of 1996 Financial Services Act of 1999

Question 31.31.In phase 3 of the OCTAVE Method, the creation of mitigation plans occurs during the _____ process. (Points : 5) development of a protection strategy risk analysis creation of threat profiles identification of key components

Question 32.32.The identification of a system of interest occurs during the _____. (Points : 5) identification of relative priorities identification of key components creation of threat profiles evaluation of selected components

Question 33.33.Which of the following characteristics currently used today for authentication purposes is not considered truly unique? (Points : 5) fingerprints iris retina ID Cards

Question 34.34.Which of the following best describes the incident response plan? (Points : 5) actions undertaken by an organization during an attack recovery preparations step-by-step rules to regain normalcy strategies to limit business losses before and during a disaster

Question 35.35._____ firewalls are simple network devices that examine all incoming and outgoing packet headers, selectively allowing or rejecting packets. (Points : 5) packet filtering stateful inspection DMZ proxy

Question 36.36.Which of the following is a responsibility of an information security department manager? (Points : 5) offering technical information security consulting services to network administrators running vulnerability identification software packages preparing post-mortem analyses of information security breaches training Access Control System administrators to set up firewalls

Question 37.37.Which official determines which package best serves the needs of the organization? (Points : 5) VP of Human Resources CFO CIO or CISO COO

Question 38.38._____ are software programs or hardware/software appliances that allow administrators to restrict content that comes into a network. (Points : 5) port scanners packet sniffers vulnerability scanners content filters

Question 39.39.From Schwartz et al., information security positions can be categorized as those that define, those that build, and those that ____. (Points : 5) implement design administer operate

Question 40.40._____ is a biometric authentication system that is considered to be least secure. (Points : 5)

keystroke pattern recognition
signature recognition
retina pattern recognition
fingerprint recognition

Our website has a team of professional writers who can help you write any of your homework. They will write your papers from scratch. We also have a team of editors just to make sure all papers are of HIGH QUALITY & PLAGIARISM FREE. To make an Order you only need to click Ask A Question and we will direct you to our Order Page at WriteDemy. Then fill Our Order Form with all your assignment instructions. Select your deadline and pay for your paper. You will get it few hours before your set deadline.