...Assignment 2: Critical Infrastructure Protection Strayer University Introduction In the wake of a terrorist attack, natural disaster, or emergency, the Department of Homeland Security (DHS) is prepared to respond. DHS primary responsibilities are combatting terrorism, securing boarders, enforcing immigration laws, safeguarding cyberspace, and responding to natural disasters. Coordination with the federal response teams and partnerships with local, state, and private sectors, enhance the DHS response tactics in a national emergency. Department of Homeland Security Mission, Operations, and Responsibilities The Department of Homeland Security’s mission is to keep America safe, protected, and resilient from various elements that threaten the country. As identified by (dhs.gov, 2013) DHS has three key concepts that strategies are based upon security, resilience, and customs and exchange. The process that defines homeland security missions and incorporates the key concepts is the Quadrennial Homeland Security Review (QHSR). DHS missions are spread across the enterprise and do not only cover DHS. The delegated missions define in detail how to prevent, protect, respond, recover, secure, ensure resilience, and facilitate customs and exchange as noted by (dhs.gov, 2013). Department of Homeland Security operations encompass five core objectives. The objectives covered under DHS are prevention of terrorism and enhancing security; secure and manage our boarders; enforce and administer...
Words: 1685 - Pages: 7
...CIS 502 Critical Infrastructure Protection Click Link Below To Buy: http://hwaid.com/shop/cis-502-critical-infrastructure-protection/ Due Week 6 and worth 50 points Critical Infrastructure Protection (CIP) is an important cybersecurity initiative that requires careful planning and coordination in protecting our infrastructure. The following documents titled, “National Infrastructure Protection Plan”, and “Critical Infrastructure Protection”, may be used to complete the assignment. Write a three to five (3-5) page paper in which you: 1. Examine the Department of Homeland Security’s : a. mission b. operations c. responsibilities 2. Explain what Critical Infrastructure Protection (CIP) initiatives are, what are protected, and the methods used to protect our assets. 3. Describe the vulnerabilities IS professionals need to be concerned with when protecting the U.S.’s critical infrastructure. 4. Evaluate the effectiveness of IS professionals in regard to protecting the U.S.’s critical infrastructure. 5. Suggest three (3) methods to improve the protection of our critical infrastructure and justify each suggestion. 6. Use at least three (3) quality resources outside of the suggested resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources. Your assignment must follow these formatting requirements: • Be typed, double spaced, using Times...
Words: 1288 - Pages: 6
...IT255 11/29/2011 Research Assignment 2 A sound security plan is the first step towards a multi-layer defense. To develop a plan, the company must access its most important assets; identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan in action. Emails are prime examples. It has become a critical business communications tool and is also a primary conduit for malicious code. Protecting emails against viruses, worms, spam, Trojan horses, phishing attacks and other threats requires a variety of security technologies. These antivirus and antispyware software, content filtering, and firewalls. Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables protection on his or her desktop. The gateway serves as an entry and exit point to the company network. By installing a security solution such as antivirus and content filtering at this tier, mass-mailer worms are scanned and deleted and spam is moved to quarantines. Mail servers should also be equipped with security. These systems receive, send, and store email, and an email security solution work together with the email program to provide a greater degree of protection against malicious code...
Words: 1445 - Pages: 6
...Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts Confidentiality, integrity, and availability (CIA) concepts Layered security solutions implemented for the seven domains of a typical IT infrastructure Common threats for each of the seven domains IT security policy framework Impact of data classification standard on the seven domains Reading Kim and Solomon, Chapter 1: Information Systems Security. Keywords Use the following keywords to search for additional materials to support your work: Data Classification Standard Information System Information Systems Security Layered Security Solution Policy Framework ------------------------------------------------- Week 1 Assignment (See Below) * Match Risks/Threats to Solutions * Impact of a Data Classification Standard Lab * Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) * Page 7-14 in lab book. Project (See Below) * Project Part 1. Multi-Layered Security Plan ------------------------------------------------- Unit 1 Assignment 1: Match Risks/Threats to Solutions Learning Objectives and Outcomes You will learn how to match common risks or threats within the seven domains of a typical IT infrastructure with solutions and preventative actions. Assignment Requirements This is a matching activity. You will receive the Match Risks/Threats...
Words: 1409 - Pages: 6
...Assignment 2: Organizational Risk Appetite and Risk Assessment Due Week 4 and worth 70 points Imagine you have just been hired as an Information Assurance Officer and the leader of business impact analysis (BIA) and risk assessment team for a video game development company. The organization network structure is identified in the network diagram below and specifically contains: •2 firewalls •3 file servers •1 Web / FTP server •1 wireless access point (WAP) •1 exchange email server •100 desktop / laptop computers •1 Network Intrusion Detection System (NIDS) •In-house PKI environment •2 Windows 2008 Active Directory Domain Controllers (DC) •VoIP telephone system Description: Network The Chief Information Officer (CIO) has seen reports of malicious activity on the rise and has become extremely concerned with the protection of the intellectual property and highly sensitive data maintained by your organization. As one of your first tasks with the organization, the CIO requests your help. Write a three to five (3-5) page paper in which you: 1.Conduct an organizational business impact analysis (BIA) and determine which information assets need to have a risk assessment performed. 2.Conduct an organizational risk assessment and provide an initial report that includes the following: 1.Identify information assets and prioritize identified assets. 2.Define risks and prioritize the risks. 3.Identify the critical asset(s) and its associated...
Words: 539 - Pages: 3
...Assignment: Improving Security through Layered Security Control Learning Objectives and Outcomes * Analyze the given case study to evaluate how information technology (IT) security can be improved through layered security control. Assignment Requirements Read the text sheet named “Global Access Control Case Study” and prepare a report capturing the following points: * Synopsis of the given case problem * Analysis of the strengths and weaknesses of the steps taken by the organization * Assessment of access control/IT domains given in the business problem for data confidentiality, integrity, and availability * Evaluation of how layered security proved to be a positive solution in the given problem, including the impacts of layered security In addition, your report must also include answers to the following questions: * What is the significance of compliance and financial reporting from an insecure system? * What influence did the risk management process have in Global fulfilling its goals? * What is the significance of remote external access into the Global network? * What are the other tools comparable to the ones used by Global to solve their internal problems? Required Resources * Text sheet: Global Access Control Case Study (ts_globalcasestudy) Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Citation Style: APA * Length: 1–2 pages Self-Assessment Checklist ...
Words: 1445 - Pages: 6
...nearly a dozen pieces of malware and several levels of encryption to burrow deeply into the bowels of company networks and infrastructure In simple way, we can say that threat actor is the person who does the attack while the threat action is how this attack assaults the system 2. What were the vulnerabilities that the Threat exercised? The most recent use exploits are : 1. Adobe Flash Player Object Type Confusion Remote Code Execution Vulnerability (CVE-2012-0779) 2. Microsoft Internet Explorer Same ID Property Remote Code Execution Vulnerability (CVE-2012-1875) 3. Microsoft XML Core Services Remote Code Execution Vulnerability (CVE-2012-1889) 4. Adobe Flash Player Remote Code Execution Vulnerability (CVE-2012-1535) The attackers gained access to the source code or reserve-engineered to those complied applications. Then use them to hit the targeted victim. 3. Was the attack on Confidentiality, Integrity, and/or Availability? Please provide an explanation for your response. I believe that this attack on confidentiality because the hackers had stolen intellectual property and sought access to the Gmail accounts of human rights activists and this leads to disclosure of data to non-authorized users so it violates the confidentiality 4. What was the attacker's profile based on the definitions provided on the Week 2 lecture material? Based on information provided in the Elderwood Project I categorized this attacker’s profile as a Nation...
Words: 671 - Pages: 3
...Infrastructure and Systems Implementation Plan Sabrenna Anderson Kaplan University Primary Contact | Name | Rosanne Moran | | Phone | 732-930-3800 | | Email | rmoran@wint.net | Backup Contact | Name | Sabrenna Anderson | | Phone | 732-656-3575 | | Email | sanderson@wint.net | Proposal Type | Idea To Be Explored Potentially Identified Solution | Project Type | New Project Enhancement to Existing or Former Project | Working Title of Project | Infrastructure and Systems Implementation Plan | Project Sponsors | WInt IT department, Rosanne Moran, IT Director. | ------------------------------------------------- ------------------------------------------------- Introduction Widgets International, Inc. currently consists of Widgets USA, LLC and Widgets-R-Us, LTD. Combined Widgets International, Inc. has 50 years of experience in providing function critical assembly and machinery solutions. WUSA has cornered the Business to Business market while WRU has grown in leaps and bounds in the retail market. Together as Widgets International, Inc., they stand to increase their market share substantially by creating and offering innovative and cost effective assembly solutions globally. (Anderson, Unit1, 2014) ------------------------------------------------- ------------------------------------------------- Purpose and Justification This proposal will explore the requirements for the application and implementation of an easily manageable information...
Words: 2927 - Pages: 12
...the use of thumb drives in computers that were not connected to the Internet, a malicious software program known as Stuxnet infected computer systems that were used to control the functioning of a nuclear power plant. Once inside the system, Stuxnet had the ability to degrade or destroy the software on which it operated. Although early reports focused on the impact on facilities in Iran, researchers discovered that the program had spread throughout multiple countries worldwide. From the perspective of many national security and technology observers, the emergence of the Stuxnet worm is the type of risk that threatens to cause harm to many activities deemed critical to the basic functioning of modern society. The Stuxnet worm covertly attempts to identify and exploit equipment that controls a nation’s critical infrastructure. A successful attack by a software application such as the Stuxnet worm could result in manipulation of control system code to the point of inoperability or long-term damage. Should such an incident occur, recovery from the damage to the computer systems programmed to monitor and manage a facility and the physical equipment producing goods or services could be significantly delayed. Depending on the...
Words: 5499 - Pages: 22
...BCP INTERNAL ASSIGNMENT Anirudh 1. Asset – People, property, and information. People may include employees and customers along with other invited persons such as contractors or guests. Property assets consist of both tangible and intangible items that can be assigned a value. Intangible assets include reputation and proprietary information. Information may include databases, software code, critical company records, and many other intangible items. An asset is what we’re trying to protect. Threat – Anything that can exploit a vulnerability, intentionally or accidentally, and obtain, damage, or destroy an asset. A threat is what we’re trying to protect against. Vulnerability – Weaknesses or gaps in a security program that can be exploited by threats to gain unauthorized access to an asset. A vulnerability is a weakness or gap in our protection efforts. Risk – The potential for loss, damage or destruction of an asset as a result of a threat exploiting a vulnerability. Risk is the intersection of assets, threats, and vulnerabilities. A + T + V = R That is, Asset + Threat + Vulnerability = Risk. Risk is a function of threats exploiting vulnerabilities to obtain, damage or destroy assets. Thus, threats (actual, conceptual, or inherent) may exist, but if there are no vulnerabilities then there is little/no risk. Similarly, you can have a vulnerability, but if you have no threat, then you have little/no risk. Impact is the total profit/loss which is obtained through...
Words: 882 - Pages: 4
...Assignment 2 Ebtesam Falah Alhajri, 2120007594, G:1 Write down detailed answers to following questions. At least write 250 words for each question. All assignments will be evaluated with plagiarism software and submissions having a similarity rate of more than 35% will be awarded 0 marks. While answering the questions use the rules of scientific writing such as in-text citations, paraphrasing etc. Maximum Marks=5 Due Date: 23 November 2016 1. The web services model involves managing and performing all types of business processes and activities through accessing web-based services rather than running a traditional executable application on the processor of your local computer. Debate on this statement by discussing...
Words: 1271 - Pages: 6
...RMIT International University Vietnam Bachelor of Commerce Program Assignment Cover Page Subject Code: BUSM3311 Subject Name: INTERNATIONAL MANAGEMENT Location & Campus (SGS or HN) RMIT SGS Campus where you study: Title of Assignment: Report Proposal File(s) Submitted: BUSM3311_G4_A1_s3192820_PhanThu yChau Student names: Phan Thuỵ Châu Student Numbers: s3192820 Lecturer and Group number: Mr. Dung Huynh Group 4 Assignment due date: 5pm 23rd March 2012 Date of Submission: 22nd March 2012 Late Submission Approval: NI Number of pages including this one: 12 pages Word Count: 1099 (Main Content) BUSM3311 – International Management [REPORT PROPOSAL] Table of Contents A. Objective.............................................................................................................................................................3 B. Potential Market Analysis ........................................................................................................................4 C. Business Model ...............................................................................................................................................5 1. Foreign Acquisition: ...................................................................................................................................5 2. Going alone: Greenfield Entry:...............................................................................................................6 D. Environmental Issue ..........
Words: 1833 - Pages: 8
...or a component of a threat. For example, all hackers in the world present a collective threat, while Kevin Mitnick, who was convicted for hacking into phone systems, is a specific threat agent. Likewise, a lightning strike, hailstorm, or tornado is a threat agent that is part of the threat of severe storms. 2. What is the difference between vulnerability and exposure? Vulnerability: A weaknesses or fault in a system or protection mechanism that opens it to attack or damage. Some examples of vulnerabilities are a flaw in a software package, an unprotected system port, and an unlocked door. Some well-known vulnerabilities have been examined, documented, and published; others remain latent (or undiscovered). Exposure: A condition or state of being exposed. In information security, exposure exists when a vulnerability known to an attacker is present. 3. How is infrastructure protection (assuring the security of utility services) related to information security? The organization needs to have clear parameters and set regulation when it comes to the protection of itself. Clear goals and objectives when it comes to protection will lead to a better protection on regards to the information security. 4. What type of security was dominant in the early years of computing? Early security was entirely physical security. - EX: Lock and Key 5. What are the three components of the C.I.A. triangle? What are they used for?...
Words: 894 - Pages: 4
...PA018 ADVANCED TOPIC IN INFORMATION TECHNOLOGY SECURITY ASSIGNMENT-2, PART 1 1.1 Describe a system of your choice (can be a standalone computer with peripherals or small network) so that this description can be used for further discussion of risk assessment and choice of countermeasures. Solution: The system which we can consider for this description is Hospital’s Patient’s Data Management System. INTRODUCTION In medical practice patients are required to share their health information(data) regarding their symptoms, conditions, and past and present risk behaviors. Based on this information the doctor’s provide necessary treatments. These information(data) provided by the patient and the treatment provided by the doctor is required to...
Words: 1097 - Pages: 5
...Introduction Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The terms information security, computer security and information assurance are frequently used interchangeably. These fields are interrelated and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. Information security is concerned with the confidentiality, integrity and availability of data regardless of the form the data may take: electronic, print, or other forms. Governments, military, financial institutions, hospitals, and private businesses amass a great deal of confidential information about their employees, customers, products, research, and financial status. Most of this information is now collected, processed and stored on electronic computers and transmitted across networks to other computers. Should confidential information about a businesses customers or finances or new product line fall into the hands of a competitor, such a breach of security could lead to lost business, law suits or even bankruptcy of the business. Protecting confidential information is a business requirement, and in many cases also an ethical and legal requirement. For the individual, information...
Words: 6195 - Pages: 25
