...IS4550 Security Policies and Implementation INSTRUCTOR GUIDE Course Revision Table Change Date | Updated Section | Change Description | Change Rationale | Implementation Quarter | 12/20/2011 | All | New curriculum | | June 2012 | | | | | | | | | | | | | | | | | | | | | | | | | | ------------------------------------------------- ------------------------------------------------- Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing...
Words: 18421 - Pages: 74
...Lab #9 - Assessment Worksheet Investigating and Responding to Security Incidents Course Name and Number: CSS280-1501A-01 Ethical Hacking Student Name: ***** ****** Instructor Name: ***** ****** Lab Due Date: 2/9/2015 Overview In this lab, you acted as a member of the incident response team who had been assigned an incident response in the form of a help desk trouble ticket. You followed the phases of a security incident response to investigate the event, contain the malware, eradicate the suspicious files, re-test the system in readiness for returning it to service, and complete a detailed security incident response report in the provided template. You used AVG Anti-Virus Business Edition to scan the infected workstation and documented your findings as you proceeded. Lab Assessment Questions & Answers 1. When you are notified that a user's workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Have the user of the machine cease all activity and contain the infected machine by disconnecting from the network (unplug Ethernet cable or disable wireless), leaving it isolated but not powered off. It should be left in its steady state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics...
Words: 1206 - Pages: 5
...------------------------------------------------- Sara ------------------------------------------------- 10/11/2014 ------------------------------------------------- Week 4 Laboratory: Part 1 Part 1: Identify Necessary Policies for Business Continuity - BIA & Recovery Time Objectives Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify the major elements of a Business Continuity Plan (BCP) * Align the major elements of a Business Continuity Plan with required policy definitions * Review the results of a qualitative Business Impact Analysis (BIA) for a mock organization * Review the results of defined Recovery Time Objectives (RTOs) for mission-critical business functions and applications * Create a BCP policy defining an organization’s prioritized business functions from the BIA with assigned RTOs Week 4 Lab Part 1: Assessment Worksheet (PART A) Sample Business Impact Analysis for an IT Infrastructure Overview When conducting a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The prioritization of the identified mission-critical business functions will define what IT systems, applications, and resources are impacted. The RTO will drive what type of business continuity and recovery steps are needed to maintain IT operations within the specified time...
Words: 1852 - Pages: 8
...accessibility? Work stations and server. 4. What types of authentication and authorization requirements should be audited in a vulnerability assessment? Passwords and data access. 5. When categorizing vulnerabilities for a report that enumerates them, what would be a model? Common Vulnerability Enumeration (CVE) 6. What is the standard formula to rank potential threats? Decompose the application, determine and rank threats, and determine countermeasures and mitigation. 7. If an organization is identified as not using any password policies for any of its applications what would be two suggestions to note in the assessment? That the organization is a great risk without any password policies. 8. Should newly-released patches for a known vulnerability be applied to production system once released? Yes 9. What is the importance of having a security incident response plan in an organization? So that when there is a security incident all employees involved know the correct way to handle the incident. 10. What would an auditor be trying to verify if he/she is asking to view logs for certain dates? To view what was enter in on that day to match the reports. 11. How could the findings from the Skipfish and rats scanning performed in lab #7 be...
Words: 473 - Pages: 2
...------------------------------------------------- Rhombus, Inc. Company Security Policy Rev 1.1.15.12.4 Dec 2015 Editors: Rhombus, Inc. Policy Team 1 Rhombus, Inc. 14 1.1 About This Document 14 1.2 Company History 14 1.3 Company Structure and IT Assets 14 1.4 Industry Standards 15 1.5 Common Industry Threats 15 1.6 Policy Enforcement 16 2 Credit Card Security Policy 17 2.1 Introduction 17 2.2 Scope of Compliance 17 2.3 Requirement 1: Build and Maintain a Secure Network 17 2.4 Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 18 2.5 Requirement 3: Protect Stored Cardholder Data 19 2.6 Requirement 4: Encrypt Transmission of Cardholder Data across Open and/or Public Networks 20 2.7 Requirement 5: use and Regularly Update Anti-Virus Software or Programs 20 2.8 Requirement 6: Develop and Maintain Secure Systems and Applications 21 2.9 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know 21 2.10 Requirement 8: Assign a Unique ID to Each Person with Computer Access 22 2.11 Requirement 9: Restrict Physical Access to Cardholder Data 22 2.12 Requirement 10: Regularly Monitor and Test Networks 23 2.13 Requirement 11: Regularly Test Security Systems and Processes 25 2.14 Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors 26 2.15 Revision History 29 3 Acceptable Use Policy...
Words: 26545 - Pages: 107
...Technical Institute IS3340 Windows Security Onsite Course SYLLABUS Credit hours: 4.5 Contact/Instructional hours: 60 (30 Theory Hours, 30 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisite: NT2580 Introduction to Information Security or equivalent Course Description: This course examines security implementations for a variety of Windows platforms and applications. Areas of study include analysis of the security architecture of Windows systems. Students will identify and examine security risks and apply tools and methods to address security issues in the Windows environment. Windows Security Syllabus Where Does This Course Belong? This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas: Foundational Courses Technical Courses BSISS Project The following diagram demonstrates how this course fits in the program: IS4799 NT2799 IS4670 ISC Capstone Project Capstone ProjectCybercrime Forensics NSA NT2580 NT2670 Introduction to Information Security IS4680 IS4560 NT2580 NT2670 Email and Web Services Hacking and Introduction to Security Auditing for Compliance Countermeasures Information Security Email and Web Services NT1230 NT1330 Client-Server Client-Server Networking I Networking II IS3230 IS3350 NT1230 NT1330 Issues Client-Server Client-Server SecurityContext in Legal Access Security Networking I Networking II NT1110 ...
Words: 2305 - Pages: 10
...paperless age, security would be an equally important aspect of the growth. In the recent report unveiled by the Indian government, it is targeting to create a workforce of 500,000 professionals skilled in cyber-security in the next five years through capacity building, skill development and training. The announcement is a gargantuan task considering the present state of affairs of cyber security in the country as well as the shortage of specialized courses in institutions across the country. So, what are the challenges that may hamper the government’s task of creating such a pool? Lack of awareness about cyber security is one of the biggest impediments that the Government of India shall face. “Adequate infrastructure, tools and framework for developing cyber security expertise pool, testing and training the skilled professionals through academic and hands on experience models,” feels Mr. Mohan Ramaiah, General Manager & Practice Head, SIMS, GIS, Wipro Ltd would be big challenges. On the other hand, Manatosh Das, Senior Analyst, Serving Security & Risk Professionals feels that developing security skill is not limited to classroom trainings. “One needs to have an access to advanced security labs with the latest tools, skilled trainers and technologies which cost millions. Setting up such training facilities will be the biggest challenge for Government of India,” said Das. Despite being a formidable task, Ramaiah feels that the creation of a cyber-security mass is not...
Words: 611 - Pages: 3
...IS4560 Lab 9 1. When you are notified that a user’s workstation or system is acting strangely and log files indicate system compromise, what is the first thing you should do to the workstation or system and why? Inform the IT help desk to have the user cease all activity on the workstation and to wait for you to arrive at the physical desktop location. The workstation must first be physically disconnected from the network leaving it physically isolated but now powered off. It should be left in its steady-state. This isolates the contaminated workstation from the organization’s network and Internet, as well as preventing the contamination from spreading. Logs, memory forensics, footprints, and other malicious activity must be kept in its steady-state untouched. Forensic images of the logs should be performed along with a memory forensics scan. Anti-virus and anti-malicious software removal tools can be enabled from a CD-drive 2. When an anti-virus application identifies a virus and quarantines this file, does this mean the computer is eradicated of the virus and any malicious software? No, many times virus and trojans can leave residuals or wreak havoc on other processes. It is important to note that the quarantined file is never off the computer until cleaned out or deleted – it’s like putting the unknown file in a holding tank until you can assess what it is and how to eradicate. 3. Where would you check for processes and services enabled in the background of your Student...
Words: 712 - Pages: 3
...Computer Labs resulted in the shutting down web access to the RSS system. Coordinated by a central controller these Bots established web connections (HTTP protocol) to the RSS using up all available bandwidth. This prevented students from accessing the Web site/server for legitimate traffic during the attack. (Schifreen, R. (2006)) This is considered a Consumption of Resources attack using up all the resources of RSS bandwidth. (Specht, S. M., & Lee, R. B. (2004)) These best practices would help prevent and/or reduce the effects of such attacks. Industry best practices to counter DDoS attacks start with documentation that addresses procedures to be followed before, during, and after an attack. (Schifreen, R. (2006)) The establishment of a Security Incident Response Team (SIPT) trained to react to incidents reduces damage and duration of outages. Best practices include; training, network configuration, patch management, access control lists, encryption, intrusion detection, intrusion prevention, and traffic shaping. (Cunningham, B, Dykstra, T, Fuller, E, Gatford, C, Gold, A, Hoagberg, M, Hubbard, A, Little, C, Manzuik, S, Miles, G, Morgan, C, Pfeil, K, Rogers, R, Schack, T, & Snedaker, S, (2007)) Devising a plan that detects problems early requires proper training to recognize and report problems for both end users and Information Technology (IT) staff. IT staff and SIPT members should be trained on proper procedures to diagnose, respond to attacks and forensic incident handling...
Words: 1240 - Pages: 5
...On 10/13/17, at approximately 1841 hours, I was watching Officer Kahn B3889 (floor officer) on the control room monitor in D3, located at Durango Jail, 3225 W. Gibson Lane, Phoenix, AZ 85009 while he was conducting his security walk in D Pod. While Officer Kahn was in D Pod, I noticed inmates in C Pod grouping in the bathroom. One inmate had taken his shirt off and was looking towards the back of the bathroom. He appeared to be trying to gain traction with his shoes and the bathroom floor as if he were getting ready to run. Another inmate was standing at the bathroom sink and a third inmate was standing in front of the first urinal. Two other inmates were standing outside the bathroom entryway. The shirtless inmate (inmate had tattoos on back and arms) walked towards the back of the bathroom out of camera view. I made a radio call for the floor officer to 10-17 (go to) C Pod. Shortly after, it appeared as though the inmate with his shirt off was engaged in a fight with someone in the bathroom. The same inmate fell to the bathroom floor near the entryway. There was a partial view of another inmate fighting with the shirtless inmate. I then made a radio call to Security Control for an inmate fight in D3, C Pod bathroom. Sgt. Johanning A9075, Officers Kahn B3889,...
Words: 1813 - Pages: 8
... |[pic]www.csudh.edu | | |[pic] | |[pic] |College of Natural and Behavioral Sciences | | |Department of Computer Science | | |http://csc.csudh.edu | |Course Title: |Communication Systems Security | |Course Number: |CTC 362 | |Instructor Name: | Mehrdad S. sharbaf, ph.d. msharbaf@csudh.edu, Office: tba, phone: tba, office Hours: tba | |Date: |Spring Semester, 2016 | |Course Length: |_15_ Weeks | |Web Companion |N/A ...
Words: 1433 - Pages: 6
...CIS 534 - Advanced Network Security Design 1 CIS 534 Advanced Network Security Design CIS 534 - Advanced Network Security Design 2 Table of Contents Toolwire Lab 1:Analyzing IP Protocols with Wireshark ........................................................................ 6 Introduction ............................................................................................................................................. 6 Learning Objectives ................................................................................................................................ 6 Tools and Software ................................................................................................................................. 7 Deliverables ............................................................................................................................................. 7 Evaluation Criteria and Rubrics ........................................................................................................... 7 Hands-On Steps ....................................................................................................................................... 8 Part 1: Exploring Wireshark ............................................................................................................... 8 Part 2: Analyzing Wireshark Capture Information .......................................................................... 12 Lab #1 - Assessment Worksheet...
Words: 48147 - Pages: 193
...Week 3 Lab This lab consists of two parts. Make sure you label each section accordingly and answer all the questions. For this lab it is recommended that you review the Demo Lab presentations in the Unit 5 and Unit 6 Learning Space. Click the PRACTICE link > DEMO LAB > then click the hyperlink to launch the demonstration. Part #1 Apply Hardened Security for Linux Services & Applications Learning Objectives and Outcomes Upon completing this lab, students will learn about the following tasks: * Harden Linux server services when enabling and installing them, and keep a security perspective during configuration * Create an Apache Web Server installation and perform basic security configurations to assure that the system has been hardened before hosting a web site * Configure and perform basic security for a MySQL database, understanding the ramifications of a default installation and recommending hardening steps for the database instance * Install, setup and perform basic security configuration for Sendmail to be able to leverage the built-in messaging capabilities of the Linux System * Enable and implement secure SSH for encrypted remote access over the network or across the Internet of a Linux server system Overview This lab is an extension of the previous hands-on labs, and it incorporates security hardening for Linux services and applications loaded in the physical server. This demonstration will configure security and hardened services...
Words: 2020 - Pages: 9
...• Where has it traveled, and where was it ultimately stored? 6. Why is it important to include a time/date stamp in the security incident response form? Stamping the time and date on the security incident form make it hard to manipulate or modify the file and therefore make it indisputable. It also improves accuracy of the occurrence of activities. It also holds those who come in contact with the evidence accountable. Lab Report File Define the phrase chain of custody. Chain of custody: Documentation that describes how evidence is collected, used, and handled during the duration of the case. Paraphrase what you found for your search of Chain of Custody for Digital Evidence. As I read the link below, I found that maintaining digital evidence is more than just securing the true copy. The perseverance of the hardware is just as important when it comes to maintaining the accuracy of the evidence on the hardware. The durability of the hardware that stores the evidence could become an issue if it alters the evidence...
Words: 461 - Pages: 2
...What’s New About Cloud Computing Security? Yanpei Chen Vern Paxson Randy H. Katz Electrical Engineering and Computer Sciences University of California at Berkeley Technical Report No. UCB/EECS-2010-5 http://www.eecs.berkeley.edu/Pubs/TechRpts/2010/EECS-2010-5.html January 20, 2010 Copyright © 2010, by the author(s). All rights reserved. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, to post on servers or to redistribute to lists, requires prior specific permission. What’s New About Cloud Computing Security? Yanpei Chen, Vern Paxson, Randy H. Katz CS Division, EECS Dept. UC Berkeley {ychen2, vern, randy}@eecs.berkeley.edu ABSTRACT While the economic case for cloud computing is compelling, the security challenges it poses are equally striking. In this work we strive to frame the full space of cloud-computing security issues, attempting to separate justified concerns from possible over-reactions. We examine contemporary and historical perspectives from industry, academia, government, and “black hats”. We argue that few cloud computing security issues are fundamentally new or fundamentally intractable; often what appears “new” is so only relative to “traditional” computing of the past several...
Words: 5878 - Pages: 24
