"Physical Security" Please respond to the following:
- From the e-Activity, identify three physical security
measures the organization uses to secure the organization’s assets.
Explain how physical security adds protection to defense-in-depth.
- Imagine a local financial company just expanded its
operations into five branches connected over a broadband network
connection. The company has expanded rapidly due to customer demand and
has not implemented any security measures. Differentiate physical security
from logical security and recommend a list of security measures for the
local financial company. Justify each security measure you recommend.
"Environment Security" Please respond to the following:
- Imagine you are the CISO of a small company that has
experienced fire incidents in the computer room and lost several important
computer assets. Determine the environmental security measures you would
recommend. Justify your response.
- From the e-Activity, evaluate the effectiveness of the
physical and environmental security measures used by the organization you
researched in regard to protecting the organization’s assets. Cite all
sources.
Please respond to the above questions with
short paragraph answers of at least 2-3 paragraphs each For question 4 the link to the e-Activity is -
http://csrc.nist.gov/publications/nistpubs/800-47/sp800-47.pdf
--------------------------------------------------------------------------------------------------------------------------------Case
Study
Case Study 4: Remote Access Attacks
Above is the Quick Finance Company network diagram. The company is a small business and does not invest much in security protection. System 1000 hosts a customer database as well as employee payroll systems. The company Web server has been defaced twice this month and the VPN server has suffered from session hijacking and Denial-of-Service (DOS) attacks twice last year. The company does not enforce a password policy and does not have a dedicated security professional.
Write a five to eight (5-8) page paper in which you:
Above is the Quick Finance Company network diagram. The company is a small business and does not invest much in security protection. System 1000 hosts a customer database as well as employee payroll systems. The company Web server has been defaced twice this month and the VPN server has suffered from session hijacking and Denial-of-Service (DOS) attacks twice last year. The company does not enforce a password policy and does not have a dedicated security professional.
Write a five to eight (5-8) page paper in which you:
- Analyze the Quick Finance Company Network Diagram and
describe the assumptions you will need to make in order to identify
vulnerabilities and recommend mitigation techniques as there is no further
information from this company. The company does not wish to release any
security related information per company policy.
- Analyze the above case and network diagram, and
describe how each access point is protected or unprotected.
- Evaluate and describe the vulnerabilities of the Quick
Finance Company’s network based on the network design.
- Rank the top three (3) most likely network-based
attacks in the order they are likely to occur and suggest countermeasures
for each.
- Recommend mitigation procedures to reduce or eliminate
business interruptions.
- Use at least three (3) quality resources in this
assignment. Note: Wikipedia and similar Websites do not qualify as quality
resources.
Your assignment must follow these
formatting requirements:
- Be typed, double spaced, using Times New Roman font (size
12), with one-inch margins on all sides; citations and references must
follow APA or school-specific format. Check with your professor for any
additional instructions.
- Include a cover page containing the title of the
assignment, the student’s name, the professor’s name, the course title,
and the date. The cover page and the reference page are not included in
the required assignment page length.
The specific course learning
outcomes associated with this assignment are:
- Describe the details and the importance of application
security models and their implementation from a management perspective.
- Explain access control methods and attacks.
- Compare and contrast network-based attacks and
countermeasures.
- Evaluate potential situations of business interruption
and the planning necessary to mitigate the threats involved.
- Use technology and information resources to research
issues in security management.
- Write clearly and concisely about the theories of
security management using proper writing mechanics and technical style
conventions.
Grading for this assignment will be based on answer quality, logic / organization of the paper, and language and writing skills, using the following rubric.
|
Points:
100
|
Case
Study 4: Remote Access Attacks
|
|||
|
Criteria
|
Unacceptable
Below
70% F
|
Fair
70-79%
C
|
Proficient
80-89%
B
|
Exemplary
90-100%
A
|
|
1. Analyze the Quick Finance
Company Network Diagram and describe the assumptions you will need to make in
order to identify vulnerabilities and recommend mitigation techniques as
there is no further information from this company.
Weight: 15%
|
Did
not submit or incompletely analyzed the Quick Finance Company Network
Diagram; did not submit or incompletely described the assumptions you will
need to make in order to identify vulnerabilities and did not submit or
incompletely recommended mitigation techniques as there is no further
information from this company.
|
Partially
analyzed the Quick Finance Company Network Diagram; partially described the
assumptions you will need to make in order to identify vulnerabilities and
partially recommended mitigation techniques as there is no further
information from this company.
|
Satisfactorily
analyzed the Quick Finance Company Network Diagram; satisfactorily described
the assumptions you will need to make in order to identify vulnerabilities
and satisfactorily recommended mitigation techniques as there is no further
information from this company.
|
Thoroughly
analyzed the Quick Finance Company Network Diagram; thoroughly described the
assumptions you will need to make in order to identify vulnerabilities and
thoroughly recommended mitigation techniques as there is no further
information from this company.
|
|
2. Analyze the above case and
network diagram, and describe how each access point is protected or unprotected.
Weight: 15% |
Did
not submit or incompletely analyzed the above case and network diagram; did
not submit or incompletely described how each access point is protected or
unprotected.
|
Partially
analyzed the above case and network diagram; partially described how each
access point is protected or unprotected.
|
Satisfactorily
analyzed the above case and network diagram; satisfactorily described how
each access point is protected or unprotected.
|
Thoroughly
analyzed the above case and network diagram; thoroughly described how each
access point is protected or unprotected.
|
|
3. Evaluate and describe the
vulnerabilities of the Quick Finance Company’s network based on the network
design.
Weight: 20%
|
Did
not submit or incompletely evaluated and described the vulnerabilities of the
Quick Finance Company’s network based on the network design.
|
Partially
evaluated and described the vulnerabilities of the Quick Finance Company’s
network based on the network design.
|
Satisfactorily
evaluated and described the vulnerabilities of the Quick Finance Company’s
network based on the network design.
|
Thoroughly
evaluated and described the vulnerabilities of the Quick Finance Company’s
network based on the network design.
|
|
4. Rank the top three (3) most
likely network- based attacks in the order they are likely to occur and
suggest countermeasures for each.
Weight: 20%
|
Did
not submit or incompletely ranked the top three (3) most likely network-
based attacks in the order they are likely to occur; did not submit or incompletely
suggested countermeasures for each.
|
Partially
ranked the top three (3) most likely network-based attacks in the order they
are likely to occur; partially suggested countermeasures for each.
|
Satisfactorily
ranked the top three (3) most likely network- based attacks in the order they
are likely to occur; satisfactorily suggested countermeasures for each.
|
Thoroughly
ranked the top three (3) most likely network- based attacks in the order they
are likely to occur; thoroughly suggested countermeasures for each.
|
|
5. Recommend mitigation procedures
to reduce or eliminate business interruptions.
Weight: 15%
|
Did
not submit or incompletely recommended mitigation procedures to reduce or
eliminate business interruptions.
|
Partially
recommended mitigation procedures to reduce or eliminate business
interruptions.
|
Satisfactorily
recommended mitigation procedures to reduce or eliminate business
interruptions.
|
Thoroughly
recommended mitigation procedures to reduce or eliminate business
interruptions.
|
|
6. 3 references
Weight: 5%
|
No
references provided
|
Does
not meet the required number of references; some or all references poor
quality choices.
|
Meets
number of required references; all references high quality choices.
|
Exceeds
number of required references; all references high quality choices.
|
|
7. Clarity, writing mechanics, and
formatting requirements
Weight: 10%
|
More
than 6 errors present
|
5-6
errors present
|
3-4
errors present
|
0-2
errors present
|
No comments:
Post a Comment