DEVRY SEC440 ALL WEEK DISCUSSIONS

WEEK 1

Good Components of a Security Policy (graded)

What are good components of an organizational information security policy? What are some areas that you think should be addressed?

This section lists options that can be used to view responses.

Obstacles to Implementing Security Policies (graded)

What are the main obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?

















WEEK 2

Organizational Buy-In (graded)

What are some things that you might try doing to get everyone in an organization to support your policy suggestions? What do you think will be the motivations of people objecting to the changes? How might you try to overcome these objections?

This section lists options that can be used to view responses.



















WEEK 3

Identifying an Organization’s Assets (graded)

How do you go about identifying an organization’s assets? Where do you start? Who do you ask and what do you ask them?

Employee Screening (graded)

Do you think it is fair to check into a potential employee's credit history before deciding to hire him or her? Why or why not?

This section lists options that can be used to view responses.





WEEK 4

New Data Center (graded)

You're a network engineer. Your boss comes in and asks for your opinion on the top three things to do concerning security. When designing a new data center, what would you recommend?

New Security Measures (graded)

Consider your home, school, or current place of employment. What would you do to increase your organization’s physical security? Try to think of the most cost-effective measures that would have the biggest impact.

This section lists options that can be used to view responses.











week 5

Operations Security Considerations (graded)

In an organization, there are many potential security threats from both inside and outside of the network.

What are some operational security considerations that you, as a security professional, need to contend with? What security policies and procedures can help protect your business operations?

Authentication (graded)

Having security policies and procedures that document and manage access to critical data and technology is one thing, but actually controlling the access is another. Describe and evaluate how authentication controls can enforce security policies within an organization.

This section lists options that can be used to view responses.

week 6

Secure System Development Processes (graded)

New software systems are written by software developers. So let’s discuss at what points in a system development process it would make sense to have some information security checkpoints (i.e., points where the security of the code being developed could be checked).

This section lists options that can be used to view responses.

Federal Regulations and Security (graded)

Please discuss the pros and cons of improving information security with federal regulations. How well received are the regulations in the affected industries? Have they helped?

This section lists options that can be used to view responses.

WEEK 7

Personal Data (graded)

Phishing attacks use both social engineering and technical deceptions to steal personal identity data and financial account identification. Social engineering schemes use "spoofed" e-mails to lead consumers to fake websites designed to trick the addressee into revealing financial data, such as credit card numbers, account usernames, passwords, and social security numbers. Hijacking the names of banks, e-tailers, and credit card companies, phishers often convince naive recipients to respond. Technical deception schemes plant worms and viruses onto PCs to steal identification directly, often using Trojan keylogger spyware. Pharming crimeware diverts users to counterfeit sites or proxy servers, characteristically from DNS hijacking or poisoning.

Consider legitimate and illegitimate uses of a person's confidential information. What are some of the uses that could make this information valuable to legitimate and illegitimate businesses?

Healthcare Information Risks (graded)

As hospitals get ready for comprehensive information automation, healthcare organizations consider how new systems and software can be protected from intrusions and illegal information access. Understanding these situations can help direct future IT spending decisions, as well as make certain that hospital organizations do not face expensive fines or lawsuits.

Think of how data are typically used in a hospital. Consider the number of employees and the uses of confidential information in a hospital. What are some of the ways that data could be compromised in such an environment?