UOP CMGT431 All Assignments Latest

CMGT431 Information Systems Security

Week 1 Assignment

Individual: Encryption Methodologies to Protect an Organization’s Data Paper

Includes Option #1

Includes Option #2

Includes Option #3

Includes Option #4

Companies are susceptible to losing customer data to cyber-attackers and human errors, so organizations must properly protect their data and network.  In this assignment, you will create an Encryption Policy for CIO review. Use the organization you chose in the discussion Classifying an Organization's Sensitive Data.

Write a 2- to 2½-page policy, and ensure you:

List the organization’s sensitive data that must be protected.

Complete a matrix that compares the asymmetric and symmetric encryption methodologies (PKI, TLS, SSL) for protecting data within the network.

Describe at least 2 primary threats that could compromise the organization’s data.

Describe how the encryption methodologies that should be implemented to protect the organization’s sensitive data.

Format your citations according to APA guidelines.

Submit your assignment

 

 CMGT431 Information Systems Security

Week 2 Assignment

Individual: Security Vulnerability Report

Includes Option #1

Includes Option #2

A security vulnerability report identifies the areas of the organization that are at risk of losing data, outages, etc. Typically, organizations categorize the report to focus on specific areas and highlight the level of risk per area. Based on the vulnerability report, organizations are able to plan appropriately for budgeting and resource improvements. Write a 2½- to 3 ½-page security vulnerability report in Microsoft Word based on the organization you chose in Week 1. An internal review of your organization was previously conducted and found the following vulnerabilities:

A formal Password Policy has not been developed that meets your organization’s regulatory requirements.

The organization only uses single factor authentication using weak passwords.

Vulnerability Severity: High

Impact: Threats could easily guess weak passwords allowing unauthorized access.

Software configuration management does not exist on your organization’s production servers.

There are different configurations on each server and no operating system patching schedule.

Vulnerability Severity: Moderate

Impact: With ad hoc configuration management, the organization could inadvertently or unintentionally make changes to the servers that could cause a self-imposed denial of service.

An Incident Response Plan has not been developed.

There is not a formal process for responding to a security incident.

Vulnerability Severity: High

Impact: In the event of a security incident, an ad hoc process could allow the security incident to get worse and spread throughout the network; the actual attack may not be recognized or handled in a timely manner giving the attacker more time to expand the attack.

Consider people, processes, and technology that can be exploited by the source of a threat.

Include recommended countermeasures to mitigate the impacts and risks of the vulnerabilities.

Format your citations according to APA guidelines.

Submit your assignment.

 

CMGT431 Information Systems Security

Week 3 Assignment

Individual: Authentication and Authorization Methodologies Presentation

Once a user is authenticated in an organization’s network, that user is authorized to access certain data based on the information security principle of least privilege.

Your CEO and CIO need options for the organization’s authentication and authorization methodologies. Recommendations should include how to mitigate the impact and risks from vulnerabilities.

Create an 9- to 11-slide, media-rich presentation in Microsoft® PowerPoint® for the organization you chose in Week 1, and ensure you provide:

Descriptions of at least 3 roles employed in the organization you chose in Week 1

Descriptions of at least 3 common attacks against access control methods, including the password policy vulnerability as described in the vulnerability report

Countermeasures to reduce vulnerabilities and mitigate potential attacks on access control methods

Note: A media-rich presentation should include multimedia such as graphics, pictures, video clips, or audio.

Format your citations according to APA guidelines.

Submit your assignment.

 

CMGT431 Information Systems Security

Week 4 Assignment

Individual: Change Management Plan

Refer to NIST SP 800-53 (Rev. 4)for the 18 candidate security control families and associated security controls.

Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as planned, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls that mitigate the vulnerabilities.

For this assignment, use the organization you chose in Week 1.

Part I: Mapping Vulnerabilities to Security Controls

Choose 5 distinct security control families as specified in NIST SP 800-53 (Rev. 4) that are most applicable to your organization’s known vulnerabilities.

Create a 1-page spreadsheet in Microsoft® Excel® that identifies the following criteria for each family:

Control ID

Control Name

Vulnerability

Recommended mitigation (refer to your Week 3 assignment; refine them for this mitigation)

Part II: Security Controls Testing

Provide a 2- to 3-page table in Microsoft Word including each family, and describe the testing procedure that will mitigate the vulnerability. Annotate whether the testing procedure is an interview, observation, technical test, or a combination.

Example of Security Controls Testing Table:

Part III: Penetration Testing and Vulnerability Scanning

Provide a 1-page description of penetration testing and vulnerability scanning processes.

Describe how they are used as part of the organization’s testing and assessment strategy.

Format your citations according to APA guidelines.

CMGT431 Information Systems Security

Week 5 Assignment

Individual: Incident Response Paper

Cyber security tools are available to organizations requiring integration of its problem management, configuration management, and incident management processes.

The CEO and CIO need you and your team to create an IRP and change management plan. These plans will help the organization choose the appropriate cyber security tool.

Part I: Incident Response Plan

Incident response is a disciplined methodology for managing the aftermath of a security breach, cyberattack, or some other security incident. An IRP provides an organization procedures that effectively limit the impact on the data, system, and business and reduces recovery time and overall cost.

Create a 1- to 2-page IRP Microsoft Word for the organization you chose in Week 1. In your plan, ensure you:

Discuss roles and responsibilities.

Discuss the critical activities for each of the 5 phases in the incident response process.

List at least 3 cyber security tools that work together to monitor the organization’s network for malicious and abnormal activity.

Part II: Change Management Plan

Change management plans define the process for identifying, approving, implementing, and evaluating necessary changes due to new requirements, risks, patches, maintenance, and errors in the organization’s networked environment.

Create a 1- to 2-page Change Management Plan in Microsoft Word for your chosen organization. In your plan, ensure you discuss:

Roles and responsibilities

The use of swim lanes and callouts

Who should be involved in developing, testing, and planning

Who reviews and signs off on the change management requests

Briefly describe how a change management plan reduces the organization’s risk from known threats.

Part III: Cyber Security Tool Comparison

Create a 1- to 2-page table that compares two of the industry standard tools that integrate incident management and change management.

Recommend the best tool for the organization to the CEO and CIO.

Explain how it maintains compliance with the organization’s regulatory requirements.