Ask a Question


Sale price $50.00 Regular price $100.00

CMGT 431 Week 1 Individual Assignment  Security Awareness Training
A single exploited vulnerability can bring down an organization’s systems, so it is critical that all employees follow appropriate security measures.
Select one of the Virtual Organizations and develop a 2- to 3-page security awareness training plan for that organization.
Include the following:
Which employees should be trained, why, how, and when?
What ongoing training needs to be implemented and why?
What training documentation should be kept and why?
Format your plan consistent with APA guidelines
CMGT 431 Week 2 Individual Assignment Applying Software Threat Analysis and Mitigation
Complete the review quizzes at the end of chapters 3 and 4
Chapter 3 Review Questions
1. A media player that is running within a web browser is known as a(n):
a. Agent
b. Mashup
c. Applet
d. Script
2. The chief advantage of web-based applications is:
a. Client-side software updates are unnecessary
b. Built-in SSL encryption
c. Ease of use
d. Better security
3. Enterprise Java Bean, Distributed Common Object Model, and Java Remote Method Invocation are examples of:
a. Object request brokers
b. Object oriented frameworks
c. Object oriented languages
d. Distributed systems
4. An attacker is experimenting with an application by inserting long strings of machine language code in the application’s input fields. The attacker is attempting:
a. A Denial of Service attack
b. A buffer overflow attack
c. A stack smashing attack
d. Any of the above
5. A risk manager requires that his organization implement a control to prevent application attacks. The best solution is to use:
a. Multitier architecture
b. Code reviews
c. An application vulnerability scanner
d. An application firewall
6. An astute security engineer has discovered that two accomplices are communicating with each other via hidden messages within images on a blogsite. The security engineer has discovered:
a. Emanations
b. A side channel attack
c. A covert channel
d. Steganography
7. Rootkits can be difficult to discover because:
a. They subvert the operating system
b. They install themselves in master boot records (MBRs)
c. They install themselves in flash memory
d. They use hidden processes
8. The purpose of a bot army is:
a. To launch Denial of Service attacks
b. To relay spam, host phishing sites, or launch Denial of Service attacks
c. To remotely control zombie computers
d. To build a massively parallel system
9. An IT manager is considering an anti-spam solution. Because one of the primary concerns is e-mail server performance, which solution can be eliminated from consideration?
a. Appliance
b. Outsourced
c. Server-based
d. Client-based
10. Web beacons are an effective site usage tracker because:
a. They use hidden form variables
b. Browsers cannot detect them
c. Browsers do not block them
d. They are encrypted
11. The most effective countermeasure for malware is:
a. Rootkit detection
b. Decreasing user privilege levels
c. Anti-virus
d. Firewalls
12. The primary purpose for decreasing user privilege levels is:
a. To reduce support costs
b. To limit the effects of malware
c. To improve system performance
d. All of the above
13. Which of the following is NOT normally used in system hardening:
a. Changing TCP/IP parameters
b. Removing unnecessary services
c. Removing unnecessary NICs
d. Renaming administrator userids
14. The purpose of input field filtering is:
a. To prevent input injection attacks
b. To detect application scanning
c. To prevent SQL injection attacks
d. To detect unsafe code
15. The best time to develop application test plans is:
a. During requirements and specifications development
b. During application design
c. During application testing
d. During application coding
CHAPTER 4Review Questions
1. The purpose of a Business Impact Analysis (BIA) is to determine:
a. The impact of a disaster
b. The extent of damage in a disaster
c. Which business processes are the most critical
d. Which processes depend on IT systems
2. During the early phases of a disaster recovery project, the project team needs to identify the disaster scenarios that can jeopardize the ongoing viability of the organization.
The team should perform:
a. A business impact analysis
b. A threat analysis
c. A walkthrough test
d. A failover test
3. Maximum Tolerable Downtime (MTD) should be determined by:
a. The project manager
b. The risk manager
c. Senior management
d. The threat modeling tool
4. Recovery Time Objective (RTO) is defined as:
a. The maximum length of time that a business process will be unavailable during a disaster
b. The maximum amount of data loss during a disaster
c. The point-in-time when a recovery is initiated after a disaster
d. The maximum period of time that a business can tolerate downtime during a disaster
5. Recovery Point Objective (RPO) is defined as:
a. The maximum length of time that a business process will be unavailable during a disaster
b. The maximum amount of data loss during a disaster
c. The point-in-time when a recovery is initiated after a disaster
d. The maximum point in time that a business can tolerate downtime during a disaster
6. The purpose of a criticality analysis is:
a. Develop a rank ordered list of the most critical threats
b. Develop a rank ordered list of the most critical business processes
c. Develop a rank ordered list of the most critical vulnerabilities
d. Develop a rank ordered list of the most critical staff
7. Because of limited resources, Company A cannot develop disaster recovery plans for all of its process. What should Company A use to determine which processes require recovery plans?
a. Those that are ranked highest in the criticality analysis
b. Those with the lowest MTD values
c. Those with the highest MTD values
d. Those that are ranked lowest in the criticality analysis
8. Which should be protected first during a disaster:
a. Critical business records
b. Critical systems
c. Backup media for critical systems
d. Personnel
9. The purpose of UPS is:
a. Filter electric power created by an electric generator
b. Delivery of critical supplies during a disaster
c. Protection of electric generators during a power failure
d. Continuous electric power during a power failure
10. Over a period of several years, an organization has exceeded the capacity of its emergency electric generator. The organization should:
a. Increase UPS capacity to make up the difference
b. Purchase a larger generator that can handle the entire workload
c. Purchase an additional generator so that the old and new generators together willgenerate enough power
d. Decrease UPS capacity to make up the difference
11. An organization is experiencing a large number of spikes, surges, and noise on its incoming electric power. The organization should consider:
a. An electric generator
b. An uninterruptible power supply (UPS)
c. A line conditioner
d. A power distribution unit
12. An organization has just completed development of a disaster recovery plan. The first test of the plan that should be performed is:
a. Parallel
b. Simulation
c. Walkthrough
d. Cutover
13. A company has determined that its Recovery Time Objective (RTO) for a critical system is three minutes. In order to ensure the continuous availability of its critical systems, the company should consider:
a. An active-passive geographic server cluster
b. An active-active local server cluster
c. An active-passive local server cluster
d. An active-active geographic server cluster
14. A company has determined that its Recovery Time Objective (RTO) for critical systems is two hours. In order to facilitate a timely resumption of critical applications, the company should consider:
a. Data replication to servers in a hot site
b. Data replication to servers in a warm site
c. Clustered servers
d. Disk to disk backup
15. The risk associated with a cutover test is:
a. A failure will result in a service interruption
b. A failure will result in data loss
c. A failure will result in data corruption
d. Adverse publicity

CMGT 431 Week 2 Learning Team Assignment Information Systems Security
Write a 6 to 8-page paper for the organization you picked in Week 1 that does the following:
Explain to the organization the potential threats in their software environments.
Describe the various protection efforts available against each threat.
Include three different example sets, each with a vulnerability and a way to mitigate (control) that item.
Categorize by application type and then describe and analyze the software systems in the organization.
Propose business continuity measures for each of the software systems analyzed.
Format your paper consistent with APA guidelines.
Format your paper consistent with APA guidelines.
CMGT 431 Week 3  Learning Team Assignment   Information Systems Security
Week 3 team assignment
Part 1 Security breaches are increasing and could cause irreparable harm to a company.
Locate a recent security breach within the last 3 years using the University Library or other sources.
Write a  paper in which you discuss the following:
An overall summary of the incident, including what, when, who, where, and so on
What went wrong to cause the incident
How well the organization handled the incident afterward
What the organization should do to prevent future incidents
Part 2
Continue using the organization you used in Week 2.
Complete the following:
Investigate at least three products (such as GnuPG) that the organization can use to secure its e-mail server.
Describe the benefits and drawbacks of each and select the one you would recommend.
Include discussion on ease of implementation, ease of maintenance, ease of support, and any other essential decision factors.
Develop a security incident response process that explains specifically how and why your organization will follow the seven phases of incident response.
Submit your recommendations to your faculty member.
CMGT 431 Week 4  Learning Team Assignment   Information Systems Security
Part 1
 Use the same organization from Week 3.
Develop a physical security plan for protecting the organization’s physical assets. Explain why these measures are necessary and support your selections.
Develop an operational security plan for protecting the organization’s operational assets. Explain why these measures are necessary and support your selections.
Write a 3- to 4-page description of both plans and submit to your faculty member for grading.
Part 2
Complete theoriginal individual assignment for week 4, specifically, investigate the major antivirus and antimalware available today. Select the one you like the best. 
Provide a brief description of the product, discuss how long it has been on the market and explain why you believe it to be the best in the current market.
Is your selection freeware? If so, what is the value in subscribing to the paid version?
CMGT 431 Week 5  Learning Team Assignment   Information Systems Security Final Paper
Finalize and update your paper.
Incorporate any instructor feedback. Your introduction should preview the content in the paper at a high level and your conclusion should summarize the findings of the paper. The body should cover the required content clearly, concisely, and completely.
Submit your completed paper.
CMGT 431 Week 5  Learning Team Assignment   Information Systems Security Final Presentation
Finalize your presentation for the plan. The presentation should target senior leadership at the organization and should effectively cover the material in the paper.
No specific number of slides is required. Your presentation should have a consistent look and feel, use text that works well with the background, and should present the material in an effective format. Your slides should not be overly crowded. Place detailed information in the speaker notes area where possible.
The speaker notes should be sufficient enough to allow someone to read them and give the entire presentation. They should be well-formatted and easy to read, not just a single paragraph of text.
Submit the presentation to your faculty member.

Questions & Answers

Have a Question?

Be the first to ask a question about this.

Ask a Question