1 / 31

CMGT 430 Marvelous Teaching / snaptutorial.com

CMGT 430 Assignment Week 1 IT Systems Connection Table<br> <br>CMGT 430 Assignment Week 2 Enterprise Security Concerns<br> <br>CMGT 430 Assignment Week 3 Responding to Threats<br> <br>CMGT<br>

Georgehalmen10
Download Presentation

CMGT 430 Marvelous Teaching / snaptutorial.com

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CMGT 430 All Assignments (New Syllabus) For more classes visit www.snaptutorial.com CMGT 430 Assignment Week 1 IT Systems Connection Table CMGT 430 Assignment Week 2 Enterprise Security Concerns CMGT 430 Assignment Week 3 Responding to Threats CMGT 430 Assignment Week 4 Cloud Computing CMGT 430 Assignment Week 5 Enterprise Security Plan Strategic Objectives *******************************************

  2. CMGT 430 Assignment Week 2 Enterprise Security Concerns For more classes visit www.snaptutorial.com After reviewing the material your group has prepared so far, the management team has returned with a list of five specific concerns. They include: Access control Security enterprise Impact of implementing a change management system Mitigation Risk management Management has asked you to address concerns with a visual presentation. Address concerns by providing the following information: An overview of the access control Required mitigation steps for each concern Prioritize concerns

  3. Concerns with vendor relations from the enterprise security standpoint Description of how the organization can apply risk management principles in its efforts Description of iterative maintenance effort, including audits and frequency Include at least two references formatted according to APA guidelines. Present the information in one of the following ways: A detailed chart along with a brief 1- to 2-page executive summary explaining the decisions made A 12- to 14-slide multimedia-rich presentation with speaker notes Submit your assignment. ******************************************* CMGT 430 Assignment Week 3 Responding to Threats For more classes visit www.snaptutorial.com

  4. A few Assignment Weeks ago, a nearby hospital, which is very similar in operations and scale to Auburn Regional, was the target of a ransomware attack. You have kept a close eye on this event. You decide to complete a review of current material available regarding ransomware attacks and especially ransomware and hospital enterprise systems. Develop a 1- to 2-page chart. Your chart should have four columns for Authorization, Authentication, Roles, and Mitigation, as well as three columns for Small, Medium, and Large businesses. The chart should compare four attributes that are critical in enterprise systems today. Populate and extrapolate what steps can be taken to mitigate threats for small, medium, and large hospital enterprise systems. Based on your chart, provide a final recommendation on how the hospital can respond to the threat. Summarize your chart findings, provide your recommendation, and answer the following questions in a brief, 2- to 3-page executive summary to the Auburn Regional management team: How could changes to authorization, authentication, and roles help mitigate and deal with these systems threats? How do you verify people and security levels? How will your recommendations alleviate the threat? Include the chart in your executive summary. Submit your assignment. *******************************************

  5. CMGT 430 Assignment Week 4 Cloud Computing For more classes visit www.snaptutorial.com Your work so far has been well-received and the management team is very interested in quickly bringing the rest of the organization into the process. The management team has expressed interest in incorporating cloud technology as part of the Auburn Regional's IT architecture. To integrate both of these requests, you decide to create an infographic that could, on a single diagram, give the reader an idea of what cloud technology is and how it could be used by Auburn Regional as these enterprise systems updates are in action. As you might imagine, there is a wealth of information on the internet involving the use of cloud computing. Consider the following information and outline your answers: What are the pros and cons of cloud computing?

  6. Where could cloud computing fit in the organizational structure and operations? How do companies that enter cloud technology agreements pass on those issues to their customers? How do these companies really know where their data and the data of their customers is really stored? What precautions are being taken? Using your outline, create an original infographic for a presentation to the Auburn Regional management team that shows: The basics of cloud computing Overview of pros and cons of cloud computing Where cloud computing could possibly fit into the organizational structure and operations At least two concerns that need to be addressed Include your outline on a separate document to support your infographic. Submit your assignment. ******************************************* CMGT 430 Assignment Week 5 Enterprise Security Plan Strategic Objectives

  7. For more classes visit www.snaptutorial.com An enterprise security plan is a document that explains the security exposure that an entity would encounter in a specific marketplace. A committee of people typically writes this document over a span of a few months. Many times the drafts begin with developing a high-level overview of strategic objectives that address how to secure the enterprise inside and outside the enterprise. The CEO asks you to explain the core principles of enterprise security and respond to five strategic objectives as part of the overall enterprise system security plan draft. They are: Data loss prevention Access controls Data management Risk management Cloud technology For each of the five strategic objectives, write a response that addresses the following: Key initiative: Why is this topic important to Auburn Regional? Objectives: What is the desired outcome to this effort? Description: What is the specific strategic objective? Provide a high- level explanation. Benefits: What will be the benefits of this effort? Outcome: What will be done to meet this objective?

  8. Include any charts, graphics, or infographics created in previous Assignment Weeks that support your findings. Compile your response with the following: An updated executive summary A final recommendation At least three new references throughout your plan overview, cited according to APA guidelines. Incorporate feedback and use previous assignments as a resource. As a guideline, an overview of this nature is typically 3 to 4 pages long. Submit your assignment. ******************************************* CMGT 430 Discussion Due Diligence For more classes visit www.snaptutorial.com

  9. Respond to the following in a minimum of 175 words: Just a few years ago, all IT processing took place in-house. Payroll processing, human resources and benefits management, real estate management, and investor relations were done by employees within the parent organization. Even in the home environment, families kept information activities in-house, including annual tax returns and banking (through the writing of paper checks) and disagreements or issues with vendors was taken care of personally. Now we have online resources that push some of that overhead to external vendors. Examples include organizations that will process payroll and benefits administration, and stock brokerages that address investor traffic. Working with vendors brings up a few concerns. Discuss the following:  Why is due diligence necessary when dealing with external vendors?  What is one suggestion you have regarding securing data as it is in- transit to and from these vendors? What are two security protocols that should be part of the vendor's data operations? For example, if the data includes PII/SPII information, is adherence to external regulations and guidelines the responsibility of the vendor or your organization? *******************************************  CMGT 430 Discussion Mainframe And Client/Server Environments

  10. For more classes visit www.snaptutorial.com Respond to the following in a minimum of 175 words: Consider the following scenario: Your manufacturing company has operated with a mainframe IBM computer for more than 20 years. Recent technological advances have brought opportunities to replace that mainframe-based computing environment with a client/server environment. You have been tasked with responding to the senior management group about the security issues involved with replacing the existing mainframe computer environment with a client/server platform. The salespeople you deal with from each vendor believe that the current mainframe environment costs about $500K a year to maintain from a security standpoint, while a client/server environment would cost about $325K a year. But cost is not the only consideration. No PII or SPII data is contained in this manufacturing platform. It is strictly a final product for sale application. Outline and review a typical mainframe enterprise security footprint. Do the same for a possible client/server environment. This could include the use of the cloud for distributed computing, but that would also include unique security concerns. Discuss the following:  Based on your outline, which of these environments is more secure and why?  Does your outline show commonalities that could permit both the mainframe and the client/server environment to coexist from an enterprise security perspective? If so, what are they?   *******************************************

  11.  CMGT 430 Discussion Security Checkpoint For more classes visit www.snaptutorial.com Respond to the following in a minimum of 175 words: At many security checkpoints where biometrics are used, only one protocol is employed, such as a fingerprint reader, a hand-scanner, or facial recognition. Other checkpoints use several biometric checkpoint protocols in tandem to add a layer of security. Complete an internet search for vendors of biometric products. Find one vendor with a product designed to examine several characteristics [i.e., facial recognition, hand scanner (incorporates hand pattern, fingerprint reader), retina scan, and signature recognition]. Discuss the vendor you selected along with answers to the following questions:  Which characteristics would be more acceptable to users?  Which would be preferred by security administrators? Respond to the following in a minimum of 175 words: At many security checkpoints where biometrics are used, only one protocol is employed, such as a fingerprint reader, a hand-scanner, or

  12. facial recognition. Other checkpoints use several biometric checkpoint protocols in tandem to add a layer of security. Complete an internet search for vendors of biometric products. Find one vendor with a product designed to examine several characteristics [i.e., facial recognition, hand scanner (incorporates hand pattern, fingerprint reader), retina scan, and signature recognition]. Discuss the vendor you selected along with answers to the following questions:  Which characteristics would be more acceptable to users? Which would be preferred by security administrators? *******************************************  CMGT 430 Entire Course For more classes visit www.snaptutorial.com CMGT 430 Week 1 Individual IT Systems Connection Table CMGT 430 Week 2 Learning Team Vulnerabilities and Threat Pairs CMGT 430 Week 2 Individual Applying Risk Management Consulting

  13. CMGT 430 Week 3 Learning Team Ranking the Pairs CMGT 430 Week 3 Individual Using Roles CMGT 430 Week 4 Team Draft of the Enterprise Security Plan and Presentation CMGT 430 Week 4 Individual Controlling Access CMGT 430 Week 5 Team Enterprise Security Plan Paper CMGT 430 Week 5 Individual An IT Security Department Profile CMGT 430 Week 1 DQ 1 CMGT 430 Week 1 DQ 2 CMGT 430 Week 2 DQ 1 CMGT 430 Week 2 DQ 2 CMGT 430 Week 3 DQ 1 CMGT 430 Week 3 DQ 2 CMGT 430 Week 4 DQ 1 CMGT 430 Week 4 DQ 2 CMGT 430 Week 5 DQ 1 CMGT 430 Week 5 DQ 2 *******************************************

  14. CMGT 430 Ver 3 Week 1 DQ 1 For more classes visit www.snaptutorial.com Delineate the difference between system architecture, software architecture, and information architecture. Provide some examples to illustrate what each represents. ******************************************* CMGT 430 Ver 3 Week 2 DQ 1 For more classes visit www.snaptutorial.com

  15. Why should an organization consider implementing role-based access control (RBAC) over discretionary access controls (DAC) or mandatory access controls (MAC)? Provide an example to put in context the differences between the three approaches? ******************************************* CMGT 430 Ver 3 Week 2 DQ 1 For more classes visit www.snaptutorial.com Based on the Shaw (2009) article, why would you consider deploying an intrusion prevention system (IPS) over an intrusion detection system (IDS) to improve enterprise security? What are the major factors to consider when employing this technology? ******************************************* CMGT 430 Ver 3 Week 2 DQ 2

  16. For more classes visit www.snaptutorial.com Based on the Barr article (2009), how can radio-frequency identification (RFID) technology be applied to providing enterprise security? What are the major factors to consider when employing this technology? ******************************************* CMGT 430 Ver 3 Week 3 DQ 1 For more classes visit www.snaptutorial.com In role-based systems, you want to establish mutually exclusive roles to prevent assignment of conflicting permissions to a single role. Provide examples of two similar job functions that have differing access roles.

  17. What would be all of the types of systems for which you would grant each role access? ******************************************* CMGT 430 Ver 3 Week 3 DQ 2 For more classes visit www.snaptutorial.com Based on the Barr article (2010), what software must be considered to provide adequate security management across the enterprise? ******************************************* CMGT 430 Ver 3 Week 4 DQ 1 For more classes visit

  18. www.snaptutorial.com What is a virtual enterprise, and how is that different from a physical one? ******************************************* CMGT 430 Ver 3 Week 4 DQ 2 For more classes visit www.snaptutorial.com Based on the Drumheller article (2008), should biometrics be used instead of passwords and pins to authenticate enterprise users, or should they be used in conjunction with passwords and pins? What factors should be considered? ******************************************* CMGT 430 Ver 3 Week 5 DQ 1

  19. For more classes visit www.snaptutorial.com Based on the Ulasien article (2008), why is an IT security audit critical in developing an enterprise security strategy? Should threats to the enterprise be reviewed and assessed on regular basis? ******************************************* CMGT 430 Ver 3 Week 5 DQ 2 For more classes visit www.snaptutorial.com Based on the Drumheller article (2007), why should the critical business processes be identified, and their impact on the business be evaluated along with the threats for developing the enterprise security

  20. strategy? Should impact on business processes of the enterprise be reviewed and assessed on a regular basis? ******************************************* CMGT 430 Week 1 Individual IT Systems Connection Table For more classes visit www.snaptutorial.com CMGT 430 Week 1 Individual: IT Systems Connection Table Enterprise systems consist of multiple IT systems. It is important to know the different interconnections each system may have. IT systems do not operate alone in the modern enterprise, so securing them will involve securing their interfaces with other systems, as well as the system itself. Complete the University of Phoenix Material: IT System Connection Table for four different IT systems. The table is located in the Materials section to the right. Complete the directions within the document. They are as follows:  Note two systems they connect with and their connection type.

  21.  Note two security vulnerabilities the system may have and two to four ways each vulnerability could be potentially exploited. Submit your assignment to the Assignment Files tab above. IT System Connection Table When securing the modern enterprise, consider that IT systems do not operate alone. Securing them involves securing their interfaces with other systems as well. It is important to know the different interconnections each system may have. Fill out the following table for four different IT systems.  Note two enterprise systems they connect with and their connection type.  Note two security vulnerabilities the connection may have and two to four ways each vulnerability could be potentially Additional Comments:  An example row has been entered into the table in blue. This is only an example and should not limit what you do.  Keep in mind that enterprise systems cover a certain task in the enterprise (HR, CRM, Identity Management, etc.). They are not the components of a system (such as servers).  Connections can often be a direct connection/pipe, a file, a common database, or something else.  The vulnerability is what would make the connection vulnerable to an attack.  The related risk is an attack that could target the weakness. *******************************************

  22. CMGT 430 Week 2 Individual Applying Risk Management Consulting For more classes visit www.snaptutorial.com CMGT 430 Week 2 Individual Applying Risk Management Consulting Note: This is the first of three assignments that will be completed for this three-assignment project, ending with a final paper in Week Four. You have been hired as a consultant and asked to provide a presentation on the company's risk management to the CIO. Create a 5- to 7-slide narrated presentation on the following information: • Describe how the organization can apply risk management principles in its efforts to secure their systems. • Outline how protection efforts will vary over time. • Include three different example sets, each with a vulnerability, related risk, and way to mitigate (control) that item. Use any slide presentation software of your choosing. Submit your presentation to the Assignment Files tab above

  23. ******************************************* CMGT 430 Week 2 Learning Team Vulnerabilities and Threat Pairs For more classes visit www.snaptutorial.com CMGT 430 Week 2 Learning Team: Vulnerabilities and Threat Pairs Select an organization that you are familiar with or an organization from a published case study. Find case studies through the following sources or through a faculty- approved source. Suggestions are as follows:  Search within University Library for these periodicals  Information Week  CSO  SC Magazine The CEO of your selected organization has requested an enterprise security plan from your team. The first step to developing an enterprise security plan is to identify the specific vulnerabilities and related risks facing an organization. This list should be fairly exhaustive. Many vulnerability and threat pairs will not make the final cut for remediation,

  24. but an organization can only properly prioritize these if it has fully covered all of the risks. Create a list of 30 information security vulnerabilities with related threats relevant to the organization. Keep in mind:  Most vulnerabilities will have more than one related threat.  Cover both physical and logical vulnerabilities. Place your list in the first two columns of a table in a Microsoft® Word or Excel® document. The table will resemble the following: ******************************************* CMGT 430 Week 3 Individual Using Roles For more classes visit www.snaptutorial.com CMGT 430 Week 3 Individual: Using Roles Note: This is the second of three parts to this project. Refer back to your organization used in the Week Two Applying Risk Management Consulting assignment. A better way to control user access to data is to tie data access to the role a user plays in an organization. Some organizations are still learning

  25. this. Your presentation this week persuades the CIO of your target organization of the importance of controlling user access. Create a 5- to 7-narrated slide presentation discussing the following:  The value of separating duties in the organization  The value of using roles to segregate the data and system access needs of individuals in the organization  Why a role-based access control (RBAC) system would be the best way to accomplish this, including both the advantages and disadvantages of such a system Use any slide presentation software of your choosing. Submit your presentation to the Assignment Files tab above. ******************************************* CMGT 430 Week 3 Learning Team Ranking the Pairs For more classes visit www.snaptutorial.com CMGT 430 Week 3 Learning Team: Ranking the Pairs

  26. The CEO of your selected organization has requested an enterprise security plan from your team. This week you will prioritize the threats and vulnerabilities previously identified, and determine which need attention and which may be left for another time. This is done by determining the probability of the risk and the potential impact it may have on the organization. Your objective is to address the risks with the highest probability of happening, with the highest impact on the organization. Extend your table from Week Two to include columns for Probability of Risk and Impact of Risk on the organization. Include mitigation steps of the top 20 pairs. Part 1 Fill out the final three columns in the table from the previous week. Rate the probability and impact of each vulnerability-threat pair as High, Medium, or Low. (These are independent of each other.) Rank the pairs in the order they should be addressed by the organization. (High/High rows will be at the top and Low/Low rows at the bottom.) The team will have to decide where to rank rows which are not at these extremes. Suggest specific mitigation steps to take for the top 20 rows. You will go into more detail for the final project due in Week Five. Leave the Suggested Mitigation Steps column empty for rows below the top 20. Part 2 Prepare a brief explanation on the final rankings.  Describe how the team finally ranked the pairs and the reasoning behind the suggested mitigation steps.  Focus on the top 20 rows, but cover why the others were ranked lower and will not be addressed at this time.  Keep this explanation brief and clear but informative. Submit your updated table and explanation to the Assignment Files tab above. *******************************************

  27. CMGT 430 Week 4 Individual Controlling Access For more classes visit www.snaptutorial.com CMGT 430 Week 4 Individual Controlling Access This is the third assignment of the series. Continue the Applying Risk Management Consulting assignment for your chosen organization. Refer to your Week Three individual assignment. Write a 4- to 5-page business proposal in which you cover what concerns and potential actions the organization should take for each of the following areas:  How to manage and control the use of cloud resources and other service providers that may be used for processing and data storage outside the organization’s physical locations  Specific recommendations to control mobile access to organizational system users (employees and customers)  Identify specific issues to be addressed with business partners and inter-connection of systems. Note: Brief the organization on the major issues involved but keep each section succinct.

  28. Format your business proposal consistent with APA guidelines. Submit your assignment to the Assignment Files tab above. ******************************************* CMGT 430 Week 4 Team Draft of the Enterprise Security Plan and Presentation For more classes visit www.snaptutorial.com CMGT 430 Week 4 Learning Team: Draft of the Enterprise Security Plan and Presentation The CEO of your selected organization has requested an enterprise security plan from your team. An enterprise security plan is more than just a list of vulnerabilities and risks. It must present them in a meaningful way along with suggestions for specific steps to mitigate each of the most important vulnerabilities or risk pairs it finds. The organization would like you to present an enterprise security plan to their Board of Directors. This week your team will draft two deliverables¬, an enterprise security plan and a presentation. Part 1

  29. Compile a full draft of the final enterprise security plan document. This will not be complete, but will have at least a short paragraph about each major section of the paper, including the suggested controls. Use the introduction and conclusion as an executive summary of the entire paper’s content. Research at least eight sources that validate the choices made in the paper. This must go beyond basic definitions. The sources can be changed in the final week, if needed. Format your paper consistent with APA guidelines. Part 2 Draft an 8- to 10-slide presentation on the findings in the Enterprise Security Plan to present to senior management. Keep the slides concise. Include detailed speaker notes for the presentation. Use any slide presentation software of your choice. Submit a draft of both the enterprise security plan and slide presentation to the Assignment File tabs above. ******************************************* CMGT 430 Week 5 Individual An IT Security Department Profile For more classes visit

  30. www.snaptutorial.com CMGT 430 Week 5 Individual An IT Security Department Profile The CEO asks you to create a presentation for the company about the IT Security Department. She wants you to highlight the core principles of enterprise security, and visually present the positions in the IT Security Department that are responsible for which principles. Create a 4- to 5-slide narrated presentation in response to the request from the CEO. Include an organizational chart to help the audience visualize how the security team functions. Include detailed speaker notes or transcription of narration. Submit presentation using the Assignment Files tab above. ******************************************* CMGT 430 Week 5 Team Enterprise Security Plan Paper For more classes visit www.snaptutorial.com

  31. CMGT 430 Week 5 Team Enterprise Security Plan Paper The CEO of your selected organization has requested an enterprise security plan from your team. Presenting an enterprise security plan to senior management is an important task that faces every IT security leader. It is your job to provide an appropriate overview and encourage the team to invest in your plan. Finalize the enterprise security plan and presentation using feedback from your instructor. Submit the enterprise security plan and presentation to the Assignment Files tab above. *******************************************

More Related