1 / 16

SEC 280 DEVRY ENTIRE COURSE LATEST

Visit Below Link, To Download This Course:<br><br>https://www.tutorialsservice.net/product/sec-280-devry-entire-course-latest/<br><br>Or <br>Email us on<br>SUPPORT@TUTORIALSSERVICE.NET<br><br><br>SEC 280 DeVry Entire Course Latest<br>SEC280<br> <br>SEC 280 DeVry Week 1 Discussion 1 Latest<br>Data Breaches (graded)<br>Use one of your favorite search engines (preferably www.google.com) and search world’s biggest data breaches. Select at least two of the major data breaches from the list you found and complete the following.<br>

tutorialsservicesnet
Download Presentation

SEC 280 DEVRY ENTIRE COURSE LATEST

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SEC 280 DEVRY ENTIRE COURSE LATEST Visit Below Link, To Download This Course: https://www.tutorialsservice.net/product/sec-280-devry-entire-course-latest/ Or Email us on SUPPORT@TUTORIALSSERVICE.NET SEC 280 DeVry Entire Course Latest SEC280 SEC 280 DeVry Week 1 Discussion 1 Latest Data Breaches (graded) Use one of your favorite search engines (preferably www.google.com) and search world’s biggest data breaches. Select at least two of the major data breaches from the list you found and complete the following.   Explain how they impacted you. Many of the breached companies had standard security controls like firewalls and intrusion detection systems. Discuss what was missing in their designs and processes. Add other items that you believe organizations should improve on to avoid breaches.  SEC 280 DeVry Week 1 Discussion 2 Latest Data Integrity as Part of CIA Triad (graded) Data integrity verifies that data remains unaltered in transit from creation to reception.    Explain what would happen if we were to remove Integrity from the CIA triad. Discuss how integrity helps with confidentiality and access control. Discuss the overall impact to digital communication without data integrity. SEC 280 DeVry Week 2 Discussion 1 Latest

  2. Symmetric Encryption (graded) The initial encryption standard developed by NIST was called data encryption standard (DES). DES is too weak for modern applications since the key size is only 56-bit. It was replaced by advanced encryption standard (AES). AES has variable key sizes and can require a key size of 256-bit.    Discuss if you think AES key size has a direct relationship with algorithm strength. Do you think that AES-256 is necessarily better than AES-128? How long do you think it would take to launch a brute force attack on AES-128 using a standard computer? SEC 280 DeVry Week 2 Discussion 2 Latest Asymmetric Encryption (graded) Asymmetric encryption is based on the concept of a private key to decrypt and a public key to encrypt. RSA and Diffie-Hellman are two common algorithms used for asymmetric encryption, and they are extremely slow and can be used in limited applications. The key sizes are much larger than symmetric algorithms.   Explain why asymmetric algorithms, such as RSA and Duffie-Hellman, are relatively slow. Discuss why asymmetric encryption algorithms require larger key sizes SEC 280 DeVry Week 3 Discussion 1 Latest Asymmetric Encryption—the RSA Algorithm (graded) Asymmetrical encryption uses one key to encrypt and another key to decrypt. The most common algorithm used in applications is the RSA algorithm. RSAis based on prime numbers.  Select two small prime numbers and compute Product = (p-1)(q-1)and select a number e between 1 and Product. The ethat you computed is a simplified example of a public key. Post your selection and computation. The RSA algorithm and most asymmetric encryption are considered slow. Based on your computation, explain why the algorithm is slow.  SEC 280 DeVry Week 3 Discussion 2 Latest TLS/SSL (graded) TLS/SSL is used to secure http traffic on networks. For this post, access a website requiring HTTPS.  Find and post all the protocols that the site is using (click on the lock on the right end side of your browser menu for IE). Find the public key and paste it in your post. 

  3. SEC 280 DeVry Week 4 Discussion 1 Latest Hashing Algorithms (graded) Secure Hash Algorithm is the current hashing standard established by the National Institute for Standard and Technology. It uses a 160-bit hash but lately most organizations are moving toward a 256-bit hash.   Is a 128-bit hash no longer sufficient for integrity checks? Explain the likelihood of a collision in a 128-bit hash. You do not need to explain the mathematics. SEC 280 DeVry Week 4 Discussion 2 Latest Digital Signatures (graded) A digital signature is a technique to validate the integrity and authenticity of a message. The signature provides assurance that the sender is the true sender, and the message has not been changed during transmission.   What are the similarities between a digital signature and a handwritten signature? Differentiate among the three different classes of digital signatures. SEC 280 DeVry Week 5 Discussion 1 Latest Access Controls (graded) There are two basic ways to tell if a network or system is under attack. These are with intrusion-detection systems (IDSs) and intrusion-protection systems (IPSs). Discuss how each of these approaches is different. Do not forget to include how network-based and hosted-based systems come into play. You work for a small bank that has only 11 branches, and you must design a system that gives notice of a possible attack. Discuss what tools can be used, how they can be implemented to protect the bank, and how they can notify the appropriate people when the network comes under attack. SEC 280 DeVry Week 5 Discussion 2 Latest Application Security (graded) Testing for an unknown is a virtually impossible task. What makes it possible at all is the concept of testing for categories of previously determined errors. The different categories of errors are 1. buffer overflows (most common); 2. code injections;

  4. 3. privilege errors; and 4. cryptographic failures. Please evaluate the software engineering, secure-code techniques, and the most important rule that relates to defending against a denial-of-service attack. Here are two types of error categories: the failure to include desired functionality and the inclusion of undesired behavior in the code. Testing for the first type of error is relatively easy. Other items we should understand for error opportunities in applications are related to design, coding, and testing. How do we assure that these items are addressed in our software-application development or acquisition? SEC 280 DeVry Week 6 Discussion 1 Latest Attacks and Malware (graded) What are the different ways that malware can infect a computer? What malware and spyware protection software do you think is the best and why? There are many types of attacks described in the text. Describe the attack and what method you could do to avoid such an attack. Many attacks are carried out by groups of hackers. Describe the objectives of some of these groups. What is the difference between white-hat and black-hat hackers? SEC 280 DeVry Week 6 Discussion 2 Latest Identity Theft (graded) What steps would you take at your current or future job to ensure that personal information, such as human resources or customer information, is not compromised? Do companies have a responsibility to disclose identity-theft breaches that occur in their organizations? Present a strategy for educating a user about avoiding e-mail risk without saying, “Do not open an e-mail from someone you do not know.” This has been said many times and has failed. Take the time to think outside of the box about how you can get people to think before they act with e-mail. SEC 280 DeVry Week 7 Discussion 1 Latest Mitigating Risk (graded)

  5. Top management asks you to present a review of the security risks associated with the various servers in the computing infrastructure. Take one of the servers and address three security risks from the least (low risk or moderate risk) to the greatest (high risk) and the kind of risk presented. For instance, if a server is closer to the network perimeter, it is at a higher risk of being compromised by a hacker. This is where it all starts. How do you implement consistent security policies? SEC 280 DeVry Week 7 Discussion 2 Latest Incident Handling (graded) Surprisingly, many of us may be unknowing victims of botnets. Because of the rising sophistication of botnet schemes, your computer can become a zombie along with thousands of other computers that flood a victim’s network and bring down servers. While the attack is going on, the botnet infects the network with spam, viruses, and malware. What are the four simple rules of stopping botnets on your personal PCs?  What are some of the symptoms that would make you suspicious that your computer has been attacked? What part of a security incident should be logged?  SEC 280 DeVry Week 1 Quiz Latest Question 1. Question : (TCO 1) Which of the following is not part of the information security triad?     Confidentiality Integrity Availability Ethics Question 2. Question : (TCO 1) Symmetrical encryption uses     one key to encrypt and another key to decrypt. the same key to encrypt and decrypt. a certificate authority to manage the keys. large prime numbers. Question 3. Question : (TCO 1) What is the most common name for the first large-scale attack on the Internet, which occurred in November of 1988?     The Code Red Worm The Morris Worm The Slammer Worm The Jester Worm

  6. Question 4. Question : (TCO 1) What is a solar sunrise?  An attack that was made to look like an attack from Iraq but that was actually made by two teenagers from California who got training in Israel. Electronic interference resulting from solar flares and occurring most commonly in the early morning hours. A penetration test conducted by the FBI and other government agencies to test the defenses of government networks and critical infrastructures. The name of a virus that would burn up a hard drive at 6 a.m. on the day of the summer solstice.    Question 5. Question : (TCO 1) A successful attack on a network may adversely impact security in all the following ways except _____.     loss of confidentiality loss of integrity loss of functionality loss of availability Question 6. Question : (TCO 1) The first step an administrator can take to reduce possible attacks is to _____.     ensure that all patches for the operating system and the applications are installed install a firewall install antispyware software configure an intrusion-detection system Question 7. Question : (TCO 1) A hacker is anyone who     attempts to break into computers for malicious reasons. attempts to steal data for any reason. attempts to take over systems without permission. All of the above Question 8. Question : (TCO 1) Which of the following is considered sensitive information?     Medical records Driver’s license number Passport number All of the above Question 9. Question : (TCO 1) To ensure the privacy of your driver’s license number during electronic communications, you want to _____ the data.    hide encrypt mask

  7. not print Question 10. Question : (TCO 1) Date encryption standard (DES) is a(n) _____ algorithm. masking encryption hashing switching SEC 280 DeVry Week 3 Quiz Latest Question 1. Question : (TCO 4) Attackers need a certain amount of information before launching their attack. One common place to find information that could be useful to the attacker is to go through the trash of the target. The process of going through a target’s trash is known in the community as _____.     trash rummaging garbage surfing piggy diving dumpster diving Question 2. Question : (TCO 4) The art of secret writing that enables an individual to hide the contents of a message from all but the intended recipient is called _____.     steganography cryptanalysis cryptography key management Question 3. Question : (TCO 4) The cipher that replaces each letter of the alphabet with a different letter (not in sequence) is a _____.     shift cipher substitution cipher transposition cipher Vigenère cipher Question 4. Question : (TCO 4) Keyspace refers to _____.     the location where keys are stored the number of keys needed to encrypt or decrypt a message all the possible key values the portion of the algorithm that the key connects with to encrypt or decrypt a message Question 5. Question : (TCO 4) A special mathematical function that performs one-way encryption is called _____.   asymmetric encryption transposition cipher

  8.  a hashing function multiple encryption Question 6. Question : (TCO 4) The encryption method that is base on the idea of two keys–one that is public and one that is private–is _____.     a hashing function symmetric encryption asymmetric encryption elliptical-curve encryption Question 7. Question : (TCO 4) What is a registration authority?     An entity that requires proof of identity from the individual requesting a certificate. An entity that generates a digitally signed identification certificate A centralized directory where the registered certificate is stored An entity that generates electronic credentials Question 8. Question : (TCO 5) The difference between centralized and decentralized infrastructures is _____.     that the key pairs and certificates do not have a set lifetime in centralized infrastructures that the location where the cryptographic key is generated and stored is different that the network administrator sets up the distribution points in centralized infrastructures that, in a decentralized infrastructure, the certificate may have an extended lifetime Question 9. Question : (TCO 5) What is a digital certificate?    It’s a means of establishing the validity of an offer from a person, entity, website, or e-mail It’s a centralized directory wherein registered keys are created and stored. It’s a means of establishing your credentials electronically when doing business or other transactions on the Web. It’s an entity that generates electronic credentials and distributes them after proving their identity sufficiently.  Question 10. Question : (TCO 5) A trust domain is defined as _____.    the agreed upon, trusted third party a scenario where one user needs to validate the other’s certificate a construct of systems, personnel, applications, protocols, technologies, and policies that work together to provide a certain level of protection a scenario in which the certificate’s issuer and the subject fields hold the same information  SEC 280 DeVry Week 5 Quiz Latest

  9. Question 1. Question : (TCO 6) In terms of physical security, _____ refers to protecting important assets by using several perimeters.     layered access multifactor access control dual authentication an intrusion-detection system Question 2. Question : (TCO 6) Which of these, according to this chapter, is not a step that can be taken to help mitigate physical security risk?     All users need security training. Electronic physical security systems need to be protected from network-based attacks. Authentication systems should use multiple factors when feasible. Constantly monitor all employees via camera. Question 3. Question : (TCO 6) The best fire extinguisher for petroleum products is a _____.     Class A Class B Class C Class D Question 4. Question : (TCO 6) _____ are computers in a network that host applications and data for everyone to share.     Linux boxes Servers Firewalls Cryptographies Question 5. Question : (TCO 6) A virtual private network (VPN) is a construct used to provide _____.     users with an individual web space on the network an area of relaxation for employees a secure communication channel between users across public networks, such as the Internet a learning area for programming languages Question 6. Question : (TCO 6) Media can be divided into three categories: _____.     paper, plastic, and cloth magnetic, optical, and electronic confidential, integrity, and authority red, yellow, and blue

  10. Question 7. Question : (TCO 6) _____ are types of magnetic media.     CDR, CDRW, and DVD Linux, Windows, and Oracle Hard drives, diskettes, and tapes Keyboards, mice, and monitors Question 8. Question : (TCO 6) Which of the following is not a component of an IDS?     Traffic collector Signature database Expert-knowledge database User interface and reporting Question 9. Question : (TCO 6) A new breed of IDS that is designed to identify and to prevent malicious activity from harming a system is called _____.     preemptive IDS preventive IDS active IDS dynamic IDSA Question 10. Question : (TCO 6) Egress filtering _____.     scans incoming mail to catch SPAM scans outgoing mail to catch SPAM scans messages for specific words or phrases filters out POP traffic SEC 280 DeVry Week 1 Exercise Latest Exercise – CIA Triad Download the Excel Template.equella.ecollege.com/file/af0b2314-58b6-4106-bf5e- 2e720c6410c0/21/Data_Week1.xlsx”>Data_Week1.xlsxand review column A (Information Type). Based on what you have learned in Week 1, chose the most important security attribute for the data field in column A using the drop down list. As an example, for a social security number, is the first priority to keep the numbers confidential, guarded from modifications, or available in digital format? If you feel all three attributes are equally important, select “Same Level of Importance” for all three priorities. The comment column (column E), must be used to justify your selections. Assignment Grading Rubric Selection of associated security attributes Justification for your selections (column E) Spelling and grammar Points 25 25 6 % 42% 42% 10%

  11. APA style Total 4 60 6% 100% Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these.equella.ecollege.com/file/8ff9f27a-3772-48cf-9855- 4bec4e6706bf/1/Dropbox.html”>step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. Information Type Social Security Number of an Individual First Name and Last Name Credit Card Number Qualification Medical Information Publications Salary Place of Employment Country of Origin Parent Names Children Names Marital Status Passport Number Languages Spoken Drivers License Number Level of Education Major in College Date of Birth Citizenship

  12. Ethnic Background Criminal Records Spouse Name Grade Point Average in College Research Interest Investment Accounts SEC 280 DeVry Week 2 Exercise Latest Exercise—Encryption Activity Use your favorite browser to access https://www.cryptool.org. The free download area on the right of the page has three download options. Download CrypTool 1.4.30 English and install the software on your personal computer. Download the Word template called Week2.docx and complete the activities. You will need to capture screens and paste them into your template. Once completed, upload your template in the Unit 2 Dropbox. There is also a video instruction to help you complete this assignment. Do not uninstall the software from your PC until you complete Unit 3. Week 2 Assignment View this video to help you complete this assignment. Do not uninstall the software from your PC until you complete Unit 3. Transcript Assignment Grading Rubric Template completion (4 x 20) Explanation of concepts (1 X 10) Spelling and grammar APA style Total Points 80 10 5 5 100 % 80% 10% 5% 5% 100% Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. Exercise 1 Symmetric Encryption using Vigenere Cipher

  13. 1. Click on File from the menu and select New. 2. Enter (paste) the following text in the window: On September 25, 1789, the First Congress of the United States proposed 12 amendments to the Constitution. The 1789 Joint Resolution of Congress proposing the amendments is on display in the Rotunda in the National Archives Museum. Ten of the proposed 12 amendments were ratified by three- fourths of the state legislatures on December 15, 1791. The ratified Articles (Articles 3–12) constitute the first 10 amendments of the Constitution, or the U.S. Bill of Rights. In 1992, 203 years after it was proposed, Article 2 was ratified as the 27th Amendment to the Constitution. Article 1 was never ratified. 3. Click on the Encrypt/Decrypt. 4. Select Symmetric (classic) from the drop down list. 5. Select Vigenere. 6. Enter a key –ORANGE (you may want to try the encryption with other keys). 7. Click Encrypt. 8. Capture this screen (SHIFT + PRTSCN) in Windows and paste below. Exercise 2 Encryption with DES in CBC mode 1. Repeat the process above and select Symmetric (Modern). 2. Select DES CBC mode. 3. In the pop-up window, select Encrypt. 4. Capture this screen (SHIFT + PRTSCN) in Windows and paste below. Exercise 3 Asymmetric encryption using RSA Encryption 1. Repeat the process above and select Asymmetric. 2. Select RSA Encryption. 3. Select Side Channel (under Last Name). 4. Click Encrypt.

  14. 5. Capture this screen (SHIFT + PRTSCN) in Windows and paste below. 6. Close Cryptool. Exercise 4 1. Create a text file made up of at least five pages of text. The text can be anything you would like. 2. Save the file on your C: Drive as TEXT.txt 3. Open Cryptool. 4. Click on File. 5. This time, select Open. 6. Browse to c:TEXT.txt 7. Click on Encrypt/Decrypt. 8. Select Asymmetric. 9. Select RSA Encrypt. 10. Check DISPLAY ENCRYPTION TIME at the bottom on the page. 11. Select Side Channel in the window. 12. Click on Encrypt. Record your time below. TIME = Notice that the time taken is somewhat large for computing. Symmetrical encryption would take less than .001 of a sec to encrypt the same text. SEC 280 DeVry Week 4 Exercise Latest In this assignment, you will use Cryptool to generate encryption keys (if you deleted your earlier one, you will need to generate another one), sign a document, verify a signature, and extract a signature. Before we continue, let’s recap how a signature works. A document has a unique hashed value. The hash value can be encrypted with an individual’s private key to tie the document to the holder of the private key. The encrypted hashed value is called signing a document.

  15. To start this exercise, open Cryptool (installed in Week 2). Click on File and Open. In the open window, type the following message: “It is a great day at DeVry University.” Click on Digital Signature/PKI from the menu bar. Select Generate/Import keys. In the pop-up window, select RSA and complete the User Data portion on the right panel. Select a PIN. I recommend “1234” for now. Click on Generate new key pair at the bottom of the screen. You will receive a message that the keys were generated successfully. Close any open windows except the windows with our message: “It is a great day at DeVry University.” Now, select SHA-1 (160 bits) for hash function and choose RSA for signature algorithm and now select your key pair from the bottom pane. Remember to enter your PIN (1234). The digital signature will be displayed in another window. Capture this screen and paste it in the Week4_Template. Leave the signature page and click on Digital Signature/PKI and click on Verify Signature. Select the key pair and click on Verify Signature. You will get a message that the signatures are correct. They have to be because we just created the signatures. Capture the Signature Verification page and paste it in your Week4_Template. Now click on Digital Signatures/PKI and Click on Extract a Signature. A pop-up window will be displayed with the extracted signature. The signature and the signed message are displayed. Capture the page and paste it in the Week4_Template. Close all open Windows. Now, create a text file in your document folder on your PC (save it as MYTEST.txt). This text document can contain any you would like and can be created using Notepad. Back to Cryptool, click on Digital Signatures/PKI. Select Signature Demonstration. The pop-up will contain a diagram of a schematic of the digital signature process. Click on Open document. Select the text document you created earlier. Click on Select Hash function. Choose SHA-1 and then click on OK. Click on Compute hash value and click on Hash value. The hash value of your file will be displayed at the bottom of the window. Now click on Generate key. Click on Generate Primes (accept default values) and Accept Primes. Click on Store Key. Now click on Encrypt Hash Value. Click on Encrypted Hash value. The Encrypted Hash value will be displayed at the bottom of the window. Now you are going to click on Provide Certificate. Enter your first and last name and a PIN (confirm the PIN). Click on Generate Signature. The signature will be displayed at the bottom of the window. Now click on Store signature. Capture the display screen and paste it in your Week4_Template. Click OK and close Cryptool. Assignment Grading Rubric Hands-on lab assignment APA Spelling Grammar Total Points 14 X 4 = 56 1 1 2 60 % 93.4% 1.6% 1.7% 3.3% 100%

  16. Submit your assignment to the Dropbox, located at the top of this page. For instructions on how to use the Dropbox, read these step-by-step instructions. See the Syllabus section “Due Dates for Assignments & Exams” for due date information. SEC 280 DeVry Week 7 Exercise Latest Exercise—Bulk Extractor In this assignment, you are going to perform a forensic analysis of the C:users (or C:windowsusers) folder in Windows of your computer to investigate possible credit card frauds. To perform this forensic analysis, you are going to need Bulk Extractor. Bulk Extractor is a computer forensics tool that scans a disk image, file, or directory of files and extracts information such as credit card numbers, domains, e-mail addresses, URLs, and ZIP files. The extracted information is output to a series of text files. You will need these files to complete this assignment. Bulk Extractor can be downloaded from http://digitalcorpora.org/downloads/bulk_extractor/. For consistency, you want to download the version below. Once downloaded, run the installation. This process will take less than five minutes. bulk_extractor-1.5.1-windowsinstaller.exe 05-Aug-2014 13:03 20M Once completed, you will need to create a storage folder on your computer where Bulk Extractor will write the output of the forensic investigation. Now you are ready to start the Bulk Extractor application. Downloading and Installing Bulk Extractor Watch this short video on the steps needed to complete this assignment. See the Syllabus section “Due Dates for Assignments &Exams” for due date information. Download Now

More Related