Policies and procedures should be well-defined, considerate of the security requirements

Instructions

Write a thread containing a thoughtful answer to 1 question. Answer should contain at least 400 words. If necessary, you may list within your thread any concepts on which you need further clarification as well. Also, you must reply to at least 2 threads below. Each reply should contain at least 200 words. Additionally, all posts (thread and replies) should reflect professional writing, current APA standards, include at least 1 scholarly reference (e.g., peer-reviewed journal articles), and integration of at least 1 biblical principle.

Thread Question:

What is a Pen Test in regards to Information Security?(Answer in at least 400 words)

Replies(Reply to each thread in at least 200 words EACH)

Thread #1

Risk comparesions and contrasts Collapse

All of these are just steps in Risk analysis and dealing with risks. Starting with risk treatment. This is just as how it sounds it is the treatment of the problem. Whether it be selecting or actually doing the treatment it all falls under this step. Unlike the rest, the closest one to the treatment would be risk mitigation but this is more defining the steps of how a company will treat the risk. Risk mitigation is the most broad one because it can be connected to all of them because it is more of a plan instead of step. Authors Chen, Sohal and Prajogo talk about how important it is better to understand this section, “[it is] imperative to obtain a better understanding of the nature of risk which is a premise to developing well-grounded risk mitigation strategies”(Chen et al., 2016). This just goes to show how risk mitigation really falls into the process. Risk avoidance is parallel to treatment because if you can avoid the risk from happing then no treatment is needed and it’s a part of risk mitigation because it can be one of the beginning strategies to try and avoid the problem. This is close to treatment again because you are eliminating things that can cause the risk unlike treatment where you would just be fixing the risk. This Is very different form risk transfer and acceptance because you shouldn’t get to those points if you have avoided it. Risk acceptance is one of the later steps in the process but can also be at the beginning. This is just simply accepting the risk for what it is and what will come from it typically because the company can handle that risk. Risk Transfer is one that any company tries to do. By transfer risk the company can give it to someone else which is the exact opposite of acceptance but can be apart of the treatment or the mitigation of it. Transfer is one that can be connected to a bible verse like, “And my God will supply every need of yours according to his riches in glory in Christ Jesus.”(Philippians 4:19 ESV). We can compare this because God lets us transfer all our risks onto him with our faith. In general, I would say that all of these can be connected in some way whether it be in a comparison or contrasting way.

Thread #2

Why are data classification systems important?

Data classification is the process of organizing data by agreed-on categories. Thoroughly planned classification enables more efficient use and protection of critical data across the organization and contributes to the risk management, legal discovery and compliance processes. To safeguard sensitive data understanding what the data is and how it should be categorized, in terms of where the data will reside, who can access., modify, or delete the data and understanding the consequences if data is leaked in fundamental.

There is no one “right” way to design a data classification model and define the data categories. In general, data classification involves tagging data to make it easily searchable and trackable. Labeling or marking is the process of affixing a word, symbol, or phrase on a set of data. The purpose of labeling it o make the readers aware of the level of classification on a set of data. It also eliminates the multiple duplications of data, which can reduce storage and backup costs while speeding up the search process. Handling of the data is also important. Handling guidelines need to be developed for each level of classification. It is important to note, depending on the type of organization, there are regulatory requirements around how data is managed. Requirements may vary depending on the categories of data. Each category must include clear handing guidelines and mandated levels of controls. There are both federal and state rules that might impact an organization. Data classification is important for privacy. A proper data classification allows an organization to apply appropriate controls base on the predetermined category need. Classifying data can save time and money because it an organization can narrow its focus on what important and not put unnecessary controls in place. In its simplest form there are three-levels of data classification can be defended as public data, internal data, and restricted data. Additional, classifications can be applied based on data content. The levels are the foundation the helps an organization improve its security posture by focusing attention, workforce, and financial resources on the data most critical to the business.

Policies and procedures should be well-defined, considerate of the security requirements and confidentiality of data types, and straightforward enough that are easy for employees of an organization to understand.

The Scripture states that the Word of God should be handled accurately, rightly dividing the Word of truth. Just as data should be handle with care, so much more the God’s Word be handled with care.

The post Policies and procedures should be well-defined, considerate of the security requirements appeared first on graduatepaperhelp.

 

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"

. Design a logical and physical topographical layout of the planned network through the use of graphical tools in Microsoft Word or Visio

Project Deliverable 5: Network Infrastructure and Security

This assignment consists of two (2) sections: an infrastructure document and a revised project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.

With the parameters set forth at the onset of the project, present the infrastructure and security policy that will support the expected development and growth of the organization. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. Since the company will be merging with a multinational company, virtualization and cloud technology should be taken into consideration. In addition, access paths for Internet access should be depicted. A narrative should be included to explain all the nodes of the network and the rationale for the design. Lastly, using the Confidentiality, Integrity and Availability (CIA) Triangle, define the organizational security policy.

Section 1: Infrastructure Document

Write a five to ten (5-10) page infrastructure document in which you:

1. Identify possible network infrastructure vulnerabilities. Address network vulnerabilities with the appropriate security measures. Ensure that consideration is given to virtualization and cloud technology.
2. Design a logical and physical topographical layout of the planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Explain the rationale for the logical and physical topographical layout of the planned network. Note: The graphically depicted solution is not included in the required page length.
3. Illustrate the possible placement of servers, including access paths to the Internet and firewalls. Note: facility limitations, workstations, printers, routers, switches, bridges, and access points should be considered in the illustration.
4. Create and describe a comprehensive security policy for the company that will:

· Protect the company infrastructure and assets by applying the principals of CIA. Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.

· Address ethical aspects related to employee behavior, contractors, password usage, and access to networked resources and information.

Your assignment must follow these formatting requirements:

· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

· Include charts or diagrams created in MS Visio or Dia as an appendix of the infrastructure document. All references to these diagrams must be included in the body of the infrastructure document.

Section 2: Revised Project Plan

Use Microsoft Project to:

1. Update the project plan (summary and detail) template, from Project Deliverable 4: Cloud Technology and Virtualization, with three to five (3-5) new project tasks each consisting of five to ten (5-10) subtasks.

The specific course learning outcomes associated with this assignment are:

· Describe the methods and best practices in implementing process change in IT organizations.

· Describe the role and methods of technology-induced process improvement in organizations.

· Use technology and information resources to research issues in information systems.

· Write clearly and concisely about leadership issues and strategic insight of the Information systems domain using proper writing mechanics and technical style conventions.

The post . Design a logical and physical topographical layout of the planned network through the use of graphical tools in Microsoft Word or Visio appeared first on graduatepaperhelp.

 

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"

· Describe the role and methods of technology-induced process improvement in organizations.

Project Deliverable 5: Network Infrastructure and Security

This assignment consists of two (2) sections: an infrastructure document and a revised project plan. You must submit both sections as separate files for the completion of this assignment. Label each file name according to the section of the assignment it is written for. Additionally, you may create and / or assume all necessary assumptions needed for the completion of this assignment.

With the parameters set forth at the onset of the project, present the infrastructure and security policy that will support the expected development and growth of the organization. The network solution that is chosen should support the conceived information system and allow for scalability. The network infrastructure will support organizational operations; therefore, a pictorial view of workstations, servers, routers, bridges, gateways, and access points should be used. Since the company will be merging with a multinational company, virtualization and cloud technology should be taken into consideration. In addition, access paths for Internet access should be depicted. A narrative should be included to explain all the nodes of the network and the rationale for the design. Lastly, using the Confidentiality, Integrity and Availability (CIA) Triangle, define the organizational security policy.

Section 1: Infrastructure Document

Write a five to ten (5-10) page infrastructure document in which you:

1. Identify possible network infrastructure vulnerabilities. Address network vulnerabilities with the appropriate security measures. Ensure that consideration is given to virtualization and cloud technology.
2. Design a logical and physical topographical layout of the planned network through the use of graphical tools in Microsoft Word or Visio, or an open source alternative such as Dia. Explain the rationale for the logical and physical topographical layout of the planned network. Note: The graphically depicted solution is not included in the required page length.
3. Illustrate the possible placement of servers, including access paths to the Internet and firewalls. Note: facility limitations, workstations, printers, routers, switches, bridges, and access points should be considered in the illustration.
4. Create and describe a comprehensive security policy for the company that will:

· Protect the company infrastructure and assets by applying the principals of CIA. Note: CIA is a widely used benchmark for evaluation of information systems security, focusing on the three (3) core goals of confidentiality, integrity, and availability of information.

· Address ethical aspects related to employee behavior, contractors, password usage, and access to networked resources and information.

Your assignment must follow these formatting requirements:

· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.

· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.

· Include charts or diagrams created in MS Visio or Dia as an appendix of the infrastructure document. All references to these diagrams must be included in the body of the infrastructure document.

Section 2: Revised Project Plan

Use Microsoft Project to:

1. Update the project plan (summary and detail) template, from Project Deliverable 4: Cloud Technology and Virtualization, with three to five (3-5) new project tasks each consisting of five to ten (5-10) subtasks.

The specific course learning outcomes associated with this assignment are:

· Describe the methods and best practices in implementing process change in IT organizations.

· Describe the role and methods of technology-induced process improvement in organizations.

· Use technology and information resources to research issues in information systems.

· Write clearly and concisely about leadership issues and strategic insight of the Information systems domain using proper writing mechanics and technical style conventions.

The post · Describe the role and methods of technology-induced process improvement in organizations. appeared first on graduatepaperhelp.

 

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"

. Describe the characteristics of the crime, the offenders, the victims, and the event (location, weapon, and when it occurred).

C6Scholarly Activity

For this scholarly activity, you will do further research on patterns of offenses and victimization. Research the crime rates in both your local area and in the nation.

Include responses to the following points in your scholarly activity:

1. Research the murder and aggravated assault data for the past four years. Find national data as well as data in your current city or town (or nearest metropolitan area).
2. Explain the national and local rates. Have they gone up or down? How do they compare? Do you see trends? To what do you attribute the differences?
3. Explain the terminology/definition of each crime. How do they differ?
4. Describe the characteristics of the crime, the offenders, the victims, and the event (location, weapon, and when it occurred).
5. What are the differences in arrest and clearance rates?
6. After learning more about these crimes, pick a theory from an earlier unit, and use it to explain the possible reasons people commit these crimes in your area.

Your scholarly activity must be a minimum of two pages in length, not counting the title and reference pages. You are required to use at least two outside sources; one source must be from the CSU Online Library.

C7ScholarlyActivity

This scholarly activity will include further research on white-collar crime. Visit the site below, and explore the different components of white-collar crime:

Federal Bureau of Investigation. (n.d.). What we investigate: White-collar crime. Retrieved from https://www.fbi.gov/investigate/white-collar-crime

Then, include the following points in your scholarly activity:

· different types of crime that are categorized as white-collar,

· the victims of these crimes, and

· the reasons why you believe it is difficult to enforce these laws.

Your scholarly activity must be a minimum of two pages in length (not including the title and reference pages). All sources used, including the referenced website for this activity, must be cited and referenced using the appropriate APA format.

C8CaseStudy

Glassberg, J. (2015). The ransomware threat. Law Enforcement Technology, 42(9), 33-35.

(Let me know if you can access the reading material for this assignment, please)

Then, write a case study that answers the following questions:

· What was the problem? What were the effects of the problem?

· What is the profile of the hacker?

· What can be done to protect against the threat?

· What should be done if a computer is infected with ransomware?

· What type(s) of cybercrime was/were involved in this article? Does the identified offender fit the characteristics for this type of cybercrime?

Your assignment should be a minimum of two pages in length, not counting the title and reference pages, and you should use APA formatting.

The post . Describe the characteristics of the crime, the offenders, the victims, and the event (location, weapon, and when it occurred). appeared first on graduatepaperhelp.

 

"Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!"