- Description
IT/244
Intro to IT Security
Week Two Discussion Questions
- What are the basic principles of information security? Describe the purpose and application of each different principle.
- What types of security policies are there? How are they similar and how are they different?
- Why does a company need an Information Security Policy? What are the various parts of an effective Information Security Policy? Describe each part and its function.
- What is a trusted computing base? What makes it trusted? How does it relate to the ring of trust model?
- What is the Trusted Computer Security Evaluation Criteria? List the criteria. Why are they important?
Week Four Discussion Questions
- What steps are involved in developing a Business Continuity Plan? Why is a Business Continuity plan important?
- What are the key elements of a Disaster Recovery Plan? Why is a Disaster Recovery Plan critical to business operations?
- What are the different types of cyber crime? Provide an example for each type.
- What can happen to a company as the result of cyber crime? Do you know of any company that has been a victim of cyber crime? Describe the results. What can happen to an individual as the result of cyber crime? Do you know anyone who has been a victim of cyber crime? Describe the results.
Week Six Discussion Questions
- What is the difference between logical and physical security? Explain.
- What are the major categories of physical security threats? Describe the differences between them.
- What types of controls are needed for secure operations? Explain why.
- The principle of least privilege is a logical control. Describe the difference between a logical and physical control and why least privilege is important to system security.
- What is the physical control principle of separation of duties? Provide an example.
- What are the similarities and differences in the principles of least privilege and separation of duties? Explain. Describe how these principles relate to restricting the types of access that might be granted to the computer room.
Week Eight Discussion Questions
- How do access control and authentication methodologies secure systems?
- What are the features of a good access control system? Explain how access controls should be used and who should manage them.
- What is cryptography? How is it used in IT security?
- What are the roles of packet-filtering routers and firewalls? How do they protect a network?
- What are the two main classes of intrusions? Explain the differences between them.
- What are proactive and reactive security processes? Explain how security processes combat security breaches and improve the reaction time for detecting them.
- What are the characteristics of a good intrusion detection system?
| Week One: Information Security Principles | ||||
| Details | Due | Points | ||
| Objectives | 1.1 Explain the principles of information security. 1.2 Differentiate among types of security policies. 1.3 Describe the various parts of an effective Information Security Policy. | |||
| Course Preparation | Read the course description and objectives. Read the instructor’s biography and post your own. | |||
| Readings | Read Appendix A. Read Ch. 2–5 of Information Security. Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 1.1, 4.0, 4.1, and section 4.6. | |||
| CheckPoint Toolwire® SmartScenario: Information Security/Security Policies | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 3 | 30 | |
| Individual Introduction to the Information Security Policy | Select one of the company profiles below to be used for your Information Security Policy
· Company 1: The Bloom Design Group is a company that offers interior design services to businesses and individuals throughout the world. Bloom has a corporate office in New York and a second office in Los Angeles. The company’s website features a virtual decorating tool, which offers clients the chance to play with different color and design schemes. This tool allows their clients to get an idea of what a design project would look like once it is completed, before actually making color and design decisions. The website also gives interior designers access to their client files and company style guides, as well as create the ability to electronically process orders for design materials and furniture. The designers use a secure login and a password to gain access to the website and its features. The company’s workforce spends all its time working remotely and accessing the corporate network using a secure VPN. · Company 2: Sunica Music and Movies is a local multimedia chain with four locations. Each store has been acting independently of one another and has difficulty coordinating customer sales from one store to another based on inventory. Because of poor communications, revenue and customer base have been lost due to jumbled inventory from store to store, decentralized accounting, and no Internet-based commerce. With the successful implementation of a WAN solution, all stores will have the ability to access a centralized database for inventory and dynamically reorder stock based on sales. Each location will tunnel all financial transactions through a central accounting package, eliminating bookkeeping errors, and centralizing the company finances. All transactions and customer inventory browsing will be done through a web interface and custom intranet website. To meet their need for an Internet customer base, web servers will be located in their data center and will tie in to the company’s accounting and transaction servers to provide real-time sales and inventory information to customers.
Complete the Introduction portion of the Information Security Policy. Include the following:
· An overview of the company · The security goals to be achieved
Refer to the Introduction Template in Appendix C for the correct format for this assignment. Customize it meeting university standard. Our standard is using APA format. Every paper must come with opening and closing statements plus include appropriate references and add intext citation if paraphrase anything | Day 7 | 100 | |
| Week Two: Security Architecture | ||||
| Details | Due | Points | ||
| Objectives | 2 2.1 Summarize the concept of a trusted computing base (TCB). 2.2 Explain the ring of trust model. 2.3 Describe the Trusted Computer Security Evaluation Criteria. | |||
| Readings | Read Ch. 6 & 7 of Information Security. Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Section 1.3. | |||
| Participation | Participate in class discussion. | Contribute 6 replies or responses over 7 days. (3 days min) | 30 | |
| CheckPoint Toolwire® Smart Scenario: Trusted Computing Base | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 5 | 30 | |
| Week Three: Business Continuity and Disaster Recovery Planning | ||||
| Details | Due | Points | ||
| Objectives | 3 3.1 Outline the steps involved in developing a Business Continuity Plan. 3.2 Describe the key elements of a Disaster Recovery Plan. | |||
| Readings | Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 4.2 and 10.2. | |||
| CheckPoint Toolwire® Smart Scenario: Business Continuity/Disaster Recovery | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 3 | 30 | |
| Individual Disaster Recovery Plan | Complete the Disaster Recovery Plan (DRP) portion of the Information Security Policy. Include the following:
· The key elements of the DRP · The plan for testing the DRP
Refer to the Disaster Recovery Plan Template in Appendix D for the correct format for this assignment. Customize it meeting university standard. Our standard is using APA format. Every paper must come with opening and closing statements plus include appropriate references and add intext citation if you paraphrase anything. | Day 7 | 100 | |
| Week Four: Cyber Crime | ||||
| Details | Due | Points | ||
| Objectives | 4 4.1 Describe the different types of cyber crime. 4.2 Identify the risks and impacts of cyber crime. | |||
| Readings | Read Ch. 8 & 9 of Information Security. Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 3.1, 6.2, 6.10, 7.3, 8.2, and 9.1. | |||
| Participation | Participate in class discussion. | Contribute 6 replies or responses over 7 days. (3 days min) | 30 | |
| CheckPoint Toolwire® SmartScenario: Cyber Crime | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 5 | 30 | |
| Week Five: Physical Security Control and Operations Security | ||||
| Details | Due | Points | ||
| Objectives | 5 5.1 Distinguish between logical and physical security. 5.2 Outline the major categories of physical security threats. 5.3 Outline the types of controls needed for secure operations. 5.4 Identify the parts of a Physical Security Policy. | |||
| Readings | Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 1.1, 4.1 and 5.1. | |||
| CheckPoint Toolwire® SmartScenario: Security and Threats | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 3 | 30 | |
| Individual Physical Security Policy | Complete the Physical Security Policy portion of the Information Security Policy. Include the following:
· Security of the facilities
o Physical entry controls o Security offices, rooms, and facilities o Isolated delivery and loading areas
· Security of Information Systems
o Workplace protection o Unused posts and cabling o Network/server equipment o Equipment maintenance o Security of laptops/roaming equipment
Refer to the Physical Security Policy Template in Appendix E for the correct format for this assignment. Customize it meeting university standard. Our standard is using APA format. Every paper must come with opening and closing statements plus include appropriate references and add intext citation if you paraphrase anything | Day 7 | 100 | |
| Week Six: Physical Security Control and Operations Security (continued) | ||||
| Details | Due | Points | ||
| Objectives | 6 6.1 Differentiate between the principle of least privilege and the principle of separation of duties. | |||
| Readings | Read Ch. 10–12 of Information Security. Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 2.4, 4.1 and 4.8. | |||
| Participation | Participate in class discussion. | Contribute 6 replies or responses over 7 days. (3 days min) | 30 | |
| CheckPoint Toolwire® SmartScenario: Least Privilege/Separation of Duties | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 5 | 30 | |
| Week Seven: Access Control Systems, Cryptography, and Network Security | ||||
| Details | Due | Points | ||
| Objectives | 7 7.1 Describe how access control and authentication methodologies secure systems. 7.2 Explain the concept of cryptography. 7.3 Outline the roles of packet-filtering routers and firewalls and how they protect a network. | |||
| Readings | Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 2.0, 3.0, and 6.5. | |||
| CheckPoint Toolwire® Smart Scenario: Access Control/ Cryptography | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 3 | 30 | |
| Individual Access Control Policy | Complete the Access Control Policy portion of the Information Security Policy. Include the following:
· User enrollment · Identification · Authentication · Privileged and special account access · Remote access
Refer to the Access Control Policy Template in Appendix F for the correct format for this assignment. Customize it meeting university standard. Our standard is using APA format. Every paper must come with opening and closing statements plus include appropriate references and add in-text citation if you paraphrase anything | Day 7 | 100 | |
| Week Eight: Intrusion Detection | ||||
| Details | Due | Points | ||
| Objectives | 8 8.1 Describe the two main classes of intrusion. 8.2 List the characteristics of a good intrusion detection system. | |||
| Readings | Read Ch. 13 & the appendices of Information Security. Read this week’s Electronic Reserve Readings. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Section 7.5. | |||
| Participation | Participate in class discussion. | Contribute 6 replies or responses over 7 days. (3 days min) | 30 | |
| CheckPoint Toolwire® Smart Scenario: Intrusion | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 5 | 30 | |
| Week Nine: Application Development Security | ||||
| Details | Due | Points | ||
| Objectives | 9 9.1 Distinguish among several types of malicious software. 9.2 Create an Information Security Policy. | |||
| Nongraded Activities and Preparation TestOut LabSims | Locate the TestOut LabSims available for this course. You may find them on the Course Materials page in Week One of the student website.
Review the TestOut LabSim Security Pro, Sections 4.1 and 8.1. | |||
| Capstone CheckPoint Toolwire® Smart Scenario: Malware | Complete this week’s Toolwire® Smart Scenario found on your student website. Save a copy of your assessment. Post your Word document as an attachment. | Day 3 | 40 | |
| Final Project Information Security Policy | Complete the Network Security Policy and Executive Summary portions of the Information Security Policy.
· For the Network Security Policy portion, include the following:
o Network access o Network security control devices · For the Executive Summary portion, do the following:
o Provide 3 to 4 paragraphs describing the following:
· The goals of the security plan · Assumptions · Project constraints
o Your summary should be written in a concise and clear manner that summarizes your policy for readers.
Compile and submit all previous weeks’ sections with this week’s Network Security Policy and Executive Summary sections as a final Information Security Policy (Appendix B).
Refer to the Network Security and Executive Summary sections of the Information Security Policy Template in Appendix B for the correct format for this assignment. Customize it meeting university standard. Our standard is using APA format. Every paper must come with opening and closing statements plus include appropriate references and add intext citation if you paraphrase anything. | Day 7 | 200 | |
Optional Discussion Questions