CMGT 430 Entire Course

0 items
CMGT 430 Entire Course
CMGT 430 Entire Course
$49.00
Go to the store page
  • Description

CMGT/430

ENTERPRISE SECURITY

 

The Latest Version A+ Study Guide

 

**********************************************

CMGT 430 Entire Course Link

https://hwsell.com/category/cmgt-430/

**********************************************

 

CMGT 430 Wk 1 – Management of Information Security, Ch. 8 Quiz

Complete the Ch. 8 Quiz using the MindTap Access link.

Which access control principle limits a user’s access to the specific information required to perform the currently assigned task?

  • Separation of duties

  • Eyes only

  • Least privilege

  • Need-to-know

 

A time-release safe is an example of which type of access control?

  • Nondiscretionary

  • Temporal isolation

  • Content-dependent

  • Constrained user interface

 

In which form of access control is access to a specific set of information contingent on its subject matter?

  • Temporal isolation

  • Content-dependent access controls

  • None of these

  • Constrained user interfaces

 

Which type of access controls can be role-based or task-based?

  • Nondiscretionary

  • Constrained

  • Content-dependent

  • Discretionary

 

Which of the following specifies the authorization classification of information asset an individual user is permitted to access, subject to the need-to-know principle?

  • Task-based access controls

  • Security clearances

  • Discretionary access controls

  • Sensitivity levels

 

Under lattice-based access controls, the column of attributes associated with a particular object (such as a printer) is referred to as which of the following?

  • Access control list

  • Capabilities table

  • Access matrix

  • Sensitivity level

 

Controls that remedy a circumstance or mitigate damage done during an incident are categorized as which of the following?

  • Deterrent

  • Preventative

  • Corrective

  • Compensating

 

Which security architecture model is based on the premise that higher levels of integrity are more worthy of trust than lower ones?

  • Bell-LaPadula

  • Clark-Wilson

  • Common Criteria

  • Biba

 

Which control category discourages an incipient incident?

  • Compensating

  • Preventative

  • Remitting

  • Deterrent

 

Which access control principle specifies that no unnecessary access to data exists by regulating members so they can perform only the minimum data manipulation necessary?

  • Need-to-know

  • Separation of duties

  • Least privilege

  • Eyes only

CMGT 430 Wk 1 – Lab 8-1 Live Virtual Machine Lab–Manage Role-Based Security

Complete Lab 8-1 Live Virtual Machine Lab—Manage Role-Based Security using the MindTap Access link.

For this activity, complete the following steps:

Review the Getting Started with Live Virtual Machine Labs Video Series at the beginning of your MindTap learning path to acquaint yourself with this lab environment.

Enter the live virtual machine lab environment, where you will engage in hands-on practice that will help you learn the material.

Note: If you exit the lab prior to completion, progress is not saved and the next time you launch the lab it will be considered a fresh start.

CMGT 430 Week 1 IT Systems Connection Table

Refer to the course scenario.

IT systems do not operate alone in the modern enterprise, so securing them will involve securing their interfaces with other systems, as well as the system itself. It is important to know the different interconnections each system may have.

During your review of the hospital’s current documents and files, you run across an IT systems connection table that was never completed by your predecessors. This document has a table that shows the relationship between multiple IT systems.

Complete the IT System Connection Table.

Submit your assignment.

CMGT 430 Wk 2 – Management of Information Security, Ch. 7 Quiz

Complete the Ch. 7 Quiz using the MindTap Access link.

Which of the following describes an organization’s efforts to reduce damage caused by a realized incident or disaster?

  • Transference

  • Mitigation

  • Acceptance

  • Avoidance

 

The financial savings from using the defense risk treatment strategy to implement a control and eliminate the financial ramifications of an incident is known as __________.

  • probability estimate

  • asset valuation

  • cost avoidance

  • risk acceptance premium

 

Once a control strategy has been selected and implemented, what should be done on an ongoing basis to determine their effectiveness and to estimate the remaining risk?

  • Evaluation and funding

  • Monitoring and measurement

  • Analysis and adjustment

  • Review and reapplication

 

Strategies to reestablish operations at the primary site after an adverse event threatens continuity of business operations are covered by which of the following plans in the mitigation control approach?

  • Damage control plan

  • Business continuity plan

  • Incident response plan

  • Disaster recovery plan

 

Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?

  • Risk appetite

  • Risk assurance

  • Residual risk

  • Risk termination

 

By multiplying the asset value by the exposure factor, you can calculate which of the following?

  • Value to adversaries

  • Annualized cost of the safeguard

  • Single loss expectancy

  • Annualized loss expectancy

 

When vulnerabilities have been controlled to the degree possible, there is often remaining risk that has not been completely removed, shifted, or planned for and is called __________.

  • residual risk

  • risk assurance

  • risk appetite

  • risk tolerance

 

What is the result of subtracting the postcontrol annualized loss expectancy and the ACS from the precontrol annualized loss expectancy?

  • Annualized rate of occurrence

  • Single loss expectancy

  • Cost–benefit analysis

  • Exposure factor

 

Which of the following determines acceptable practices based on consensus and relationships among the communities of interest?

  • Operational feasibility

  • Technical feasibility

  • Political feasibility

  • Organizational feasibility

 

What does FAIR rely on to build the risk management framework that is unlike many other risk management frameworks?

  • Quantitative valuation of safeguards

  • Subjective prioritization of controls

  • Risk analysis estimates

  • Qualitative assessment of many risk components

CMGT 430 Week 2 Enterprise Security Concerns

After reviewing the material your group has prepared so far, the management team has returned with a list of five specific concerns. They include:

  • Access control

  • Security enterprise

  • Impact of implementing a change management system

  • Mitigation

  • Risk management

Management has asked you to address concerns with a visual presentation. Address concerns by providing the following information:

  • An overview of the access control

  • Required mitigation steps for each concern

  • Prioritize concerns

  • Concerns with vendor relations from the enterprise security standpoint

  • Description of how the organization can apply risk management principles in its efforts

  • Description of iterative maintenance effort, including audits and frequency

Include at least two references formatted according to APA guidelines.

Present the information in one of the following ways:

  • A detailed chart along with a brief 1- to 2-page executive summary explaining the decisions made

  • A 12- to 14-slide multimedia-rich presentation with speaker notes

Submit your assignment.

 

CMGT 430 Wk 3 – Management of Information Security, Ch. 9 Quiz

Complete the Ch. 9 quiz using the MindTap Access link.

The benefits of ISO certification to organizations achieving it include all of the following EXCEPT:

  • Smoother operations

  • Reduced costs

  • Lower taxes from governments

  • Improved public image

 

Creating a blueprint by looking at the paths taken by organizations similar to the one whose plan you are developing is known as which of the following?

  • Baselining

  • Benchmarking

  • Best practices

  • Due diligence

 

Which of the following is not a consideration when selecting recommended best practices?

  • Organization structure is similar

  • Same networking architecture

  • Resource expenditures are practical

  • Threat environment is similar

 

Which of the following InfoSec measurement specifications makes it possible to define success in the security program?

  • Prioritization and selection

  • Development approach

  • Establishing targets

  • Measurements templates

 

Problems with benchmarking include all but which of the following?

  • Recommended practices change and evolve, thus past performance is no indicator of future success.

  • Organizations being benchmarked are seldom identical.

  • Organizations don’t often share information on successful attacks.

  • Benchmarking doesn’t help in determining the desired outcome of the security process.

 

What are the legal requirements that an organization adopts a standard based on what a prudent organization should do, and then maintain that standard?

  • Due care and due diligence

  • Baselining and benchmarking

  • Best practices

  • Certification and accreditation

 

Which of the following is not a factor critical to the success of an information security performance measurement program?

  • Strong upper level management support

  • Results oriented measurement analysis

  • High level of employee buy-in

  • Quantifiable performance measurements

 

Which of the following is a possible result of failure to establish and maintain standards of due care and due diligence?

  • Information system faults

  • Baselining

  • Benchmarking

  • Legal liability

 

Which of the following is not a question a CISO should be prepared to answer, about a performance measures program, according to Kovacich?

  • What affect will measurement collection have on efficiency?

  • Who will collect these measurements?

  • Why should these measurements be collected?

  • Where will these measurements be collected?

 

Which of the following terms is described as the process of designing, implementing, and managing the use of the collected data elements to determine the effectiveness of the overall security program?

  • Standards of due care/diligence

  • Baselining

  • Performance management

  • Best practices

CMGT 430 Week 3 Responding to Threats

Refer to the Week 3 – Required Learning Activity: Core Security Principles.

 

A few weeks ago, a nearby hospital, which is very similar in operations and scale to Auburn Regional, was the target of a ransomware attack. You have kept a close eye on this event. You decide to complete a review of current material available regarding ransomware attacks and especially ransomware and hospital enterprise systems.

Develop a 1- to 2-page chart. Your chart should have four columns for Authorization, Authentication, Roles, and Mitigation, as well as three columns for Small, Medium, and Large businesses. The chart should compare four attributes that are critical in enterprise systems today. Populate and extrapolate what steps can be taken to mitigate threats for small, medium, and large hospital enterprise systems.

Based on your chart, provide a final recommendation on how the hospital can respond to the threat. Summarize your chart findings, provide your recommendation, and answer the following questions in a brief, 2- to 3-page executive summary to the Auburn Regional management team:

  • How could changes to authorization, authentication, and roles help mitigate and deal with these systems threats?

  • How do you verify people and security levels?

  • How will your recommendations alleviate the threat?

Include the chart in your executive summary.

Submit your assignment.

 

CMGT 430 Week 4 Cloud Computing

Refer to the Learning Infographic Design and Cyber Security Awareness: Digital Data Protection.

 

Your work so far has been well-received and the management team is very interested in quickly bringing the rest of the organization into the process. The management team has expressed interest in incorporating cloud technology as part of the Auburn Regional’s IT architecture. To integrate both of these requests, you decide to create an infographic that could, on a single diagram, give the reader an idea of what cloud technology is and how it could be used by Auburn Regional as these enterprise systems updates are in action. As you might imagine, there is a wealth of information on the internet involving the use of cloud computing.

Consider the following information and outline your answers:

  • What are the pros and cons of cloud computing?

  • Where could cloud computing fit in the organizational structure and operations?

  • How do companies that enter cloud technology agreements pass on those issues to their customers?

  • How do these companies really know where their data and the data of their customers is really stored?

  • What precautions are being taken?

Using your outline, create an original infographic for a presentation to the Auburn Regional management team that shows:

  • The basics of cloud computing

  • Overview of pros and cons of cloud computing

  • Where cloud computing could possibly fit into the organizational structure and operations

  • At least two concerns that need to be addressed

Include your outline on a separate document to support your infographic.

Submit your assignment.

 

CMGT 430 Wk 4 – Lab 10-1: Implement Backup and Recovery

Complete Lab 10-1: Implement Backup and Recovery using the MindTap Access link.

Review the Getting Started with Live Virtual Machine Labs Video Series found at the beginning of your MindTap learning path to acquaint yourself with this lab environment.

Enter the live virtual machine lab environment, where you will engage in hands-on practice that will help you learn the material.

Note: If you exit the lab prior to completion, progress is not saved and the next time you launch the lab it will be considered a fresh start.

 

CMGT 430 Wk 5 – Post-Course Assessment Quiz

Complete the Post-Course Assessment quiz using the MindTap Access link.

What tool would you use if you want to collect information as it is being transmitted on the network and analyze the contents for the purpose of solving network problems?

  • Port scanner

  • Content filter

  • Packet sniffer

  • Vulnerability scanner

 

Which of the following InfoSec positions is responsible for the day-to-day operation of the InfoSec program?

  • CISO

  • Security officer

  • Security manager

  • Security technician

 

Which of the following can be described as the quantity and nature of risk that organizations are willing to accept as they evaluate the trade-offs between perfect security and unlimited accessibility?

  • Risk termination

  • Risk appetite

  • Residual risk

  • Risk assurance

 

Which document must be changed when evidence changes hands or is stored?

  • Affidavit

  • Evidentiary material

  • Search warrant

  • Chain of custody

 

The C.I.A. triad for computer security includes which of these characteristics?

  • Availability

  • Authentication

  • Authorization

  • Accountability

 

There are three general categories of unethical behavior that organizations and society should seek to eliminate. Which of the following is not one of them?

  • Malice

  • Ignorance

  • Intent

  • Accident

 

The type of planning that is used to organize the ongoing, day-to-day performance of tasks is ____________.

  • organizational

  • tactical

  • operational

  • strategic

 

Which is the first step in the contingency planning process among the options listed here?

  • Disaster recovery planning

  • Business impact analysis

  • Business continuity training

  • Incident response planning

 

What is the SETA program designed to do?

  • Reduce the occurrence of accidental security breaches.

  • Improve operations.

  • Increase the efficiency of InfoSec staff.

  • Reduce the occurrence of external attacks.

 

Which type of document is a more detailed statement of what must be done to comply with a policy?

  • Procedure

  • Standard

  • Guideline

  • Practice

 

 

CMGT 430 Week 5 Enterprise Security Plan Strategic Objectives

An enterprise security plan is a document that explains the security exposure that an entity would encounter in a specific marketplace. A committee of people typically writes this document over a span of a few months. Many times the drafts begin with developing a high-level overview of strategic objectives that address how to secure the enterprise inside and outside the enterprise.

The CEO asks you to explain the core principles of enterprise security and respond to five strategic objectives as part of the overall enterprise system security plan draft. They are:

  • Data loss prevention

  • Access controls

  • Data management

  • Risk management

  • Cloud technology

For each of the five strategic objectives, write a response that addresses the following:

  • Key initiative: Why is this topic important to Auburn Regional?

  • Objectives: What is the desired outcome to this effort?

  • Description: What is the specific strategic objective? Provide a high-level explanation.

  • Benefits: What will be the benefits of this effort?

  • Outcome: What will be done to meet this objective?

Include any charts, graphics, or infographics created in previous weeks that support your findings.

Compile your response with the following:

  • An updated executive summary

  • A final recommendation

  • At least three new references throughout your plan overview, cited according to APA guidelines.

Incorporate feedback and use previous assignments as a resource. As a guideline, an overview of this nature is typically 3 to 4 pages long.

Submit your assignment.