IT3358 Full Course (May 2019)

Unit 1 Discussion

Security Vulnerabilities: Policies and Controls

When developing a network security strategy, you need to make decisions on what security vulnerabilities need to be controlled in that environment. In your own words, describe how you believe vulnerabilities for global organizations differ from those that are non-local or domestic? Provide at least one (1) example supporting your stance.

IT 3358 Information Security Concepts for the IT Professional

Unit 2 Discussion

AAA Framework and Cryptography

The concepts of auditing, authorization, and accountability within the area of information security have helped to ease some burdens of IT security professionals relating to the control of data flow and how data and network security policies are managed. Describe the relationship between auditing, authorization, and accountability within data and network security. Additionally, describe at least one (1) tool that you believe can assist IT professionals with the security of data and networks and explain how this tool can be functional in organizations.

IT 3358 Information Security Concepts for the IT Professional

Unit 3 Discussion

Physical Security Controls

The assignment and readings for this week have included various physical network security controls, practices, and policies. Discuss why you believe systems and people can be (a) countermeasures, (b) vulnerabilities, and (c) threats to your physical network assets? Provide at least one (1) example on how this can be the case for each of these categories.

IT 3358 Information Security Concepts for the IT Professional

Unit 4 Discussion

OS and Application Vulnerability

One of the primary goals when selecting a particular technology to implement and secure an IT infrastructure is to ensure that data, operating systems, and applications are secured with competent security tools. Based on your practical experience and research on this topic, identify a vulnerability to a specific application and describe at least two (2) countermeasures or tools you would consider recommending to an organization to mitigate that vulnerability. In addition, explicate why you believe it is important for organizations to protect against this vulnerability while including the potential outcomes if this vulnerability were accepted or ignored.

IT 3358 Information Security Concepts for the IT Professional

Unit 5 Discussion

Course Reflections

Reflecting on what you have learned in this course, explain what you believe to be the most concerning security threat to organizations today and why you believe that to be the case. Additionally, assume you were implementing a security strategy for an organization that had no previous security operations; determine the first three (3) security controls you would consider implementing and explain why you believe these are the most important to commence these efforts.

IT 3358 Information Security Concepts for the IT Professional

Unit 1 Assignment

Project Scope

For this assignment, you will develop an initial scope document and proposal for deploying an Enterprise Security Infrastructure Project. This is done by gathering facts about the selected organization and identifying project needs.

First, select a global IT organization with which you are currently affiliated, have worked for in the past, or one you would like to learn more about. This organization should be relevant to your professional goals and sufficient information about this organization should be available through experience or research. You will use this same organization as a foundation for all of your project assignments in this course.

Once you have selected your organization, you will evaluate the existing security infrastructure and suggest improvements appropriate to improving the cost and efficiency of managing the security. If assumptions need to be made as part of your project, please list those assumptions so that your instructor is aware.

For this assignment, use the suggested resources, the library, and the Internet to research the subject matter.

Instructions

Now that you have an understanding of the project and the company’s needs, include the following in the initial scope document and proposal:

Describe the scope of your project by providing an overview to the selected organization: the reasons for your choice, its size, and the location of the organization.

Describe the main business problems and goals as they relate to information technology. Include information relative to organizational user, organizational systems, and the security requirements.

Describe decision makers and stakeholders on whom you would rely to develop a requirements analysis and traverse through the information gathering phases of a security infrastructure deployment project.

Define a project timeline and outline that coincides with the system and/or infrastructure component life cycle stages. Additionally, identify the security components, requirements, and concerns that will need to be addressed.

Explain the role of Availability, Confidentiality, Authentication, and Integrity in identifying the project scope for the organization.

Given the global nature of the organization, identify any unique challenges that you anticipate facing from a regulatory, human resources, and cultural standpoint.

You are encouraged to provide resources and citations. Any references should be formatted according to APA (6th Edition) style and formatting.

IT 3358 Information Security Concepts for the IT Professional

Unit 2 Assignment

AAA Framework and Cryptography Strategy

For this assignment, you will complete a data security strategy. This is done by gathering facts about the selected organization and identifying project needs. For this assignment, use the suggested resources, the library, and the Internet to research the subject matter.

Instructions

For this assignment, complete the following components for your Perimeter Security Strategy:

Describe vulnerabilities and threats associated with data being stored, in transit and in use.

Compare two cryptography tools and strategies for the project that would be beneficial for protecting data being stored, in transit and in use.

Describe at least three (3), non-cryptography strategies for protecting stored data, data in transit and/or data in use for the company.

Describe strategies and identify at least two (2) tools for supporting the AAA framework in your company’s security solution.

Determine how you would consider applying access control and identify management to protect stored data, data in transit and/or data in use in the company.

Define at least two (2) policies or guidelines that you would include your organization’s data security manual. You are encouraged to provide resources and citations. Any references should be formatted according to APA (6th Edition) Style and Formatting.

Note: Make sure that you follow the scoring guide prior to submitting. Submit your document to the assignment area once completed.

Resources

AAA Framework and Cryptography Strategy Scoring Guide.

IT 3358 Information Security Concepts for the IT Professional

Unit 3 Assignment

Physical Network Security Strategy

For this assignment, you will complete your Physical and Network Security strategy. Each organization/company would need to show how their data, assets, and networks are protected. In this assignment, you will outline, address, and discuss your overall physical and network security strategy where you plan, design, and implement your security strategy around the organization’s global network infrastructure. For this assignment, use the suggested resources, the library, and the Internet to research the subject matter.

Instructions

For this week, you are to complete the following components:

Describe at least three (3) threats and vulnerabilities associated to physical security.

Define at least two (2) physical security strategies for protecting each of the following categories in the company: (a) data, (b) human resources and (c) hardware.

Describe strategies for protecting the company’s network perimeter from external threats.

Describe strategies for protecting the company’s internal and external network traffic and identify at least two (2) network security tools you would consider utilizing.

Define at least two (2) policies or guidelines that you would include in the organization’s physical security manual.

You are encouraged to provide resources and citations. Any references should be formatted according to APA (6th Edition) style and formatting.

Ensure to follow the scoring guide prior to submitting and submit your document to the assignment area.

IT 3358 Information Security Concepts for the IT Professional

Unit 4 Assignment

OS and Application Security Strategy

For this assignment, you will explain how to secure your applications and operating systems through the use of various security tools. For this assignment, use the suggested resources, the library, and the Internet to research the subject matter.

Instructions

For this assignment, complete the following components to secure your applications and operating systems:

Describe threats and vulnerabilities associated with at least two (2) operating systems.

Describe an anti-malware solution for the organization and indicate on which operating systems it supports.

Select a suitable intrusion detection system (IDS) solution for the organization and explain the reasoning for your suggestion.

Describe at least two (2) control strategies you would consider implementing for securing the company’s web-based infrastructure.

Describe at least two (2) control strategies you would consider implementing for securing the company’s database infrastructure.

Define two (2) items that you would include in the organization’s operating system security hardening procedures.

You are encouraged to provide resources and citations. Any references should be formatted according to APA (6th Edition) Style and Formatting.

Follow the scoring guide and submit to the assignment section once completed.

IT 3358 Information Security Concepts for the IT Professional

Unit 5 Assignment

Security Policy

As part of your course project, you are to develop, and design your overall security policy strategy.

Instructions

Identify a complete list of security standards that must be addressed in a comprehensive solution for the organization.

Discuss legal and regulatory issues that must be considered in relation to the management of information assets.

Identify the steps that you took throughout the quarter to ensure that your security solution will succeed internationally and describe how you addressed globalization in your security design.

For your final submission, include all your previous work for weeks 1–4 as part of this submission. Review the feedback that your instructor provided throughout the quarter and use that to finalize the security solution for your organization.

You are encouraged to provide resources and citations. Any references should be formatted according to APA (6th Edition) style and formatting.

Note: Make sure that your paper is professionally written and free of errors, and that APA formatting is applied throughout. Once complete, submit your document in the assignment area.