LAB 3 Developing a Security Policy Framework Implementation Plan

Part 1: Research Security Policy Frameworks (0/2 completed)

Note: In this part of the lab, you will review internet resources on security policy frameworks in order to form a basis for their purpose and usage. Understanding the reason behind a security policy framework is key to understanding the component policies and procedures. Please take the time to review the research thoroughly and think through the concepts behind the framework itself.

1. In your browser, navigate to https://www.sans.org/reading-room/whitepapers/policyissues/information-security-policy-development-guide-large-small-companies-1331.

2. Read Sections 1-5 of the SANS Policy Development Guide.

3. Summarize the Policy Development Guide’s recommendations for organizing a policy hierarchy and selecting policy topics.

Note: It is important to understand how and why a policy differs from a standard, a procedure, and a guideline. From the top down, the policy should not change or need modification unless a major shift in corporate values or business process occurs. On the contrary, guidelines should be reviewed, and possibly changed, often.

Similarly, even though a policy should be written clearly and concisely, it is a high-level document answering the “why” questions. Standards are also high level, but they answer the “what” questions. Finally, the procedures and guidelines provide the “how.”

Examples of security policy and guideline templates are available from the SANS Institute at https://www.sans.org/information-security-policy/.

In the next steps, you will learn about COBIT 2019, a popular industry-standard policy framework.

4.  In your browser, navigate to https://www.cio.com/article/3243684/what-is-cobit-a-framework-for-alignment-and-governance.html.

5. Describe the core principles and objectives of COBIT 2019.

Part 2: Define a Security Policy Framework (0/2 completed)

Note: Understanding both unique and universal risks to your organization’s IT infrastructure is essential to developing an appropriate IT security policy framework for your organization. In this part of the lab, you will review a list of risk, threats, and vulnerabilities and define appropriate policies to mitigate them. Next, you will organize your policies into a policy framework.

1. Review the following list of risks, threats, and vulnerabilities at the fictional Healthwise Health Care Company.

  • Unauthorized access from public Internet
  • Hacker penetrates IT infrastructure
  • Communication circuit outages
  • Workstation operating system (OS) has a known software vulnerability
  • Unauthorized access to organization-owned data
  • Denial of service attack on organization’s e-mail
  • Remote communications from home office
  • Workstation browser has software vulnerability
  • Weak ingress/egress traffic-filtering degrades performance
  • Wireless Local Area Network (WLAN) access points are needed for Local Area Network (LAN) connectivity within a warehouse
  • User destroys data in application, deletes all files, and gains access to internal network
  • Fire destroys primary data center
  • Intraoffice employee romance gone bad
  • Loss of production data
  • Need to prevent rogue users from unauthorized WLAN access
  • LAN server OS has a known software vulnerability
  • User downloads an unknown e-mail attachment
  • Service provider has a major network outage
  • User inserts a USB hard drive with personal photos, music, and videos on organization-owned computers
  • Virtual Private Network (VPN) tunneling between the remote computer and ingress/egress router

2. For each risk, threat, or vulnerability in the list above, select an appropriate security policy that might help mitigate it. You can select one of the SANS policies or choose one from the following list.

Security Policies

  • Acceptable Use Policy
  • Access Control Policy
  • Business Continuity—Business Impact Analysis (BIA) Policy
  • Business Continuity and Disaster Recovery Policy
  • Data Classification Standard and Encryption Policy
  • Internet Ingress/Egress Traffic Policy
  • Mandated Security Awareness Training Policy
  • Production Data Backup Policy
  • Remote Access Policy
  • Vulnerability Management and Vulnerability Window Policy
  • Wide Area Network (WAN) Service Availability Policy

3. Organize the security policies you selected so that they can be used as part of an overall framework for a layered security strategy.

Challenge Exercise (0/2 completed)Note: The following challenge exercise is provided to allow independent, unguided work – similar to what you will encounter in a real situation.

A user at Digital Innovation Products has been using company network resources to download torrent files onto a USB drive and transfer those files to their home computer. IT tracked down the torrent traffic during a recent network audit. Unfortunately, the company does not have a current policy that restricts this type of activity.

Identify at least two appropriate policies that should be in place to define this type of behavior and the consequences thereof.

Write a brief overview for C-level executives explaining which policies should be added to the company’s overall security policy framework, why they should be added, and how those policies could protect the company.

Authorized Uses

 

Authorized Uses

Overview: 

You are the Information Security Officer of Mahtmarg Manufacturing a small manufacturing company worth approximately $5 Million who provides fiber cable to local businesses, individual customers and to government organizations. In the course of the next eight weeks you will be creating your Information Security Plan (Issue-Specific Security Policy in Table 4-3 of the textbook) step by step using this scenario..

Your Task 

Step 2: Develop the Authorized Uses section of your ISP

In this week’s Lab you will develop the Authorized Use section of your ISP to include:

·  Who can use the technology?

·  Define fair and responsible use.

·  Explain how the company will protect personal as well as proprietary information.  

·  Include access to company systems from ‘outside connections’ (e.g. – public hotspot)

ETC W 3 D

 

Malicious individuals have discovered several methods to attack and defeat cryptosystems. It’s important that understand the threats posed by cryptographic attacks to minimize the risks to your network systems.

Identify one cryptographic attack and how you can protect against it. 

Please make your initial post and two response posts substantive. A substantive post will do at least TWO of the following:

  • Ask an interesting, thoughtful question pertaining to the topic
  • Answer a question (in detail) posted by another student or the instructor
  • Provide extensive additional information on the topic
  • Explain, define, or analyze the topic in detail
  • Share an applicable personal experience
  • Provide an outside source (for example, an article from the UC Library) that applies to the topic, along with additional information about the topic or the source (please cite properly in APA 7)
  • Make an argument concerning the topic.

At least one scholarly source should be used in the initial discussion thread. Be sure to use information from your readings and other sources from the UC Library. Use proper citations and references in your post.

Write static methods as follows

  

Question 1 

Write static methods as follows: 

  • double      sum(double[] a) –      returns the sum of the entries in the array a
  • double[]      fill(int n, double v) –      returns an array of n doubles, all of whose values      are v
  • double[]      random (int n) –      return an array of n random doubles. 
  • double      min(double[] a) –      returns the minimum element of the array a
  • double      max(double[] a) –      returns the maximum element of the array a
  • double      average(double[] a) –      returns the average (or mean) of the elements of the array a
  • double      variance(double[] a) –      returns the variance of the elements of the array a      (note: this      method should call your average method). 
  • double      stdDev(double[] a) –      returns the standard deviation of the elements of the array a      (note: this      method should call your variance method). 
  • double[]      read() –      reads an array from the keyboard and returns it (read the number of      elements first, and then that many numbers). 
  • void      print(double[] a) –      prints an array, a, on a single line with      commas between elements (do NOT use Arrays.toString()). 

Write a Main class with a main method that tests your methods appropriately (i.e. by calling each method at least once with various inputs), and printing the results. 

Individual Simulation Report 4

Each student, independently of the team will prepare a brief summary for the week’s simulation efforts. This report will include the following information: 

  1. What was your one corporate generic strategy as reviewed from our text for the week?  Break this down by your target market and your competitive advantage.  Why?  Did your overall strategy change since week 1?  Why?
  2. What was your strategic action plan going into the rounds detailed in Blackboard including the reasons for the moves and how it relates to your overall strategy?  What are your objective and measurable goals for the moves?  Did you have to make operationally reactive moves not related to your strategy?  Why?
  3. What was the objective, fact-based results compared to your intended moves and the reasons of these moves generally? How did your moves advance your one Generic Strategy?  Be specific.  Did you get the objective results you expected?  Why/why not?  Share any objective measures from the simulation program that are pertinent to the strategic implementation results and note any purely operational moves.  How did your competition and the external environment impact your moves?  What is your analysis of this data results compared to your intended results?
  4. What do you think the next set of objective and measurable moves you will have to consider, and what will you suggest to your partners regarding next week’s moves?
  5. What have you learned and how does this relate to other lessons in this course and to your career?
  6. Provide a log regarding the specific dates and times that you accessed the simulation system including specifically when and how you and your teammate reviewed and discussed the simulation system data and decided on your moves to make.  A sample is provided in week 1.

Your report this week should cover periods 9 thru 10 inclusively with fact-based objective data that you analyze from all four periods.  DO NOT copy from your first paper.  Each paper must be written in your own words with proper APA referencing.Your grade for each of the simulation report papers will be based on your analysis and critical thinking around the selection and implementation of the corporate strategy for your company.  Your analysis must be increasingly more thorough with each paper as you become more familiar with the simulation program and with the concepts from our course.  The grade will also include a portion based on your team’s current position and your team’s work together.  Review the required components in the grading rubric for the simulation paper.Submission Details: Your assignment will be between 1000 and 1500 words and follow APA Guidelines. Include a cover page and at least your course text as a reference.

Note: Please write in own words and make sure to watch the values for 9&10

Excel_5E_Law_Schedule

Excel_5E_Law_Schedule

  

Project Description:

In this project, you will manage a large worksheet and work on two workbooks at the same time. You will also add a hyperlink to your workbook.

     

Start Excel. Download, save, and   open the workbook named Student_Excel_5E_Law_Schedule_as.xlsx.   

 

Go to cell M50, and then insert   a COUNTIF function to count the number of unassigned (Staff) judges. In cell   K50, type Events with Unassigned Judges

 

Move to cell A1. Open the   downloaded file e05E_Judge_Requests.xlsx.   Switch windows, and then make your Student_Excel_5A_Law_Schedule_as file the active window. Arrange your two   files horizontally.
 

  Mac users, do not open the file, or if you have opened the 05E_Judge_Requests workbook, close the   file. In your 5E_Law_Schedule file,   click cell M3, type George Gates and then make cell A1 the active cell. Skip step   4, and then continue with step 5.

 

In the Student_Excel_5E_Law_Schedule_as workbook, go to cell A51, split   the window horizontally, and then click in any cell above the split in column   C. Use Find to locate the first Event # request from the e05E_Judge_Requests worksheet, and then type George Gates in the appropriate cell in the Student_Excel_5E_Law_Schedule_as   workbook to assign him as the Judge. Close the Find and Replace dialog box,   and then close the e05E_Judge_Requests worksheet. Maximize your   Student_Excel_5E_Law_Schedule_as worksheet, and then remove the Split.

 

Insert a new blank row 1. In   cell A1, type Schedule of Academic Events with Unassigned Judges and then Merge & Center the   title across the range A1:M1. Apply the Title cell style.

 

Create a New Table Style named Academic Team   Schedule.   Format the First Row Stripe using the Fill tab and in the sixth column, click   the third color. Format the Second Row Stripe using the sixth column, fifth   color. Format the Header Row using the eighth column, first color. Set as the   default table style for this document.

 

Select the range A2:M49 and apply the Custom table   style—Academic Team Schedule.

 

Autofit columns A:M. Set the   orientation to Landscape, set the Width to 1 page, center the worksheet   Horizontally. Insert a footer with the file name in the left section and page   number in the right section. 

 

Add a page break on page 1 after   row 40. Repeat row 2 at the top of each page.

 

Insert a hyperlink in cell J2 to   the downloaded e05E_Academic_Coaches.xlsx   workbook. Change the ScreenTip to read Click here for contact information and then test your hyperlink.   Close the e05E_Academic_Coaches.xlsx workbook.

 

Save your workbook and then   close Excel. Submit the workbook as directed.

Data Mining

 Review the reading by Naouma and answer the following

  1. Denote what the study was about.
  2. Discuss how random-field theory was used in the case study.
  3. What were the results of the false recovery rate in the study?

APA7 format.  Add headings to each of the questions above as well.  Ensure there are at least two-peer reviewed sources . 

Naouma, P. (2019). A comparison of random-field-theory and false-discovery-rate inference results in the analysis of registered one-dimensional biomechanical datasets. PeerJ (San Francisco, CA), 7, e8189–e8189.