SEMINAR 3

Assume you've been named Chief Security Officer (CSO) of a company that deals with highly sensitive and classified information. Because the materials are so sensitive, only authorised people should have access to this facility. Unauthorized access could pose a serious threat to national security. This facility is very new, and there is currently no automated information technology-based authentication mechanism in place. The first assignment you were given after being appointed as CSO was to build an IT-based identification system that checks a person's identity when he or she wishes to use the facility. Propose and describe an authentication system that can be used to verify employees and allow only those personnel with proper access rights to access classified resources. Please keep in mind that single factor authentication may not be sufficient.

You are the new information security consultant company for the XYZ Group, a medium-sized software development company. Before hiring you, the company had been plagued with security incidents that are listed below. Management has asked you to help assess the risk and conduct a cost/benefit analysis of proposed solutions.   Incident #1: Two years ago, plans for a new product were leaked onto the Internet, and as a result a competitor was able to produce a rival version of the software and get it to market first. XYZ estimates that sales of that software, which were expected to be at $1 million annually, were reduced by 50% due to the information leakage. Next year, the company is planning to introduce a new software that will be a major upgrade to the previous model. It should regain the company's market share in that product line. The cost for averting a similar information leak for the new product is not yet known, but training the staff, which would cost about $50,000 per year, is…

Research SCAP. How is it used? How popular is it among security vendors? What are its advantages? What are its disadvantages? Write a one-page summary of your research.

Imagine you are at an interview for an entry-level position in IT security. The interviewer asks you to describe a specific tool you could use for testing the security of a machine or network. (Please limit your answer to something we talked about in class or used in a lab. For full points give the exact name (e.g. not just "vulnerability scanner" or "password cracker") and describe what it is and why it is a useful security tool). Edit View Insert Format Tools Table 12pt v Paragraph v I U A > > >

Using all you have learned in the introductory security analysis course (ITSY 1371), use the methods/tools learned within this course to investigate an organization (Cisco, in this case). Provide an official write-up, in 1300 words, of the organization's stance, identifying items you have uncovered within the open-source world.

Suppose that you are appointed as Chief Security Office (CSO) in an organization which deals with very critical and classified resources. The resources are so highly confidential that only authorized personnel should be given access to this facility. Access to unauthorized people may cause severe threats to national security. This facility is newly built and currently doesn’t have any automated information technology-based authentication system. After being appointed as CSO, the first task you have been assigned is to design an IT based authentication system which verifies the identity of a person when he/she wants to access the facility. Propose and explain an authentication system which can be used for verification of employees to let only those personnel give access to classified resources who have proper access rights. Please note that single factor authentication may not serve the purpose well.

What questions do you think Kelvin should have included on his slide to start the discussion? If the questions were broken down into two categories, they would be cost versus maintaining high security while keeping flexibility. Which is more important for SLS?

The computer lab of a local college needs a one-page document that it will distribute to its incoming students to increase their security awareness. After reading the information presented in this module and other sources, prepare a document, which should include a 10-item bullet list of the things that students must remember to reduce the risks of using information technology. After reading the information presented in this module and other sources, write a one-page paper about three high-profile companies that faced security breaches in the last two years. Identify two vulnerabilities that enabled hackers to break into these companies’ systems. Denial of service (DoS) is among the security threats that have been on the rise in recent years. After reading the information presented in this module and other sources, write a one-page paper that outlines four recommendations for dealing with this security threat. Cite three U.S. companies that have been among the victims of this security…

A recent incident involving a security weakness in authentication or access control may make for a fascinating topic for a case study if it was written up. Is there going to be a change in the way that the company functions as a consequence of this? I was wondering if you could tell me whether or whether this firm has ever gone bankrupt, and if so, how much money was lost.

The Center for Internet Security and the Benchmarks project. In what year was the CIS founded, and what is their mission statement? Roughly how many benchmarks do they currently provide (10? 100? 1000?), what kinds of platforms (just desktops and servers, or...?). Are all of the benchmark documents freely downloadable for non-commercial use? What is the CIS-CAT tool, and what are the two main differences between the Pro and Lite versions?

create a security exercise utilizing two or more of the exercises types (red team, blue team, white team, purple team) discused in the assigned chapter readings. Detail your scenario, your use of at least 2 teams and how you will carry out the exercise to test your clients network security. what teams will be used? what roles will they play? use the courses microsoft word memo templat

Hi there.I would appreciate your help with this matter.I have to write a report based on my lab exercises for my course information security ll. ( All labs are available in Netlab) the given lab exercises are,1, Lab 1.7 network Security ( mandatory lab) and any three selectable Labs from the below Labs Lab 1.1 McCumber Cube Information Security Management ModelLab 1.2 CryptographyLab 1.3 Cryptography ContinuedLab 1.5 Security PoliciesLab 1.6 Access Control the task is 1. An account of the activities undertaken in the lab, includinginteresting or unexpected findings.2. The central concept behind the lab activity, and its alignmentwith understanding Information Security Principles.3. An overall review of the lab, with suggestions for additions,and/or improvements. This should include extension activities. Each Lab's report should be approximately 600 words.

Some professionals working in the area of information technology security believe that companies should bring on former hackers and computer felons to work as consultants in order to strengthen their security protocols. Do you hold that view? Is there a positive cause or a negative reason for this?

Discuss the concept of zero-trust security and its relevance in modern IT environments.

What are the key differences between the top-down and bottom-up approaches to information security?Is there any benefit to working from the top down as opposed to the bottom up?Evaluate the two ideas side by side, and explain in detail how they relate to the operation of the business.

What are the risks of having an all-encompassing security architecture in place?What are the reasons preventing such infrastructure from being built?What options do we have to the present situation?

A case study on a recent incident involving an authentication or access control security vulnerability may be quite interesting. Does this cause a change in how the company functions? I was hoping to get some information on the company's loss history and the nature of any losses that have occurred.