Week 1 - Hands-On Project Mod 1 and 2_Stanzione

docx

School

University Of Arizona *

*We aren’t endorsed by this school

Course

CYB 300

Subject

Information Systems

Date

Jan 9, 2024

Type

docx

Pages

9

Uploaded by flidai

Report
Week 1 Hands On Student’s name: Rachel Stanzione Name of institution: The University of Arizona Global Campus Course name and number: CYB 300 System Administration & Security Instructor’s name: Hisako Sato Due date: December 19, 2022 Part One Module 01: Introduction to Information Security Review Questions 1. What is the difference between a threat agent and a threat source? o Answer: A threat agent is an instant (i.e. natural disaster) or component (i.e. and individual) that is facilitating the security breach. 2. What is the difference between vulnerability and exposure? o Answer: A vulnerability is a weakness in a system, something that has the potential for being exploited. An exposure is a known incident in which the vulnerability was acted upon. 3. What is a loss in the context of information security? o Answer: A single incident of a data asset being lost, destroyed, changed without permission or being denied access. Information theft is a loss for an organization. 4. What type of security was dominant in the early years of computing? o Answer: Physical security was dominate because computing was not hyper-connected, and you physically had to be at the computing device to use it. 5. What are the three components of the C.I.A. triad? What are they used for? o Answer: The three components of the CIA triad is: Confidentiality – assurance that information is shared only among authorized people or organizations. Integrity – assurance that information is complete and uncorrupt. Availability – assurance that information systems and data are available to use when needed. *These components are used to articulate the objectives of a security program that needs to be used in harmony to ensure an information system is secure and usable. 6. If the C.I.A. triad is incomplete, why is it so commonly used in security? o Answer: It is used because the concept still addresses the fundamental concerns of information security: confidentiality, integrity, and availability.
7. Describe the critical characteristics of information. How are they used in the study of computer security? o Answer: Critical characteristics of information: Availability - Enables users who need to access information to do so without interference or obstruction and in the required format. The information is said to be available to an authorized user when and where needed and in the correct format. Accuracy – Is free from mistake or error and has the value that the end user expects. If information contains a value different from the user’s expectations due to the intentional or unintentional modification of its content, it is no longer accurate. Authenticity - The quality or state of being genuine or original, rather than a reproduction or fabrication. Information is authentic when it is the information that was originally created, placed, stored, or transferred. Confidentiality - The state of preventing disclosure or exposure to unauthorized individuals or systems. Integrity - The state of being whole, complete, and uncorrupted. The integrity of information is threatened when the information is exposed to corruption, damage, destruction, or any other disruption from its authentic state. Utility - Information has value when it serves a particular purpose. This means that if information is available, but not in a format meaningful to the end user, it is not useful. Possession - The quality or state of having ownership or control of information or data. *These characteristics are used to ensure that security assessment and implantation addresses the necessary components that users expect. 8. Identify the components of an information system. Which of the components are most directly affected by the study of computer security? o Answer: The components of an information system is its hardware, software, data, procedures, network and people. The most directly affected by the study of computer security is hardware, software and data as these are the components that house the most important information. 9. What is the McCumber Cube, and what purpose does it serve? o Answer: The McCumber Cube is model framework for establishing and evaluating information security programs to assist in developing   information assurance   systems. It is designed to help organizations consider the interconnectedness of all the different factors that impact them. 10. Which paper is the foundation of all subsequent studies of computer security? o Answer:   Rand Report R-609, sponsored by the Department of Defense paper, is the foundation of all subsequent studies of computer security. 11. Why is the top-down approach to information security superior to the bottom-up approach? o Answer: The top-down approach is superior because the project is designed by upper level management who decide policies, procedures and processes. They determine the goals and outcomes as well as who is accountable for each piece of the process.
12. Describe the need for balance between information security and access to information in information systems. o Answer: To allow unrestricted access at anytime to anyone could pose a risk to information, however creating a completely secure information system wouldn’t allow anyone access. It’s important to create a balance of allowing a sufficient amount of access while still securing the integrity of the information. 13. How can the practice of information security be described as both an art and a science? How does the view of security as a social science influence its practice? o Answer: There are no hard and fast rules when it comes to information security, especially when it comes to users and policies. Because computer scientists and engineers created the software, it might be referred to as science. When given adequate time, faults are the exact interaction of hardware and software that can be corrected. 14. Who is ultimately responsible for the security of information in the organization? o Answer: The Chief Information Officer (CIO) is responsible for developing the strategic plans for the entire organization. 15. What is the relationship between the MULTICS project and the early development of computer security? o Answer: For the first time, an operating system was developed with security as its top priority. The Multiplexed Information and Computing Service System (MULTICS) was the focus of most of the early research on computer security. MULTICS is notable because it was the first operating system to incorporate security into its fundamental operations, despite the fact that it is now out of date. A collaboration between General Electric (GE), Bell Labs, and the Massachusetts Institute of Technology (MIT) created the mainframe, time-sharing operating system in the middle of the 1960s. 16. How has computer security evolved into modern information security? o Answer: In earlier years computers were secured by physical means; with a person standing guard outside of a room or the use of a physical key to access the use of the machine. With the use and evolution of ARPANET, it was discovered how easy it was to find holes in network. The publication of the RAND report brought to light the issues in security as well as ways to implement controls to ensure security. Over the years with each new technological development, the need to revise security protocol was prevalent. Now it is an ongoing act to create upgraded ways to secure an ever changing system. 17. What was important about RAND Report R-609? o Answer: The RAND Report was a published document that identified the role of management and policy issues in computer security. It defined the controls and mechanisms needed to protect a data processing system. This document is what started the study of computer security.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
18. Who decides how and when data in an organization will be used or controlled? Who is responsible for seeing that these decisions are carried out? o Answer: The Chief Information Security Officer (CISO) is responsible for assessing and implementing and management of information security. 19. Who should lead a security team? Should the approach to security be more managerial or technical? o Answer: The leader of a security team should ideally have some technical training. A good manager is able to make judgments based on the data and listens to what other team members have to say. Even if they themselves are technical in nature, the management must rely on the members' technical skills. 20. Besides the champion and team leader, who should serve on an information security project team? o Answer: The team should have a security policy developer to maintain existing policies and requirements. Risk assessment specialist, they understand the financial aspect of the implementing new assets. Security professional who are well educated in aspects of information security. Systems administration to create systems to house the information used by to the organization. And end users, these are the users who have the greatest impact of any new developments or upgrades. They are essentially the testers. Module 02: The Need for Security Review Questions 1. Why is information security a management problem? What can management do that technology cannot? o Answer: Because management is responsible for approving new technology, creating security policies, and enforcing those standards, information security is a management issue. If regulations are not employed to compel its use, technology will not function. When selecting technology for use in disaster recovery plans, management plays a significant role. Without management to develop plans, substantial cost damages are unavoidable. 2. Why is data the most important asset an organization possesses? What other assets in the organization require protection? o Answer: Data is crucial to a company because without it, it would be unable to keep track of transactions and/or provide value to its clients. Protecting data in motion and data at rest are equally important because every company, academic institution, or governmental organization that operates within the contemporary social environment of connected and responsive services depends on information systems to support these services. The ability of the company to operate, the security of applications, and technological assets are additional assets that need to be protected.
3. Which management groups are responsible for implementing information security to protect the organization’s ability to function? o Answer: General management, I.T. management, and information security management. 4. Has the implementation of networking technology, such as the cloud, created more or less risk for businesses that use information technology? Why? o Answer: Networking is typically thought to entail increased risk for information technology-using enterprises. This is because networked information systems, particularly those connected to the Internet, give potential attackers more and easier access to these systems. 5. What is information extortion? Describe how such an attack can cause losses, using an example not found in the text. o Answer: When an attacker has access to an asset, they can force it to comply with their demands. For instance, if an attacker is able to access a collection of data in a database and encrypt that data, they may demand money or another valuable resource from the owner in exchange for disclosing the encryption key, allowing the owner to use the data. 6. Why are employees among the greatest threats to information security? o Answer: Due to the ease with which hackers can trick people into disclosing personal information or downloading malware, employees pose significant dangers to the information security of a business. The "social engineering" of people is simple. A fairly popular method of misleading users is through phishing emails. 7. How can you protect against shoulder surfing? o Answer: The easiest strategy for someone to prevent shoulder surfing is to steer clear of accessing private information while another person is around, if at all possible. A person should only view private information seldom, and only when they are certain that no one is watching them. When gaining access to sensitive material, one should always be conscious of their surroundings. 8. How has the perception of the hacker changed over recent years? What is the profile of a hacker today? o Answer: The traditional idea of a hacker is commonly romanticized in fictional works as someone who cunningly works their way through a labyrinth of computer networks, systems, and data to discover the knowledge that solves the problem presented in the plot and saves the day. However, in fact, a hacker frequently spends many hours studying the types and structures of the targeted systems because he or she must attempt to get over the safeguards put in place around information that is someone else's property by using cunning, cunning, or deception. The typical hacker today is a male or female, between the ages of 12 and 60, with varied technical skill levels, who can be either within or external to the company. Both competent and unskilled hackers
exist today. The software and strategies used to attack computer systems are devised by skilled hackers, whereas novice hackers only use the expert hacker's program. 9. What is the difference between a skilled hacker and an unskilled hacker, other than skill levels? How does the protection against each differ? o Answer: A skilled hacker is one who creates software scripts and routines to take advantage of undiscovered weaknesses. A master of numerous programming languages, networking protocols, and operating systems characterizes the skilled hacker. One who employs scripts and code created by professional hackers is considered an unskilled hacker. They hardly ever develop their own hacks, and their knowledge of programming languages, networking protocols, and operating systems is frequently somewhat limited. It is far more difficult to defend against a skilled hacker, in part because they frequently employ fresh, undocumented attack code. At initially, it is very impossible to defend against these attacks because of this. On the other hand, a novice hacker typically employs publicly accessible hacking tools. Therefore, keeping up with the most recent patches and being aware of hacking tools that have been released by professional hackers will help to retain security against these hacks. 10. What are the various types of malware? How do worms differ from viruses? Do Trojan horses carry viruses or worms? o Answer: Viruses, worms, Trojan horses, logic bombs, and back doors are typical forms of malware. Code fragments known as computer viruses cause other programs to act in a certain way. Worms are harmful programs that continuously duplicate themselves without the aid of another program to create a secure environment. When a Trojan horse program is run by a trusted user, it spreads viruses or worms over the entire network as well as the local workstation. 11. Why does polymorphism cause greater concern than traditional malware? How does it affect detection? o Answer: Because polymorphism makes harmful code more evasive, it raises more concerns. Since the code is constantly changing, commonly used anti-virus software that relies on predefined signatures for detection will not be able to identify the recently modified attack. Polymorphic dangers are therefore more challenging to defend against. 12. What is the most common violation of intellectual property? How does an organization protect against it? What agencies fight it? o Answer: Software piracy, which is the illegal use or replication of software-based intellectual property, is one of the most frequent infractions. Some businesses have employed copyright codes, digital watermarks, embedded code, and even the purposeful insertion of faulty sectors on software media as security measures. Additionally, most businesses file patents, trademarks, or copyrights, which enable them to take legal action against anyone who violates them. The online registration procedure is an additional measure against piracy. Users of software are prompted or even obliged
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help
to register their program upon installation in order to access all features or receive technical support. 13. What are the various forces of nature? Which type might be of greatest concern to an organization in Las Vegas? Jakarta? Oklahoma City? Amsterdam? Miami? Tokyo? o Answer: The term "force majeure" describes natural disasters or other unforeseen events that endanger not only people's lives but also the security of sensitive data. Fire, flood, earthquake, lightning, mudslides, tornadoes, strong winds, hurricanes, typhoons, tsunamis, electrostatic discharge (ESD), and/or dust contamination are all examples of force majeure. Dust pollution can be a top worry for a Las Vegas company. Oklahoma City is concerned about tornadoes. Hurricanes or tsunamis would cause the most anxiety in Miami. Los Angeles would be concerned about riots, wildfires, mudslides, and earthquakes. 14. How is technological obsolescence a threat to information security? How can an organization protect against it? o Answer: Management's probable lack of foresight and failure to foresee the technology needed for changing company requirements can result in technological obsolescence, which poses a security risk. When infrastructure ages, it becomes technologically obsolete, which results in unreliable and untrustworthy systems. As a result, assaults run the risk of compromising data integrity. One of the easiest ways to avoid this is for management to plan effectively. Ineffective technologies must be replaced if they are identified. Management must work with information technology staff to identify potential obsolescence so that any necessary replacement (or upgrade) of technologies can be completed quickly. 15. Does the intellectual property owned by an organization usually have value? If so, how can attackers threaten that value? o Answer: Yes, a company's intellectual property (IP) could be its most valuable asset. By deleting or restricting the asset's availability to the owner or by stealing and then selling copies of the asset, attackers can jeopardize its economic worth. 16. What are the types of password attacks? What can a systems administrator do to protect against them? o Answer: There are three different kinds of password attacks: dictionary, brute force, and password crack. Cracking a password refers to attempting to calculate it backward. When a copy of the Security Account Manager data file is available, cracking is employed. The hashing algorithm is used to try to guess the password using a potential password retrieved from the SAM file. Using processing and network resources to try every possible combination of password alternatives is known as brute force. Dictionary: A method of brute force password guessing. A list of passwords that are often used is used in the dictionary attack to pick specific accounts and try to guess them. Security administrators can put in place restrictions that cap the number of password tries
allowed to defend against password assaults. Make use of a "disallow" dictionary of passwords. Make passwords use additional digits and special characters. 17. What is the difference between a denial-of-service attack and a distributed denial-of-service attack? Which is more dangerous? Why? o Answer: When an attacker floods a target with connection or information requests, a denial-of-service (DOS) attack occurs. When multiple sites simultaneously execute a coordinated flood of requests at a target, this is known as a distributed denial-of-service (DDOS) attack, which has the potential to be more harmful and dangerous. Most DDoS assaults involve the employment of "zombies," or hacked devices, to launch a denial-of- service attack against a single target. The most challenging attacks to fight against now lack any controls that a single company can implement. 18. For a sniffer attack to succeed, what must the attacker do? How can an attacker gain access to a network to use the sniffer system? o Answer: In order to install the sniffer, the attacker must first acquire access to a network. The most effective method for an attacker to enter a network and set up a physical sniffer device is through social engineering. The sniffer can be installed by persuading an unknowing employee to give the attacker instructions on where to find the networking hardware. 19. What methods would a social engineering hacker use to gain information about a user’s login ID and password? How would these methods differ depending on the user’s position in the company? o Answer: In a social engineering attack, the attacker coercively obtains sensitive access information to a company's private network in order to commit fraud. They typically assert that they are suppliers of a service provided to that company while claiming to hold certain IT jobs within the organization to other employees from other departments. To the data entry clerk and administrator's assistant, the assailant would make the claims that they were representatives of local vendors or service providers and members of that administrative team, respectively. 20. What is a buffer overflow, and how is it used against a Web server? o Answer: A buffer overflow occurs when more data is sent to a buffer than it can handle. It can be caused over a network when there is a mismatch in the processing rates between the two entities involved in the communication process. Part Two Hands-On Project: Web Browser Security Complete the Hands-On Project: Web Browser Security After completing the hands-on project, answer the following prompts Self-Reflection and Response Which browser(s) did you improve the security and privacy for? (Check all that you performed.)
Google Chrome Mozilla Firefox Microsoft Edge Apple Safari Were you able to access all the security and privacy features of the browsers you used? Yes No (explain what you could not revise) Do you feel more equipped to make your browser experience more secure? Yes No Please explain: There were some features that I knew about but was unaware of how to get there, such as clearing cookies or using the incognito browswer to secure web searches. Hands-On Project: Ethics in IT and Detecting Phishing E-mails Complete the Hands-On Project: Ethics in IT and Detecting Phishing E-mails After completing the hands-on project, answer the following prompts Self-Reflection and Response In the space below, write a brief statement indicating your intention to abide by the ethics codes spelled out in this lab. I Rachel, will adhere to (ISC) 2 Code of Ethics. I will learn, work and explore with integrity and not share information I have discovered with anyone outside of this course.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

634539355-Untitled.pdf
Legal Analysis of TechFite Case Study Cybersecurity, Criminal Activity, and Negligence.docx
20240103_215656.jpg
Master's Notes Unit 3.1.docx
Master's Notes Data Class.docx
Week 2 - Hands-On Project Mod 3 and 4_Stanzione.docx
Week 2 - Discission System Administrator.docx
Week 3 - Hands-On Project Mod 5 and 6_Stanzione.docx
Week 4 - Hands-On Project Mod 8, 9 and 10_Stanzione.docx
Week 5 - Discussion Securit Maintenance.docx
Week 4 - Discussion Access Controls.docx
Week 3 - Response and Contingency Planning.docx