SEC 280 Principles of Information Systems Security Case
Studies
SEC 280 Week 1:
Your boss has just heard about some nefarious computer
activities called ping sweeps and port scans. He wants to know more about them
and what their impact might be on the company. Write a brief description of
what they are, and include your assessment of whether the activities are
something to worry about or not. This assignment requires
two to three pages, based upon the APA style of writing.
SEC 280 Week 2:
You are the Information Security Officer at a medium-sized
company (1,500 employees). The CIO asks you to explain why you believe it is
important to secure the Windows and Unix/Linux servers from known shortcomings
and vulnerabilities. Explain to your CIO what you can do to
make sure the network infrastructure is more secure.
SEC 280 Week 3:
ABC Institute of Research has sensitive information that
needs to be protected from its rivals. The Institute has collaborated with XYZ
Inc. to research genetics. The information must be kept top secret at any cost.
At ABC Institute, the researchers are unsure about the type of key
(asymmetric or symmetric) to use. Please formulate a
possible solution, and describe the advantages and disadvantages of any
solution employed.
SEC 280 Week 4:
Computer security is not an issue for organizations alone.
Anyone whose personal computer is connected to a network or the Internet faces
a potential risk of attack. Identify all the potential security threats on a
personal computer. Identify some of the techniques an attacker might
employ to access information on the system.
SEC 280 Week 5:
You have just been hired as an Information Security Engineer
for a large, multi-international corporation. Unfortunately, your company has
suffered multiple security breaches that have threatened customers’ trust in
the fact that their confidential data and financial assets are private and
secured. Credit-card information was compromised by an
attack that infiltrated the network through a vulnerable wireless connection
within the organization. The other breach was an inside job where personal data
was stolen because of weak access-control policies within the organization
that allowed an unauthorized individual access to valuable
data. Your job is to develop a risk-management policy that addresses the two
security breaches and how to mitigate these risks.
SEC 280 Week 6:
Gem Infosys, a small software company, has decided to better
secure its computer systems after a malware attack shut down its network
operations for 2 full days. The organization uses a firewall, three file
servers, two Web servers, one Windows 2008 Active Directory server for user
access
and authentication, ten PCs, and a broadband connection to
the Internet. The management at Gem needs you to formulate an incident-response
policy to reduce network down time if future incidents occur. Develop an
incident-response policy that covers the development of an incident-
response team, disaster-recovery processes, and
business-continuity planning.
SEC 280 Complete Case Studies
SEC 280 Week 1
Your boss has just heard about some nefarious computer
activities called ping sweeps and port scans. He wants to know more about them
and what their impact might be on the company. Write a brief description of
what they are, and include your assessment of whether the activities are
something to worry about or not. This assignment requires
two to three pages, based upon the APA style of writing.
SEC 280 Week 2
You are the Information Security Officer at a medium-sized
company (1,500 employees). The CIO asks you to explain why you believe it is
important to secure the Windows and Unix/Linux servers from known shortcomings
and vulnerabilities. Explain to your CIO what you can do to
make sure the network infrastructure is more secure.
SEC 280 Week 3
ABC Institute of Research has sensitive information that
needs to be protected from its rivals. The Institute has collaborated with XYZ
Inc. to research genetics. The information must be kept top secret at any cost.
At ABC Institute, the researchers are unsure about the type of key
(asymmetric or symmetric) to use. Please formulate a possible
solution, and describe the advantages and disadvantages of any solution
employed.
SEC 280 Week 4
Computer security is not an issue for organizations alone.
Anyone whose personal computer is connected to a network or the Internet faces
a potential risk of attack. Identify all the potential security threats on a
personal computer. Identify some of the techniques an attacker might
employ to access information on the system.
SEC 280 Week 5
You have just been hired as an Information Security Engineer
for a large, multi-international corporation. Unfortunately, your company has
suffered multiple security breaches that have threatened customers’ trust in
the fact that their confidential data and financial assets are private and
secured. Credit-card information was compromised by an
attack that infiltrated the network through a vulnerable wireless connection
within the organization. The other breach was an inside job where personal data
was stolen because of weak access-control policies within the organization
that allowed an unauthorized individual access to valuable
data. Your job is to develop a risk-management policy that addresses the two
security breaches and how to mitigate these risks.
SEC 280 Week 6
Gem Infosys, a small software company, has decided to better
secure its computer systems after a malware attack shut down its network
operations for 2 full days. The organization uses a firewall, three file
servers, two Web servers, one Windows 2008 Active Directory server for user
access
and authentication, ten PCs, and a broadband connection to
the Internet. The management at Gem needs you to formulate an incident-response
policy to reduce network down time if future incidents occur. Develop an
incident-response policy that covers the development of an incident-
response team, disaster-recovery processes, and
business-continuity planning.
0 comments:
Post a Comment