SEC 280 Principles of Information Systems Security Entire Course
SEC280 Principles of Information Systems Security
Full Course
DeVry SEC280 Week 1 Discussion 1 & 2
dq 1
|
Data Breaches (graded)
|
|
|
|
|
Use one of your favorite
search engines (preferably www.google.com) and search world’s biggest data
breaches.Select at least two of
the major data breaches from the list you found and complete the following.
·
Explain how they
impacted you.
·
Many of the breached
companies had standard security controls like firewalls and intrusion detection
systems. Discuss what was missing in their designs and processes.
·
Add other items that
you believe organizations should improve on to avoid breaches.
dq 2
|
Data Integrity as Part of CIA Triad (graded)
|
|
|
Data integrity
verifies that data remains unaltered in transit from creation to reception.
·
Explain what would
happen if we were to remove Integrityfrom the CIA triad.
·
Discuss how integrity
helps with confidentiality and access control.
·
Discuss the overall
impact to digital communication without data integrity.
DeVry SEC280 Week 2 Discussion 1 & 2
dq 1
|
Symmetric Encryption (graded)
|
|
|
The initial encryption
standard developed by NIST was called data encryption standard (DES). DES is
too weak for modern applications since the key size is only 56-bit. It was
replaced by advanced encryption standard (AES). AES has variable key sizes and
can require a key size of 256-bit.
·
Discuss if you think
AES key size has a direct relationship with algorithm strength.
·
Do you think that
AES-256 is necessarily better than AES-128?
·
How long do you think
it would take to launch a brute force attack on AES-128 using a standard
computer?
dq 2
|
Asymmetric Encryption (graded)
|
|
|
|
|
Asymmetric encryption
is based on the concept of a private key to decrypt and a public key to
encrypt. RSA and Diffie-Hellman are two common algorithms used for asymmetric
encryption, and they are extremely slow and can be used in limited
applications. The key sizes are much larger than symmetric algorithms.
·
Explain why asymmetric
algorithms, such as RSA and Duffie-Hellman, are relatively slow.
·
Discuss why asymmetric
encryption algorithms require larger key sizes
DeVry SEC280 Week 3 Discussion 1 & 2
dq 1
|
Asymmetric Encryption—the RSA Algorithm (graded)
|
|
|
Asymmetrical
encryption uses one key to encrypt and another key to decrypt. The most common
algorithm used in applications is the RSAalgorithm. RSAis based on prime numbers.
·
Select two small prime
numbers and compute Product = (p-1)(q-1)and select a number ebetween 1 and Product.The ethat
you computed is a simplified example of a public key. Post your selection and
computation.
·
The RSA algorithm and
most asymmetric encryption are considered slow. Based on your computation,
explain why the algorithm is slow.
dq 2
|
|
|
TLS/SSL (graded)
|
|
|
TLS/SSL is used to
secure http traffic on networks. For this post, access a website requiring
HTTPS.
·
Find and post all the
protocols that the site is using (click on the lock on the right end side of
your browser menu for IE).
·
Find the public key
and paste it in your post.
DeVry SEC280 Week 4 Discussion 1 & 2
dq 1
|
Hashing Algorithms (graded)
|
|
|
Secure Hash Algorithm
is the current hashing standard established by the National Institute for
Standard and Technology. It uses a 160-bit hash but lately most organizations
are moving toward a 256-bit hash.
·
Is a 128-bit hash no
longer sufficient for integrity checks?
·
Explain the likelihood
of a collision in a 128-bit hash. You do not need to explain the mathematics.
dq 2
|
Digital Signatures (graded)
|
|
|
A digital signature is
a technique to validate the integrity and authenticity of a message. The
signature provides assurance that the sender is the true sender, and the
message has not been changed during transmission.
·
What are the
similarities between a digital signature and a handwritten signature?
·
Differentiate among
the three different classes of digital signatures.
DeVry SEC280 Week 5 Discussion 1 & 2
dq 1
|
Access Controls (graded)
|
|
|
There are two basic
ways to tell if a network or system is under attack. These are with
intrusion-detection systems (IDSs) and intrusion-protection systems (IPSs).
Discuss how each of these approaches is different. Do not forget to include how
network-based and hosted-based systems come into play.
You work for a small
bank that has only 11 branches, and you must design a system that gives notice
of a possible attack. Discuss what tools can be used, how they can be
implemented to protect the bank, and how they can notify the appropriate people
when the network comes under attack.
dq 2
dq 2
|
Application Security (graded)
|
|
|
·
Testing for an unknown
is a virtually impossible task. What makes it possible at all is the concept of
testing for categories of previously determined errors. The different
categories of errors are
1. 1. buffer overflows (most common);
2. 2. code injections;
3. 3. privilege errors; and
4. 4. cryptographic failures.
Please evaluate the
software engineering, secure-code techniques, and the most important rule that
relates to defending against a denial-of-service attack. Here are two types of
error categories: the failure to include desired functionality and the
inclusion of undesired behavior in the code. Testing for the first type of
error is relatively easy.
·
Other items we should
understand for error opportunities in applications are related to design,
coding, and testing. How do we assure that these items are addressed in our
software-application development or acquisition?
DeVry SEC280 Week 6 Discussion 1 & 2
dq 1
|
Attacks and Malware (graded)
|
|
|
·
What are the different
ways that malware can infect a computer?
·
What malware and
spyware protection software do you think is the best and why?
·
There are many types
of attacks described in the text. Describe the attack and what method you could
do to avoid such an attack.
·
Many attacks are
carried out by groups of hackers. Describe the objectives of some of these
groups. What is the difference between white-hat and black-hat hackers?
dq 2
|
Identity Theft (graded)
|
|
|
·
What steps would you
take at your current or future job to ensure that personal information, such as
human resources or customer information, is not compromised?
·
Do companies have a responsibility
to disclose identity-theft breaches that occur in their organizations?
·
Present a strategy for
educating a user about avoiding e-mail risk without saying, “Do not open an
e-mail from someone you do not know.” This has been said many times and has
failed. Take the time to think outside of the box about how you can get people
to think before they act with e-mail.
DeVry SEC280 Week 7 Discussion 1 & 2
dq 1
|
Mitigating Risk (graded)
|
|
|
Top management asks
you to present a review of the security risks associated with the various
servers in the computing infrastructure. Take one of the servers and address
three security risks from the least (low risk or moderate risk) to the greatest
(high risk) and the kind of risk presented. For instance, if a server is closer
to the network perimeter, it is at a higher risk of being compromised by a
hacker. This is where it all starts. How do you implement consistent security
policies?
dq 2
|
Incident Handling (graded)
|
|
|
Surprisingly, many of
us may be unknowing victims of botnets. Because of the rising sophistication of
botnet schemes, your computer can become a zombie along with thousands of other
computers that flood a victim’s network and bring down servers. While the
attack is going on, the botnet infects the network with spam, viruses, and
malware. What are the four simple rules of stopping botnets on your personal
PCs?
·
What are some of the
symptoms that would make you suspicious that your computer has been attacked?
·
What part of a
security incident should be logged?
DeVry SEC280 Week 1 Exercise
Exercise – CIA Triad
Download the Excel
Template Data_Week1.xlsx and review column A (Information Type). Based on what
you have learned in Week 1, chose the most important security attribute for the
data field in column A using the drop down list. As an example, for a social
security number, is the first priority to keep the numbers confidential,
guarded from modifications, or available in digital format? If you feel all
three attributes are equally important, select “Same Level of Importance” for
all three priorities. The comment column (column E), must be used to justify
your selections.
Assignment Grading
Rubric Points %
Selection of
associated security attributes
25 42%
Justification for your
selections (column E)
25
42%
Spelling and grammar 6
10%
APA style 4 6%
Total 60 100%
Submit your assignment
to the Dropbox, located at the top of this page. For instructions on how to use
the Dropbox, read these step-by-step instructions.
See the Syllabus
section “Due Dates for Assignments & Exams” for due date information.
|
Information Type
|
Priority One
|
Priority Two
|
Priority Three
|
Comments for Your
Selections
|
|
|
|
Social Security
Number of an Individual
|
|
|
|
|
|
|
|
First Name and Last
Name
|
|
|
|
|
|
|
|
Credit Card Number
|
|
|
|
|
|
|
|
Qualification
|
|
|
|
|
|
|
|
Medical Information
|
|
|
|
|
|
|
|
Publications
|
|
|
|
|
|
|
|
Salary
|
|
|
|
|
|
|
|
Place of Employment
|
|
|
|
|
|
|
|
Country of Origin
|
|
|
|
|
|
|
|
Parent Names
|
|
|
|
|
|
|
|
Children Names
|
|
|
|
|
|
|
|
Marital Status
|
|
|
|
|
|
|
|
Passport Number
|
|
|
|
|
|
|
|
Languages Spoken
|
|
|
|
|
|
|
|
Drivers License
Number
|
|
|
|
|
|
|
|
Level of Education
|
|
|
|
|
|
|
|
Major in College
|
|
|
|
|
|
|
|
Date of Birth
|
|
|
|
|
|
|
|
Citizenship
|
|
|
|
|
|
|
|
Ethnic Background
|
|
|
|
|
|
|
|
Criminal Records
|
|
|
|
|
|
|
|
Spouse Name
|
|
|
|
|
|
|
|
Grade Point Average
in College
|
|
No comments:
Post a Comment