Discuss types of authorization and authentication and the use of passwords

/in /by

Project 1
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 1: Requires the Following FOUR Pieces Areas to Improve

  1. Executive Summary (Try to Stay Within 2 Pages)
  2. Technical Report
  3. Non-Technical Presentation Slides (Narration Not Needed)
  4. Lab Experience Report with Screenshots
  5. Technical Report
    Defining the Information System Infrastructure
    Describe the organization, including mission, key cabinet offices, business units, and functions. Use diagram if possible.
    Choose one or more mission-critical systems of the healthcare organization.
    Define the information protection needs for the organization’s mission-critical protected health information (PHI).
    Define the workflows and processes for the mission critical systems you selected that will store PHI.
    Threats
    Threats to the hospital’s information systems infrastructure
    Insider threats
    Intrusion motives
    Hacker psychology
    The purpose and components of an identity management system to include authentication, authorization, and access control
    Use of laptop, tablet, and mobile devices by doctors who visit patients and need access to PHI.
    Access Control Management
    Access control lists in operating systems
    Role-based access controls
    Files
    Database access controls
    Discuss types of authorization and authentication and the use of passwords
    Password management
    Password protection in an identity management system
    Describe secure authentication mechanisms including Multi-factor
    Other material that may qualify “Exceeds Expectations“
    Password Cracking Tools
    Compare the password cracking tools based on these characteristics, and include as part of your assessment and recommendations on the use of such tools.
    Discuss issues related to organizational anti-virus software detecting password cracking tools as malware.
    Help the leadership understand the risks and benefits of using password cracking tools, through persuasive arguments in your report and presentation.
    References
    Authoritative in-text citations in APA format.
    Authoritative list of references at end in APA format.
    Technical Report Feedback
  6. Executive Summary
    Summarize each part of your Technical Report at a high level for executive consumption.
    Avoid citations in Executive Summary. Use your own words and explain so anyone can understand.
    Make sure you highlight your recommendations.
    Executive Summary Feedback
  7. Presentation Slides
    Title Slide
    Use of Readable Fonts and Color
    Summarizes Findings and Recommendations at High Level
    Presentation Slides Feedback
  8. Lab Experience Report
    Summarizes the Lab Experience and Findings
    Responds to the Questions
    Provides Screenshots of Key Results
    Lab Experience Report Feedback
    Project 2
    Student Name:
    Date:
    This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
    Project 2: Requires the Following THREE Pieces Areas to Improve
  9. Security Assessment Report (including relevant findings from Lab)
  10. Non-Technical Presentation Slides (Narration Not Needed)
  11. Lab Experience Report with Screenshots
  12. Security Assessment Report
    Defining the OS
    Brief explanation of operating systems (OS) fundamentals and information systems architectures.
  13. Explain the user’s role in an OS.
  14. Explain the differences between kernel applications of the OS and the applications installed by an organization or user.
  15. Describe the embedded OS.
  16. Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture.
    Include a brief definition of operating systems and information systems in your SAR.
    Other outstanding information
    OS Vulnerabilities
  17. Explain Windows vulnerabilities and Linux vulnerabilities.
  18. Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.
  19. Explain the motives and methods for intrusion of MS and Linux operating systems.
  20. Explain the types of security management technologies such as intrusion detection and intrusion prevention systems.
  21. Describe how and why different corporate and government systems are targets.
  22. Describe different types of intrusions such as SQL PL/SQL, XML, and other injections
    Preparing for the Vulnerability Scan
  23. Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems.
  24. Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.
  25. Include a description of the applicable tools to be used, limitations, and analysis.
  26. Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS.
  27. In your report, discuss the strength of passwords
    5a. any Internet Information Services’
    5b. administrative vulnerabilities,
    5c. SQL server administrative vulnerabilities,
    5d. Other security updates and
    5e. Management of patches, as they relate to OS vulnerabilities.
    Vulnerability Assessment Tools for OS and Applications (Lab)
    Use the tools’ built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA):
  28. Determine if Windows administrative vulnerabilities are present.
  29. Determine if weak passwords are being used on Windows accounts.
  30. Report which security updates are required on each individual system.
  31. You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.
  32. Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.
    Utilize the OpenVAS tool to complete the following:
  33. Determine if Linux vulnerabilities are present.
  34. Determine if weak passwords are being used on Linux systems.
  35. Determine which security updates are required for the Linux systems.
    4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.
    5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment
  36. Presentation Slides
    Title Slide
    Use of Readable Fonts and Color
    Summarizes Findings and Recommendations at High Level
    Summarizes Findings and Recommendations at High Level
    Presentation Slides Feedback
  37. Lab Experience Report
    Summarizes the Lab Experience and Findings
    Responds to the Questions
    Provides Screenshots of Key Results
    Lab Experience Report Feedback
    Project 3
    Student Name:
    Date:
    This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
    Project 3: Requires the Following THREE Pieces Areas to Improve
  38. Security Assessment Report (including relevant findings from Lab)
  39. Risk Assessment Report
  40. Lab Experience Report with Screenshots
  41. Security Assessment Report
    Enterprise Network Diagram
    You will propose a local area network (LAN) and
    a wide area network (WAN)
    define the systems environment,
    incorporate this information in a network diagram.
    Discuss the security benefits of your chosen network design.
    Threats
    Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.
    differentiate between the external threats to the system and the insider threats.
    entify where these threats can occur in the previously created diagrams.
    Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?
    Identifying Security Issues
    Provide an analysis of the strength of passwords used by the employees in your organization.
    Are weak passwords a security issue for your organization?
    Firewalls and Encryption
    Determine the role of firewalls and encryption, and auditing
    RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems.
    Threat Identification
    Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization.
    Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
    Also discuss the value of using access control, database transaction and firewall log files.
    Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks.
  42. Risk Assessment Report
    Risk and Remediation
    What is the risk and what is the remediation?
    What is the security exploitation?
  43. Lab Experience Report
    Summarizes the Lab Experience and Findings
    Responds to the Questions
    Provides Screenshots of Key Results
    Lab Experience Report Feedback
    Project 4
    Student Name:
    Date:
    This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
    Project 4: Requires the Following FOUR Pieces Areas to Improve
  44. Team Forming and Completion of Charter
  45. Security Assessment Report
  46. After Action Report
  47. Presentation Slides (With Narration or In Class Presentation)
  48. Team Forming and Completion of Charter
    Upload completed Charter to Team Locker in Classroom
  49. Security Assessment Report
    Financial Sector
    Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector.
    Provide submissions from the Information Sharing Analysis Councils related to the financial sector.
    Law Enforcement
    Provide a description of the impact the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector.
    The Intelligence Community
    Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also include the social engineering methods used by the nation-state actor and their reasons for attacking US critical infrastructure.
    Homeland Security
    Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers.
    Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack.
    Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector.
  50. After Action Report
    The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.
    Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
    Also discuss the value of using access control, database transaction and firewall log files.
    Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks.
  51. Presentation (Complete Set of Team Slides and Narration of a Portion)
    Title Slide
    Use of Readable Fonts and Color
    Summarizes Findings and Recommendations at High Level
    Slide Narration or In Class Presentation (5-6 minutes or a portion of report)
    Presentation Slides Feedback
    Project 5
    Student Name:
    Date:
    This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
    Project 5: Requires the Following TWO Pieces Areas to Improve
  52. Paper
  53. Lab Experience Report with Screenshots
  54. Paper
    IT Systems Architecture
    You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table
    security architecture of the organization
    the cryptographic means of protecting the assets of the organization
    the types of known attacks against those types of protections
    means to ward off the attacks
    Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:
    LAN security
    identity management
    physical security
    personal security
    availability
    privacy
    Then list the security defenses you employ in your organization to mitigate these types of attacks.
    Plan of Protection
    Learn more about the transmission of files that do not seem suspicious but that actually have embedded malicious payload, undetectable to human hearing or vision. This type of threat can enter your organization’s networks and databases undetected through the use of steganography or data hiding. You should include this type of threat vector to an organization in your report to leadership.
    Provide the leadership of your organization with your plan for protecting identity, access, authorization and nonrepudiation of information transmission, storage, and usage
    Data Hiding Technologies
    describe to your organization the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership
    Encryption Technologies
  55. Shift / Caesar cipher
  56. Polyalphabetic cipher
  57. One time pad cipher/Vernam cipher/perfect cipher
  58. Block ciphers
  59. triple DES
  60. RSA
  61. Advanced Encryption Standard (AES)
  62. Symmetric encryption
  63. Text block coding
    Data Hiding Technologies
  64. Information hiding and steganography
  65. Digital watermarking
  66. Masks and filtering
    Network Security Vulnerability and Threat Table
    Describe the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership
    Encryption Technologies
  67. Shift / Caesar cipher
  68. Polyalphabetic cipher
  69. One time pad cipher/Vernam cipher/perfect cipher
    Access Control Based on Smart Card Strategies
    Describe how identity management would be a part of your overall security program and your CAC deployment plan:
  70. Lab Experience Report
    Summarizes the Lab Experience and Findings
    Responds to the Questions
    Provides Screenshots of Key Results
    Lab Experience Report Feedback
    Project 6
    Student Name:
    Date:
    This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
    Project 5: Requires the Following TWO Pieces Areas to Improve
  71. Paper
  72. Lab Experience Report with Screenshots
  73. Paper
    Methodology
  74. Preparation
  75. Extraction
  76. Identification
  77. Analysis
    Tools and Techniques
  78. The importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
  79. Hashing in the context of digital forensics
  80. How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in a court of law?
  81. Lab Experience Report
    Summarizes the Lab Experience and Findings
    Responds to the Questions
    Provides Screenshots of Key Results
    Lab Experience Report Feedback

The post Discuss types of authorization and authentication and the use of passwords appeared first on Lion Essays.

 

“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”

Discuss types of authorization and authentication and the use of passwords was first posted on May 2, 2019 at 6:02 pm.
©2019 "Lion Essays". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at support@Lion Essays.com

"Get 15% discount on your first 3 orders with us"
Use the following coupon
FIRST15

Order Now