Discuss types of authorization and authentication and the use of passwords
Project 1
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 1: Requires the Following FOUR Pieces Areas to Improve
- Executive Summary (Try to Stay Within 2 Pages)
- Technical Report
- Non-Technical Presentation Slides (Narration Not Needed)
- Lab Experience Report with Screenshots
- Technical Report
Defining the Information System Infrastructure
Describe the organization, including mission, key cabinet offices, business units, and functions. Use diagram if possible.
Choose one or more mission-critical systems of the healthcare organization.
Define the information protection needs for the organization’s mission-critical protected health information (PHI).
Define the workflows and processes for the mission critical systems you selected that will store PHI.
Threats
Threats to the hospital’s information systems infrastructure
Insider threats
Intrusion motives
Hacker psychology
The purpose and components of an identity management system to include authentication, authorization, and access control
Use of laptop, tablet, and mobile devices by doctors who visit patients and need access to PHI.
Access Control Management
Access control lists in operating systems
Role-based access controls
Files
Database access controls
Discuss types of authorization and authentication and the use of passwords
Password management
Password protection in an identity management system
Describe secure authentication mechanisms including Multi-factor
Other material that may qualify “Exceeds Expectations“
Password Cracking Tools
Compare the password cracking tools based on these characteristics, and include as part of your assessment and recommendations on the use of such tools.
Discuss issues related to organizational anti-virus software detecting password cracking tools as malware.
Help the leadership understand the risks and benefits of using password cracking tools, through persuasive arguments in your report and presentation.
References
Authoritative in-text citations in APA format.
Authoritative list of references at end in APA format.
Technical Report Feedback - Executive Summary
Summarize each part of your Technical Report at a high level for executive consumption.
Avoid citations in Executive Summary. Use your own words and explain so anyone can understand.
Make sure you highlight your recommendations.
Executive Summary Feedback - Presentation Slides
Title Slide
Use of Readable Fonts and Color
Summarizes Findings and Recommendations at High Level
Presentation Slides Feedback - Lab Experience Report
Summarizes the Lab Experience and Findings
Responds to the Questions
Provides Screenshots of Key Results
Lab Experience Report Feedback
Project 2
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 2: Requires the Following THREE Pieces Areas to Improve - Security Assessment Report (including relevant findings from Lab)
- Non-Technical Presentation Slides (Narration Not Needed)
- Lab Experience Report with Screenshots
- Security Assessment Report
Defining the OS
Brief explanation of operating systems (OS) fundamentals and information systems architectures. - Explain the user’s role in an OS.
- Explain the differences between kernel applications of the OS and the applications installed by an organization or user.
- Describe the embedded OS.
- Describe how operating systems fit in the overall information systems architecture, of which cloud computing is an emerging, distributed computing network architecture.
Include a brief definition of operating systems and information systems in your SAR.
Other outstanding information
OS Vulnerabilities - Explain Windows vulnerabilities and Linux vulnerabilities.
- Explain the Mac OS vulnerabilities, and vulnerabilities of mobile devices.
- Explain the motives and methods for intrusion of MS and Linux operating systems.
- Explain the types of security management technologies such as intrusion detection and intrusion prevention systems.
- Describe how and why different corporate and government systems are targets.
- Describe different types of intrusions such as SQL PL/SQL, XML, and other injections
Preparing for the Vulnerability Scan - Include a description of the methodology you proposed to assess the vulnerabilities of the operating systems.
- Provide an explanation and reasoning of how the methodology you propose, will determine the existence of those vulnerabilities in the organization’s OS.
- Include a description of the applicable tools to be used, limitations, and analysis.
- Provide an explanation and reasoning of how the applicable tools you propose will determine the existence of those vulnerabilities in the organization’s OS.
- In your report, discuss the strength of passwords
5a. any Internet Information Services’
5b. administrative vulnerabilities,
5c. SQL server administrative vulnerabilities,
5d. Other security updates and
5e. Management of patches, as they relate to OS vulnerabilities.
Vulnerability Assessment Tools for OS and Applications (Lab)
Use the tools’ built-in checks to complete the following for Windows OS (e.g., using Microsoft Baseline Security Analyzer, MBSA): - Determine if Windows administrative vulnerabilities are present.
- Determine if weak passwords are being used on Windows accounts.
- Report which security updates are required on each individual system.
- You noticed that the tool you used for Windows OS (i.e., MBSA) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.
- Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment. In this case, a tool such as MBSA will create and store individual XML security reports for each computer scanned and will display the reports in the graphical user interface in HTML.
Utilize the OpenVAS tool to complete the following: - Determine if Linux vulnerabilities are present.
- Determine if weak passwords are being used on Linux systems.
- Determine which security updates are required for the Linux systems.
4.You noticed that the tool you used for Linux OS (i.e., OpenVAS) provides dynamic assessment of missing security updates. MBSA provides dynamic assessment of missing security updates. Scan one or more computers by domain, IP address range, or other grouping.
5.Once complete, provide a detailed report and recommendations on how to make your system a more secure working environment - Presentation Slides
Title Slide
Use of Readable Fonts and Color
Summarizes Findings and Recommendations at High Level
Summarizes Findings and Recommendations at High Level
Presentation Slides Feedback - Lab Experience Report
Summarizes the Lab Experience and Findings
Responds to the Questions
Provides Screenshots of Key Results
Lab Experience Report Feedback
Project 3
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 3: Requires the Following THREE Pieces Areas to Improve - Security Assessment Report (including relevant findings from Lab)
- Risk Assessment Report
- Lab Experience Report with Screenshots
- Security Assessment Report
Enterprise Network Diagram
You will propose a local area network (LAN) and
a wide area network (WAN)
define the systems environment,
incorporate this information in a network diagram.
Discuss the security benefits of your chosen network design.
Threats
Define threat intelligence and explain what kind of threat intelligence is known about the OPM breach.
differentiate between the external threats to the system and the insider threats.
entify where these threats can occur in the previously created diagrams.
Relate the OPM threat intelligence to your organization. How likely is it that a similar attack will occur at your organization?
Identifying Security Issues
Provide an analysis of the strength of passwords used by the employees in your organization.
Are weak passwords a security issue for your organization?
Firewalls and Encryption
Determine the role of firewalls and encryption, and auditing
RDBMS that could assist in protecting information and monitoring the confidentiality, integrity, and availability of the information in the information systems.
Threat Identification
Identify the potential hacking actors of these threat attacks on vulnerabilities in networks and information systems and the types of remediation and mitigation techniques available in your industry, and for your organization.
Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
Also discuss the value of using access control, database transaction and firewall log files.
Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks. - Risk Assessment Report
Risk and Remediation
What is the risk and what is the remediation?
What is the security exploitation? - Lab Experience Report
Summarizes the Lab Experience and Findings
Responds to the Questions
Provides Screenshots of Key Results
Lab Experience Report Feedback
Project 4
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 4: Requires the Following FOUR Pieces Areas to Improve - Team Forming and Completion of Charter
- Security Assessment Report
- After Action Report
- Presentation Slides (With Narration or In Class Presentation)
- Team Forming and Completion of Charter
Upload completed Charter to Team Locker in Classroom - Security Assessment Report
Financial Sector
Provide a description of the impact the threat would have on the financial services sector. These impact statements can include the loss of control of the systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the financial services sector.
Provide submissions from the Information Sharing Analysis Councils related to the financial sector.
Law Enforcement
Provide a description of the impact the threat would have on the law enforcement sector. These impact statements can include the loss of control of systems, the loss of data integrity or confidentiality, exfiltration of data, or something else. Also provide impact assessments as a result of this security incident to the law enforcement sector.
The Intelligence Community
Provide intelligence on the nation-state actor, their cyber tools, techniques, and procedures. Leverage available threat reporting such as from FireEye, Mandiant, and other companies and government entities that provide intelligence reports. Also include the social engineering methods used by the nation-state actor and their reasons for attacking US critical infrastructure.
Homeland Security
Use the US-CERT and other similar resources to discuss the vulnerabilities and exploits that might have been used by the attackers.
Explore the resources for risk mitigation and provide the risk, response, and risk mitigation steps that should be taken if an entity suffers the same type of attack.
Provide a risk-threat matrix and provide a current state snapshot of the risk profile of the financial services sector. - After Action Report
The purpose of the AAR is to share the systems life cycle methodology, rationale, and critical thinking used to resolve this cyber incident.
Identify the purpose and function of firewalls for organization network systems, and how they address the threats and vulnerabilities you have identified.
Also discuss the value of using access control, database transaction and firewall log files.
Identify the purpose and function of encryption, as it relates to files and databases and other information assets on the organization’s networks. - Presentation (Complete Set of Team Slides and Narration of a Portion)
Title Slide
Use of Readable Fonts and Color
Summarizes Findings and Recommendations at High Level
Slide Narration or In Class Presentation (5-6 minutes or a portion of report)
Presentation Slides Feedback
Project 5
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 5: Requires the Following TWO Pieces Areas to Improve - Paper
- Lab Experience Report with Screenshots
- Paper
IT Systems Architecture
You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table
security architecture of the organization
the cryptographic means of protecting the assets of the organization
the types of known attacks against those types of protections
means to ward off the attacks
Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:
LAN security
identity management
physical security
personal security
availability
privacy
Then list the security defenses you employ in your organization to mitigate these types of attacks.
Plan of Protection
Learn more about the transmission of files that do not seem suspicious but that actually have embedded malicious payload, undetectable to human hearing or vision. This type of threat can enter your organization’s networks and databases undetected through the use of steganography or data hiding. You should include this type of threat vector to an organization in your report to leadership.
Provide the leadership of your organization with your plan for protecting identity, access, authorization and nonrepudiation of information transmission, storage, and usage
Data Hiding Technologies
describe to your organization the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership
Encryption Technologies - Shift / Caesar cipher
- Polyalphabetic cipher
- One time pad cipher/Vernam cipher/perfect cipher
- Block ciphers
- triple DES
- RSA
- Advanced Encryption Standard (AES)
- Symmetric encryption
- Text block coding
Data Hiding Technologies - Information hiding and steganography
- Digital watermarking
- Masks and filtering
Network Security Vulnerability and Threat Table
Describe the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership
Encryption Technologies - Shift / Caesar cipher
- Polyalphabetic cipher
- One time pad cipher/Vernam cipher/perfect cipher
Access Control Based on Smart Card Strategies
Describe how identity management would be a part of your overall security program and your CAC deployment plan: - Lab Experience Report
Summarizes the Lab Experience and Findings
Responds to the Questions
Provides Screenshots of Key Results
Lab Experience Report Feedback
Project 6
Student Name:
Date:
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 5: Requires the Following TWO Pieces Areas to Improve - Paper
- Lab Experience Report with Screenshots
- Paper
Methodology - Preparation
- Extraction
- Identification
- Analysis
Tools and Techniques - The importance of using forensic tools to collect and analyze evidence (e.g., FTK Imager and EnCase)
- Hashing in the context of digital forensics
- How do you ensure that the evidence collected has not been tampered with (i.e., after collection)? Why and how is this important to prove in a court of law?
- Lab Experience Report
Summarizes the Lab Experience and Findings
Responds to the Questions
Provides Screenshots of Key Results
Lab Experience Report Feedback
The post Discuss types of authorization and authentication and the use of passwords appeared first on Lion Essays.
“Looking for a Similar Assignment? Get Expert Help at an Amazing Discount!”
Discuss types of authorization and authentication and the use of passwords was first posted on May 2, 2019 at 6:02 pm.
©2019 "Lion Essays". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at support@Lion Essays.com