FOR ORDER THIS AND ANY OTHER COURSE,ASSIGNMENTS,QUIZES,EXAM,TEST BANKS OR SOLUTION MANUAL
CONTACT US AT WHISPERHILLS@GMAIL.COM
Week 1
discussion DQ1 Vulnerabilities of Your Systems?
We're spending some time this week coming
up with a common understanding of security terminology, and vulnerability is
one of those fundamental terms. While the word weakness seems to define it
pretty well, there are a number of ways that information systems can become
vulnerable. Acts of commission or omission can be equally responsible for a
system vulnerability. What about your systems, both at home and at work? In
what ways are they vulnerable?
DQ2 Threats against Your Systems?
It's
a pretty rough world out there for data. While a large percentage of
information technology security budgets is devoted to reducing the risk of
malicious attacks, there are other ways in which systems or data become
damaged. What threats are you aware of when it comes to your personal systems
and the systems at your job?
Week 2
discussion DQ1 Security Issues in Telecommunications
What are the advantages and disadvantages
of virtual offices, including telecommuting? What are the security and
management issues concerning virtual offices, especially hooked up into large
virtual networks? Please comment on the views of your fellow students here.
DQ2 What Access Controls Are in Use?
What are your organization's assets? Are
there any access controls in place? How effective are they? How can you tell?
What are the weaknesses in the controls? Are any new or upgraded access
controls being considered? Let's explore this substantial component of
information security.
Week 3
discussion DQ1 Cryptographic Products
As we are learning, there are a lot of uses
for cryptography in information technology, and there are a lot of different
algorithms, cryptographic processes, key lengths, implementation methods, and
so on. Let's explore the world of cryptographic products. What's available out
there? What kind of quality is found in free, open-source products? What types
of hardware devices? What types of software implementations? How are they used?
What problems do they solve? How effective are they? How can you tell? What are
the tradeoffs between security and business process efficiency? Let's start
with everyone presenting one cryptographic product (past, present, or future).
No duplications, please, so be sure to read all the previous posts. Then,
respond to the posts of your classmates with questions, additional information,
and so forth.
DQ2 Cryptographic Standards
Ever
since World War II and the ensuing Cold War, cryptographic methods have been
the source of much government angst. Protecting the information of one's own
government and accessing the data of other governments has been a preoccupation
of many nations. With the growth of civilian computer networks in the 1980s and
the development of Internet-based e-commerce in the 1990s, concerns about data
security spread from governments to the public sector. The tension between the
government's goal of control of cryptographic methods and business' need for
internationally trustworthy security resulted in skirmishes between the two.
Let's discuss the modern history of cryptography in terms of
commercial-governmental tensions. What can you find out about this? What are
the considerations when determining how to standardize cryptographic methods?
How are cryptographic methods regulated? What are the different laws that
govern the use of cryptography? Are they reasonable? Whose interests are most
important when determining the extent to which cryptography should be
standardized, regulated, and mandated? Do a little research and see what you
can come up with in one or more of these areas. And be sure to comment on the
posts of your classmates.
Week 4
discussion DQ1 Network Services
Users are familiar with some network
services such as HTTP (Hypertext Transport Protocol) - the Web; and SMTP
(Simple Mail Transport Protocol) and POP (Post Office Protocol) - e-mail and
instant messaging. But there are others like DHCP (Dynamic Host Configuration
Protocol), DNS (Domain Name System), FTP (File Transport Protocol), NNTP
(Network News Transport Protocol), Telnet, SSH (Secure Shell), SSL-TLS (Secure
Sockets Layer-Transport Layer Security) and others that the average user may
not have heard of. Tell us more about these services. How do they figure into
organizational security? What are the most recent threats against them? What
are the risks associated with attacks against network services? What are
possible consequences? What are specific controls and general best practices to
mitigate risk? Jump right in. Do a little research on some part of network
service security and share with us your findings as well as your experiences
and opinions. And, of course, please respond to your classmates' posts with
ideas, questions, comments, other perspectives, and so forth.
DQ2 Security Architecture
Before responding to this forum, be sure to
read the section in this week's lecture on security architecture. Think about
your organization's security architecture. How much do you know about it? How
much do other workers know? How easy is it to learn more? Does your perception
of the organization's security architecture seem appropriate for the mission
and goals of the organization? How much management commitment to security do
you sense? Briefly describe your organization, but please DON'T reveal any
specific security details that would compromise your organization's security
controls. Feel free to make up a name and even alter the products or services
the organization offers to maintain its anonymity as needed. What we should
discuss is the general nature of the business, your role, your view on the
organization's security architecture, and what you think the ideal security
architecture should be for your organization. As we get moving on this
discussion, consider the ideas of your classmates. Would they be appropriate
for your organization? Even if you don't have much connection with the security
activities in your company, what do you THINK would be appropriate? As always,
post early, post often, and address the posts of your classmates.
Week 5
discussion DQ1 Case Study - Would You Hire Goli?
How would you respond if Goli (Case VIII,
p. 707 in our text) came to you describing a vulnerability in your system and
offering to help fix it? What would incline you to hire her? What would
disincline you from doing so? Please explain your answer and also reply to the
comments of others.
DQ2 Privacy: Right or Privilege?
Privacy seems to mean different things to
different people. What does privacy mean to you? Is privacy a right or a
privilege? How should one's privacy be legally protected or secured, especially
when using the Internet? Maybe this is not absolutely possible; protection may
always be viewed as a relative term. Why or why not? Please comment on the
responses of other students.
Week 6
discussion DQ1 BC and DR
Business Continuity (BC) planning and Disaster
Recovery (DR) planning are key elements in organizational security
architectures. What is the difference between them and why is it important to
know the difference when representing security proposals to management?
DQ2 Meeting Regulations
With what federal, state, and/or
organizational regulations regarding information systems and data management
must your organization comply? How can you identify these regulations? How can
you remain informed about changes in these requirements? How can your organization
or industry influence these regulations?
Week 7
discussion DQ1 Personal/Group Ethics
What is ethics? Is it a cultural standard
or an individual standard? Do managers have a responsibility to maintain an
ethical standard within a department? If so, how is the expected ethical
standard established? How is it documented? How is compliance measured? What
happens when an individual's ethical standard conflicts with the group
standard? How should members of the group react? How should the individual
react?
DQ2 Security Skills
What skills are needed by personnel working
in information security? List some job titles in the field and come up with
some required qualifications and some desirable qualifications. Take a look at
some job listings and resumes for ideas. After all, you may be applying for one
of these jobs soon!
=========================================================================
=========================================================================
No comments:
Post a Comment