CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version CMGT 431 Entire Course Link

CMGT/431 INFORMATION SYSTEMS SECURITY CMGT 431 Entire Course Link CMGT 431 Wk 2 Security Vulnerability Report CMGT 431 Wk 3 Authentication and Authorization Methodologies Presentation CMGT 431 Wk 4 Testing and Assessment Strategies Paper CMGT 431 Wk 5 Incident Response Paper

CMGT 431 Wk 2 Security Vulnerability Report A security vulnerability report identifies the areas of the organization that are at risk of losing data, experiencing outages, etc. Typically, organizations categorize the information in the report to focus on specific areas and highlight the levels of risk for each area. Organizations typically use the information in the vulnerability report for budgeting and resource management. Write a 3 to 4-page security vulnerability report using the organization you chose in Week 1. To help you with the assignment, an internal review of your organization was previously conducted, and the organization was found to have following vulnerabilities: A formal Password Policy has not been developed that meets your organization’s regulatory requirements. The organization only uses single factor authentication using weak passwords. Vulnerability Severity: High Impact: Threats could easily guess weak passwords allowing unauthorized access. Software configuration management does not exist on your organization’s production servers. There are different configurations on each server and no operating system patching schedule. Vulnerability Severity: Moderate Impact: With ad hoc configuration management, the organization could inadvertently or unintentionally make changes to the servers that could cause a self-imposed denial of service. An Incident Response Plan has not been developed. There is not a formal process for responding to a security incident. Vulnerability Severity: High Impact: In the event of a security incident, an ad hoc process could allow the security incident to get worse and spread throughout the network; the actual attack may not be recognized or handled in a timely manner giving the attacker more time to expand the attack. Consider people, processes, and technology that can be exploited by the source of a threat. Include recommended countermeasures to mitigate the impacts and risks of the vulnerabilities. CMGT 431 Wk 2 Security Vulnerability Report

CMGT 431 Entire Course Link ********************************************** CMGT 431 Wk 3 Authentication and Authorization Methodologies Presentation Once a user is authenticated in an organization’s network, that user is authorized to access certain data based on the information security principle of least privilege. Your CEO and CIO need options for the organization’s authentication and authorization methodologies. Recommendations should include how to mitigate the impact and risks from vulnerabilities. Create an 9- to 11-slide, media-rich presentation in Microsoft ® PowerPoint ® for the organization you chose in Week 1. Your audience is the CEO and the CIO, so the presentation must be professional and targeted at an executive audience. Include speaker notes to show what points you are covering during the presentation. Ensure you provide: Descriptions of at least 3 roles employed in the organization you chose in Week 1 Descriptions of at least 3 common attacks against access control methods, including the password policy vulnerability as described in the vulnerability report CMGT 431 Entire Course Link

********************************************** CMGT 431 Wk 4 Testing and Assessment Strategies Paper Refer to NIST SP (Rev. 4) for the 18 candidate security control families and associated security controls. Security Assessment must be incorporated into the Software Development Life Cycle (SDLC) in order to be a secure, integrated process. Testing of selected security controls ensures that applications meet business requirements, function as designed, and protect associated data securely from attack. A security assessment of the targeted environment identifies vulnerabilities that may cause a security breach and specifies the security controls to mitigate the vulnerabilities. For this assignment, use the organization you chose in Week 1. Part I: Mapping Vulnerabilities to Security Controls Choose 5 distinct security control families as specified in NIST SP (Rev. 4) that are most applicable to your organization’s known vulnerabilities. CMGT 431 Entire Course Link

********************************************** CMGT 431 Wk 5 Incident Response Paper Cyber security tools are available to organizations requiring integration of its problem management, configuration management, and incident management processes. The CEO and CIO have asked you to create an IRP and change management plan. These plans will help the organization choose the appropriate cyber security strategy and tools. Part I: Incident Response Plan Incident response is a disciplined methodology for managing the aftermath of a security breach, cyberattack, or some other security incident. An IRP provides an organization procedures that effectively limit the impact on the data, system, and business and reduces recovery time and overall cost. Create a 1- to 2-page IRP using Microsoft Word for the organization you chose in Week 1. In your plan, ensure you: Discuss roles and responsibilities. Discuss the critical activities for each of the 5 phases in the incident response process. List at least 3 cyber security tools that work together to monitor the organization’s network for malicious and abnormal activity. CMGT 431 Entire Course Link