Description
Devry SEC 360 Full Course Latest
Devry SEC 360 Full Course [ all discussions all quizes all assignment and final exam ]
Devry SEC 360 Week 1 Discussions Latest
Security Policy (graded) |
Policy is central to affecting security in organizations. Using the security policy for your workplace (or other organization with which you are familiar), what are some key features that allow personnel to control security? Are there any deficiencies? What can be added that would improve security?
Security CBK (graded) |
The security Common Body of Knowledge (CBK) describes what security professionals collectively know about the discipline. What knowledge domains are included in the CBK? What do you think will be added to the CBK in the future?
This section lists options that can be used to view responses.
Devry SEC 360 Week 2 Discussions Latest
Compliance Legislation (HIPAA) (graded) |
How can we utilize the four types of security policies to develop a HIPAA security program for organizations? What kinds of information does HIPAA protect? What kinds of organizations does HIPAA cover?
Intellectual Property (IP) (graded) |
Your organization has asked you to assist in the discussion about how to best protect its intellectual property (IP). The engineers in your organization have developed new database and ordering software to support a faster process for fulfilling customer orders.Which of the various forms of IP protection will you recommend for safeguarding the engineers’ work? Should it be protected at all? What does the organization risk by getting IP protection?
Devry SEC 360 Week 3 Discussions Latest
Snack Cake Security (graded) |
Your company has a special recipe for snack cakes. This snack cake is a key product in your company’s lineup, and it is responsible for a large majority of shareholder value. Using a security model described in the text, describ
Security and the OSI Model (graded) |
Security can have a cumulative effect. Consider the OSI model as a key component of the Common Body of Knowledge. For definitions of OSI layers, click here: .next.ecollege.com/ec/Courses/13775/CRS-DVUO-2148869/SSO/hub2/sso.html?node=2299″>OSI Layers. What is the OSI model about, and how can we use it when we are selecting security controls?
e an approach that will allow this important recipe to be kept secure.
Devry SEC 360 Week 4 Discussions Latest
Amusement Security (graded) |
Your company is in the business of entertainment; they run an amusement park. There are thousands of people all over the park every day. It is very important to control who has access to what, and not just for visitors, but for employees as well. Define groups of people, and indicate how you would control physical access for them.
Security Operations Changes (graded) |
Describe how to insert changes in the operational security of the organization. How do you manage those who do not want to accept the changes?
This section lists options that can be used to view responses.
Devry SEC 360 Week 5 Discussions Latest
Backup and Recovery Planning (graded) |
Why are backups so often overlooked in an organization? How do we sell the benefits of spending money on backup solutions to business managers and executives?
Access Control Lists (graded) |
Access control lists are very valuable for administering granular control over an organization’s resources. So why do a lot of organizations opt not to use them in lieu of more general super user or administrator accounts?
Devry SEC 360 Week 6 Discussions Latest
Cryptograhy (graded) |
Which algorithm is more secure: AES256 or AES128? Why?
The Enterprise Firewall is Dead (graded) |
A popular computer network publication stated at one time that the enterprise firewall was dead. It boldly stated that the exterior firewalls of the organization should be torn down and replaced with host-based firewalls instead. Is this insane, or is it the best new practice in security management? Explain your answer.
This section lists options that can be used to view responses.
Devry SEC 360 Week 7 Discussions Latest
Intrusion Detection (graded) |
Your organization’s business manager has read an article about how intrusion detection systems can help deter hackers. He or she wants to spearhead a campaign to deploy them around the company’s locations in three states. Since an IDS can help deter hackers, does this make it a worthwhile project, or is there some reason to be wary? Specific to this example, how do you respond to ad hoc security requests like this? In general, how can you keep requests like this in check
Secure as a Car (graded) |
Engineering software is like engineering a car; if one were so inclined, there could be a completely bug- and security-free application.Do you agree with this? Why or why not?
Devry SEC 360 Week 2 You Decide Latest
You Decide
Information Systems Use Security Policy: Write a paper consisting of 500-1,000 words (double spaced) about your experience in the Week 1 You Decide exercise. Briefly explain some of the issues that a company may face as it experiences growth, and begin to address the proper use of their information systems.
Students should see Appendix C of the textbook for examples of policies that address the issues that companies may face.
.equella.ecollege.com/file/e243c56d-5d14-4908-9359-5f698d368c0d/1/SEC360_W2_Assignments.html#”>View Grading Rubric
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these.next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this
Devry SEC 360 Week 5 & 6 You Decide Latest
YOU DECIDE
Scenario, Your Role, Key Players
Information Systems Use Security Policy
ScenarioScenario descriptionRoleWhat is Your Role in this scenario?PlayersLearn more about the Key Players in this scenario.DeliverableWhat would you to resolve this scenario?
Scenario
Sunshine Machine Works, who recently expanded its infrastructure, now needs to ensure that any authorized employee can access the intranet. Sales people and management staff frequently travel to remote locations, and often require access to documents stored on the intranet file server.Play.equella.ecollege.com/file/7dd452b7-36a7-47d0-a6b6-cff6c42dacf7/1/SEC360_W5_YouDecide.html#”>00:00Mute.equella.ecollege.com/file/7dd452b7-36a7-47d0-a6b6-cff6c42dacf7/1/SEC360_W5_YouDecide.html#”>
Role
You are the IT Services manager for Sunshine Machine Works. You are to assess the information presented and provide a response to management on how remote access may be handled for Sunshine Machine Works.Play.equella.ecollege.com/file/7dd452b7-36a7-47d0-a6b6-cff6c42dacf7/1/SEC360_W5_YouDecide.html#”>00:00Mute.equella.ecollege.com/file/7dd452b7-36a7-47d0-a6b6-cff6c42dacf7/1/SEC360_W5_YouDecide.html#”>
Players
StoneChief Executive Officer Margie NelsonChief Financial Officer GarThomasGeneral Manager
Deliverable
Given the scenario, your role and the information provided by the key players involved, it is time for you to make a decision.<br><br>If you are finished reviewing this scenario, close this window and return to this Week’s You Decide tab, in eCollege, to complete the activity for this scenario.<br><br>You can return and review this scenario again at any time.
YOUDECIDE
Activity
| Assignment |
| Since you are responsible for IT Services and want to keep the systems and network functioning effectively, you will want to provide technical guidance and leadership on this issue.
Follow the instructions provided in the You Decide Exercise: Cryptographic Tunneling and the OSI Model.
|
Grading Rubric:
| Category | Points | Description |
| Understanding | 20 | Demonstrate a strong grasp of the problem at hand. Demonstrate understanding of how the course concepts apply to the problem. |
| Analysis | 20 | Apply original thought to solving the business problem. Apply concepts from the course material correctly toward solving the business problem. |
| Execution | 10 | Write your answer clearly and succinctly using strong organization and proper grammar. Use citations correctly. |
| Total | 50 | A quality paper will meet or exceed all of the above requirements. |
Note!
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox
<pclass=”block_indent” style=”box-sizing: border-box; user-select: initial !important;”>Cryptographic Tunneling and the OSI Model
Write a paper consisting of 500-1,000 words (double-spaced) on the security effects of cryptographic tunneling based on an understanding of the OSI (Open Systems Interconnect) model (Review the OSI Simulation in the Week 3 Lecture).
Provide input on the type of cryptographic tunneling protocols (e.g., L2TP, IPSEC, SSL, etc.) that may be used, the layer(s) of the OSI at which each operates, and also recommend how they may be implemented. Cryptographic tunneling is inherent in building any common virtual private network (VPN).
.equella.ecollege.com/file/1c65cf51-db98-408b-ba0e-8305b53b1c2e/1/SEC360_W6_Assignments.html#”>View Grading Rubric
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions
</pclass=”block_indent”>
Devry SEC 360 Week 5 Physical Security Simulation Report
Physical Security Simulation Report
Compose a report on the experience of performing the Physical Security survey. Students will write a report consisting of 250-500 words (double-spaced) on experiences in the Physical Security Simulation (see tab under Week 4).
.equella.ecollege.com/file/0fc6ad09-df54-4d46-99a9-7b8d50a8c821/1/SEC360_W5_Assignments.html#”>View Grading Rubric
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these.next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions
Physical Security Simulation Report
Compose a report on student experience in performing the Physical Security survey. Students will write a 250–500 word report (double-spaced) on experiences in the Physical Security Simulation.
Note: The correct information for the physical security survey is provided at the end of the simulation. The people who were interviewed were aware ahead of time that the survey was to take place and were also aware of the problems of concern to management.
Students should focus on the problems of acquiring good information through a physical security survey. Did the people you interviewed mislead you (either intentionally or unintentionally)? How did you go about obtaining good or correct information?
The purpose of this project is to make students aware of some important issues that arise in a facility security survey.
Devry SEC 360 Week 1 Quiz Latest
(TCO 1) Defense-in-depth is a _____.
security requirement
security model
security strategy
security policy
security control
Question 2. Question :
(TCO 1) What are the common effects of controls?
Prevention, detection, and response
Administration, technology, and physical
Detection, accounting, and access control
Identification, audit, and access control
Confidentiality, integrity, and availability
Question 3. Question :
(TCO 1) Information security managers should not be motivated by _____.
IN concern for the well-being of society
governmental regulation
fear, uncertainty, and doubt
promotion potential
readiness
:
Question 4. Question :
(TCO 1) The unique security issues and considerations of every system make it crucial to understand all of the following, except _____.
security standards
security skills of developers
hardware and software security configurations
data sensitivity
IN the business of the organization
Question 5. Question :
(TCO 2) Which of the following domains is not part of the IISSCC CBK?
Architecture
Project Management
Ethics
Law
Operations Security
Question 6. Question :
(TCO 2) A security event that causes damage is called _____.
IN a compromise
a violation
an incident
a mishap
a transgression
Question 7. Question :
(TCO 2) What is the enemy of security?
Industry
Foreign nations
Competitors
Complexity
People
Question 8. Question :
(TCO 2) What are the effects of security controls?
Confidentiality, integrity, and availability
Administrative, physical, and operational
Detection, prevention, and response
Management, operational, and technical
None of the above
Question 9. Question :
(TCO 1) Policies and procedures are often referred to as _____.
models
a necessary evil
guidelines
documentation
Question 10. Question :
(TCO 2) There are _____ domains of the Common Body of Knowledge.
12
nine
11
10
Devry SEC 360 Week 3 Quiz Latest
(TCO 3) _____ conduct periodic risk-based reviews of information assets, policies, and procedures.
Security testers
Vendor managers
Internal auditors
Access coordinators
Technical managers
Text, page 81
Points Received: 5 of 5
Comments:
Question 2. Question :
(TCO 3) An excellent document to review for best practices in security management is _____.
IN ISO/IEC 17799
BS 7799
ISO/IEC 27001
Appendix H of NIST SP 800-53
Any of the above
Points Received: Comments:
Question 3. Question :
(TCO 3) An organization’s security posture is defined and documented in _____ that must exist before any computers are used.
standards
guidelines
procedures
policies
All of the above
Text, pages 68-73
Points Received: 5 of 5
Comments:
Question 4. Question :
(TCO 3) What does SDLC stands for?
Software development license cycle
Software development life cycle
System development life cycle
System definition life cycle
None of the above
Lecture
Points Received: 5 of 5
Comments:
Question 5. Question :
(TCO 4) Various countries have different views of individual privacy. The European Union (EU) has very different privacy laws than the United States has. To allow U.S. companies better ease of operation in the European Union, the Department of Commerce negotiated the _____ with the EU.
privacy treaty
Memorandum of Agreement regarding privacy
Privacy Reciprocity Act of 1993
international safe harbor principles
Privacy Act of 1983
Text, page 150
Points Received: 5 of 5
Comments:
Question 6. Question :
(TCO 4) Which of the following “commandments” should be part of the information security professional’s code of ethics?
I will abide by the Constitution of the United States.
I will dress appropriately for the company environment.
I will protect the equities of senior management.
I will act honorably, honestly, justly, responsibly, and legally.
Text, page 154
Points Received: 5 of 5
Comments:
Question 7. Question :
(TCO 5) Information hiding or data hiding is implemented through _____.
abstraction
encapsulation
layering
isolated storage
encryption
Text, page 94
Points Received: 5 of 5
Comments:
Question 8. Question :
(TCO 5) A reference monitor is _____.
a security model
a security control
a network security model
only appropriate in ringed architecture
Text, page 90 and lecture
Points Received: 5 of 5
Comments:
Question 9. Question :
(TCO 4) Denial of service attacks, rogue code, and software piracy are some of the ways that _____ commit crimes.
aggressive programmers
computer enthusiasts
cyber criminals
foreign operatives
Text, page 144
Points Received: 5 of 5
Comments:
Question 10. Question :
(TCO 5) The _____ can be illustrated using something known as a ring of trust.
TCB
principle of least privilege
secondary storage zone
kernel
Text, page 91
Points Received: 5 of 5
Comments:
* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)
Devry SEC 360 Week 5 Quiz Latest
TCO 6) The layers of physical security defense in depth do not include _____.
monitoring (video or human)
intrusion detection/prevention
mechanical and electronic
environmental
security clearances
(Week 4 Lecture) Security clearances are personnel security controls. Authenticating clearances may well be part of the physical security process.
Points Received: 5 of 5
Comments:
Question 2. Question :
(TCO 6) Which of the following are categories of intrusion detection devices?
Door sensors
Biometric detectors
Perimeter detectors
Security detectors
All of the above
Text, pages 175-176
Points Received: 5 of 5
Comments:
Question 3. Question :
(TCO 6) Physical security deals with all of the following except _____.
buildings
logical systems
computer rooms
computer devices
fences
Text, Chapter 8, p. 165
Points Received: 5 of 5
Comments:
Question 4. Question :
(TCO 7) Security operations generally does not provide controls for _____.
IN personnel security
resource protection
backup and recovery of locally stored workstation data
privileged entity controls
virus scanning
Text, page 193
Points Received: 0 of 5
Comments:
Question 5. Question :
(TCO 7) Security operations does NOT use controls for _____.
threats
vulnerabilities
intrusions
communications devices
management decision making
(Lecture) Security operations provides information to management, but does not decide for management.
Points Received: 5 of 5
Comments:
Question 6. Question :
(TCO 8) Disaster recovery planning includes all of the following except _____.
IT systems and applications
application data
data entry users
networks
IN communication lines
Text, pages 129-133
Points Received: 0 of 5
Comments:
Question 7. Question :
(TCO 8) A business impact analysis identifies _____.
risks to the business
quantifies risks
risks to the business if critical services are discontinued
IN priorities of restoring critical services
All of the above
Text, Chapter 6, p. 128
Points Received: 0 of 5
Comments:
Question 8. Question :
(TCO 9) The minimum set of access rights or privileges needed to perform a specific job description is called _____.
separation of duties
least privilege
privileged controls
separation of privilege
Text, pages 188 & 206
Points Received: 5 of 5
Comments:
Question 9. Question :
(TCO 9) Which of the following is NOT true for RADIUS?
Uses remote access Dial-In User Service
Used by AOL to authenticate users
Creates a private tunnel between end points
Policies can be centrally administered
Can use multifactor authentication
(Text, p. 220) Radius is not a tunneling technology.
Points Received: 5 of 5
Comments:
Question 10. Question :
(TCO 9) The predominant strategy that is used to assure confidentiality is _____.
biometric authentication
discretionary access control
role-based access control
symmetric encryption
the principle of least privilege
Text, page 206
Points Received: 5 of 5
Comments:
* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)
Devry SEC 360 Week 7 Quiz Latest
(TCO 10) Secure hashing is also known as _____.
public-key cryptography
a message digest
Transport Layer Security
Secure Sockets Layer
IPSec
Instructor Explanation: Week 6 Lecture and page 239 of course text
Points Received: 5 of 5
Comments:
Question 2. Question :
(TCO 10) Which of the following uses symmetric-key or shared-secret cryptography?
AES
RSA
Diffie Hellman
IN MD5
PSA
Instructor Explanation: Week 6 Lecture and pages 244-245 of course text
Points Received: 0 of 5
Comments:
Question 3. Question :
(TCO 11) Firewalls do not _____.
block unauthorized traffic
detect tampering
use simple software
filter words or phrases in traffic
enforce a security policy
Instructor Explanation: Week 6 Lecture and pages 275-279 of course text
Points Received: 0 of 5
Comments:
Question 4. Question :
(TCO 11) Which of the following is not a characteristic of a proxy server?
Configured to allow access only to specific systems
Maintains detailed audit information
Dependent on all other proxies on the bastion host
Runs as a nonprivileged user
Any service that is not supported by the proxy server is blocked.
Instructor Explanation: Page 273 of course text and Week 6 Lecture
Points Received: 5 of 5
Comments:
Question 5. Question :
(TCO 12) Modern intrusion detection systems act as sensors for hosts and network devices and work in a centrally controlled distributed fashion using _____.
software
remote procedure calls
agent technology
common interfaces
access to local audit records
Instructor Explanation: (Week 7 Lecture) Distributed agent technology with a central management module is most common.
Points Received: 0 of 5
Comments:
Question 6. Question :
(TCO 12) A decoy used to lure intruders into staying around is called a(n) _____.
pharm
phish
entrapment
honeypot
mug of ale
Instructor Explanation: (Week 7 Lecture) A honeypot is a decoy to capture the attention of intruders. A mug of ale might work, but that is not software!
Points Received: 5 of 5
Comments:
Question 7. Question :
(TCO 12) An event where seemingly harmless data is forwarded by the router to a host on an internal network is known as a _____.
drive-by attack
proxy-server attack
data-driven attack
penetration testing
steganography
Instructor Explanation: Page 271 of course text
Points Received: 5 of 5
Comments:
Question 8. Question :
(TCO 13) Which form of malware is dependent on operating systems and replicating?
Trap door
Virus
Worm
Trojan
Logic bomb
Instructor Explanation: Week 7 Lecture and page 304 of course text
Points Received: 5 of 5
Comments:
Question 9. Question :
(TCO 13) Which phase of the SDLC should have security representation?
Concept definition
Requirements definition
Design
Test and Evaluation
All phases
Instructor Explanation: Week 7 Lecture and page 307 of course text
Points Received: 5 of 5
Comments:
Question 10. Question :
(TCO 13) Which form of malware contains hidden and malicious functions disguised as a utility program that performs useful work?
Trap door
Virus
Worm
Trojan horse
Logic bomb
Instructor Explanation: Page 304 of course text
Points Received: 5 of 5
Comments:
* Times are displayed in (GMT-07:00) Mountain Time (US & Canada)
Devry SEC 360 Final Exam Latest
Page 1
Question 1.1. (TCO 1) Security policy contains three kinds of rules as policy clauses. What are they? (Points : 5)
Preventive, detective, and responsive
Prohibitive, permissive, and mandatory
Administrative, technical, and physical
Management, technical, and operational
Roles, responsibilities, and exemptions
Question 2.2. (TCO 2) The _____ of the 17 NIST control _____ can be placed into the 10 IISSCC _____ comprising the common body of knowledge for information security. (Points : 5)
technologies, domains, families
controls, families, domains
domains, families, technologies
principles, domains, families
controls, domains, principles
Question 3.3. (TCO 2) What are the effects of security controls? (Points : 5)
Confidentiality, integrity, and availability
Administrative, physical, and operational
Detection, prevention, and response
Management, operational, and technical
Question 4.4. (TCO 3) Three of the most important jobs of security management are to ensure _____ are organized according to sensitivity, ensure that roles maintain _____, and to manage _____ because that is the enemy of security. (Points : 5)
assets, accountability, software
assets, separation of duties, complexity
software, separation of duties, complexity
software, accountability, people
people, separation of duties, technology
Question 5.5. (TCO 4) “There shall be a way for an individual to correct information in his or her records” is a clause that might be found in a _____. (Points : 5)
law
code of ethics
corporate policy
fair information practices statement
Any of the above
Question 6.6. (TCO 5) Evaluation of ideas for security may use _____, which are _____ that are not meant to be _____. (Points : 5)
criteria, models, solutions
controls, abstractions, solutions
solutions, abstractions, models
models, abstractions, solutions
models, controls, solutions
Question 7.7. (TCO 6) Many believe that the most important physical security control is _____. (Points : 5)
closed-circuit television
a good security plan
an educated workforce
certified security staff
resources
Question 8.8. (TCO 7) The mission of the security operations center might best be described as _____. (Points : 5)
continuous monitoring
maintaining the known good state
policy enforcement
reporting to management
configuration management
Question 9.9. (TCO 8) Alternate sites used in disaster recovery would normally not include which of the following? (Points : 5)
Hot site
Cold site
Warm site
Shared site
Alternate site
Question 10.10. (TCO 9) The basic elements of any access control model is a reference monitor that mediates access to _____ by _____. (Points : 5)
files, people
objects, subjects
files, principals
named resources, named users
computer time, applications
Question 11.11. (TCO 10) In a network system, you will normally find that _____ are encrypted using asymmetric cryptography, and _____ are encrypted using symmetric cryptography. (Points : 5)
signatures, messages
messages, data
hash totals, messages
messages, hash totals
data, messages
Question 12.12. (TCO 10) A company wants to assure customers that their online transactions are secure. Given this scenario, what should the company do? (Points : 5)
Use symmetric keys
Issue smart cards
Implement SSL
Use IPSec
Set up VPN connections
Question 13.13. (TCO 11) A packet-filtering router operates at OSI Layer 3 so it can filter Internet protocol source and destination addresses, but it can also filter _____ port numbers. (Points : 5)
Layer 1
Layer 2
Layer 3
Layer 4/7
applications
Question 14.14. (TCO 12) The two standard approaches to intrusion detection are _____ and _____. (Points : 5)
access control, firewall
anomaly, rule
policy, label
role, account
user, program
Question 15.15. (TCO 13) All of the following are obscure reasons why distributed systems are more prevalent now than in the past, expect for which one? (Points : 5)
Improved performance
Increased availability
Greater versatility
Efficient business models
Page 2
Question 1. 1. (TCO 1) Explain what is wrong with this policy clause, and show how you could fix it. People shall obey corporate policies. (Points : 15)
Question 2. 2. (TCO 2) Briefly explain the relationship of the known good state to the three effects of security controls–prevention, detection, and recovery. (Points : 15)
Question 3. 3. (TCO 3) Briefly explain how defense in depth is a management strategy for security. (Points : 15)
Question 4. 4. (TCO 4) Briefly explain what needs to be accomplished before your company monitors the activities of authorized users of your company systems, and then explain what should be accomplished to legally monitor the activities of a hacker (unauthorized user) of your system. (Points : 15)
Question 5. 5. (TCO 5) Explain the effects of the three goals of information security. (Points : 15)
Question 6. 6. (TCO 6) Briefly describe the idea of a smart card. (Points : 15)
Question 7. 7. (TCO 7) Explain the purpose of a security operations center. (Points : 15)
Question 8. 8. (TCO 8) Explain the term warm site. (Points : 15)
Page 3
Question 1. 1. (TCO 9) Distinguish between an access control list and a capabilities list. (Points : 15)
Question 2. 2. (TCO 10) Briefly explain why key management is a critical requirement for a good symmetric cryptographic solution. (Points : 15)
Question 3. 3. (TCO 11) Explain how a demilitarized zone might be used to protect critical resources that are not to be shared outside of an organization. (Points : 15)
Question 4. 4. (TCO 11) What is often another term for a bastion host? (Points : 15)
Question 5. 5. (TCO 12) Explain what the symbol P(A|B) means. (Points : 15)
Question 6. 6. (TCO 12) Summarize the benefits of application-level gateways. (Points : 15)
Question 7. 7. (TCO 13) Briefly explain what object orientation is and what it is used for. (Points : 15)
DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for Devry SEC 360 Full Course Latest, then contact us through call or live chat.
Devry SEC 360 Full Course Latest
Reviews
There are no reviews yet.