Description
Devry SEC 440 Full Course Latest
Devry SEC 440 Full Course [ All Discussions , ALL Homework All Quizes And Final Exam]
Devry SEC 440 Week 1 Discussions Latest
Good Components of a Security Policy (graded)
What are good components of an organizational information security policy? What are some areas that you think should be addressed?
This section lists options that can be used to view responses.
Obstacles to Implementing Security Policies (graded)
What are the main obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?
Devry SEC 440 Week 2 Discussions Latest
Organizational Buy-In (graded) |
What are some things that you might try doing to get everyone in an organization to support your policy suggestions? What do you think will be the motivations of people objecting to the changes? How might you try to overcome these objections?
This section lists options that can be used to view responses.
Devry SEC 440 Week 3 Discussions Latest
Identifying an Organization’s Assets (graded) |
How do you go about identifying an organization’s assets? Where do you start? Who do you ask and what do you ask them?
Employee Screening (graded) |
Do you think it is fair to check into a potential employee’s credit history before deciding to hire him or her? Why or why not?
This section lists options that can be used to view responses.
Devry SEC 440 Week 4 Discussions Latest
New Data Center (graded)
You’re a network engineer. Your boss comes in and asks for your opinion on the top three things to do concerning security. When designing a new data center, what would you recommend?
New Security Measures (graded)
Consider your home, school, or current place of employment. What would you do to increase your organization’s physical security? Try to think of the most cost-effective measures that would have the biggest impact.
This section lists options that can be used to view responses.
Devry SEC 440 Week 5 Discussions Latest
Operations Security Considerations (graded)
In an organization, there are many potential security threats from both inside and outside of the network.
What are some operational security considerations that you, as a security professional, need to contend with? What security policies and procedures can help protect your business operations?
Authentication (graded)
Having security policies and procedures that document and manage access to critical data and technology is one thing, but actually controlling the access is another. Describe and evaluate how authentication controls can enforce security policies within an organization.
This section lists options that can be used to view responses.
Devry SEC 440 Week 6 Discussions Latest
Secure System Development Processes (graded)
New software systems are written by software developers. So let’s discuss at what points in a system development process it would make sense to have some information security checkpoints (i.e., points where the security of the code being developed could be checked).
This section lists options that can be used to view responses.
Federal Regulations and Security (graded)
Please discuss the pros and cons of improving information security with federal regulations. How well received are the regulations in the affected industries? Have they helped?
This section lists options that can be used to view responses.
Devry SEC 440 Week 7 Discussions Latest
Personal Data (graded)
Phishing attacks use both social engineering and technical deceptions to steal personal identity data and financial account identification. Social engineering schemes use “spoofed” e-mails to lead consumers to fake websites designed to trick the addressee into revealing financial data, such as credit card numbers, account usernames, passwords, and social security numbers. Hijacking the names of banks, e-tailers, and credit card companies, phishers often convince naive recipients to respond. Technical deception schemes plant worms and viruses onto PCs to steal identification directly, often using Trojan keylogger spyware. Pharming crimeware diverts users to counterfeit sites or proxy servers, characteristically from DNS hijacking or poisoning.
Consider legitimate and illegitimate uses of a person’s confidential information. What are some of the uses that could make this information valuable to legitimate and illegitimate businesses?
Healthcare Information Risks (graded)
As hospitals get ready for comprehensive information automation, healthcare organizations consider how new systems and software can be protected from intrusions and illegal information access. Understanding these situations can help direct future IT spending decisions, as well as make certain that hospital organizations do not face expensive fines or lawsuits.
Think of how data are typically used in a hospital. Consider the number of employees and the uses of confidential information in a hospital. What are some of the ways that data could be compromised in such an environment?
Devry SEC 440 Week 1 Homework Latest
HomeworkWEEK 1
Selling Security to the Organization
Please type a three- to five-page (800 to 1,200 words) paper. Using APA style, assess the importance of developing a comprehensive security policy within the organization. What you need to convey to your CEO is that network attacks are continuing to make the news and organizations have reacted by increasingly spending more of their overall IT budget on security. Business executives are starting to have questions about what they’re receiving for their increased IT security spending. Make the case to justify this spending by describing at least five main sections of an information security policy and the business benefits generated if a company’s employees comply with each section. Use transition words, a thesis statement, an introduction, a body, a conclusion, and a reference page with at least two references. Use double-spaced, 12-point Arial font.
Assignment Grading Rubric
| Graded Element | Percentage |
Assignment Content
|
80% |
| Required Length | 10% |
| Spelling and Grammar | 5% |
| APA Style | 5% |
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this Tutorial .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=232″>Dropbox Tutorial.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
Devry SEC 440 Week 3 Homework Latest
SCENARIO
Scenario, Your Role, Key Players
The infectious company, Grocery Stores, Inc. has just been breached by what was first thought to be a remote attacker who infected the supermarket chain with a server based malware program. However, after a security assessment was performed, it was confirmed that it was an inside job. Apparently, a new and sophisticated plan was developed by a disgruntled employee. The attacker slipped malware onto servers at all of the company’s 200 grocery stores. The malware appears to have snatched card data from customers as they swiped their credit cards through the checkout counter machine and transferred the card data overseas. Scenario description You’ve been hired as an information security administrator for Grocery Stores, Inc. Your duty is to assess the situation and determine the best course of action to take to ensure that the security breach is contained and eradicated. You will need to interview key staff members and decide how which member(s) can best assist you in eliminating this risk. What is Your Role in this scenario? The fact that the malware was not the ordinary kind of key logger program that might capture keyboard presses as a customer logs into their online bank account, but was instead software programmed to lift credit card data as it was being transmitted to the servers at Gregory Stores, Inc, suggests that the malware program had to be written specifically to target our stores and deployed from inside the company network. It seems almost too much of a coincidence to believe that remote hackers would have a chance to infect every server with the appropriate malware by using traditional security flaws such as a misconfigured firewall, or even an out-of-date antivirus application. We have over 20 network administrators throughout multiple branch offices and satellite locations. Security was set up so that each network administrator had the same security access and privileges to each location. In hindsight, I believe that while having redundant or equal security privileges for all network administrators can be a good thing; it can also be a major security hole. That is because the administrators have access to the entire system and not just their local area network. The possibility that the security breach of Grocery Stores, Inc. was performed by an employee is very disturbing. We must review our current employee hiring policies and procedures to insure that we are performing the appropriate background checks and monitoring our employees to make sure that valuable customer data is both secured and protected from external threats and internal employees. We can’t have our I.T. professional circumventing the system because they have elevated privileges that give them unfettered access to valuable company data. We must review the current job descriptions and duties of all personnel who have access to customer data and only give access where appropriate. Also, during the termination and/or transfer process, we need to be sure that we have done the steps necessary to disable security access so that we do not have any rogue accounts. The recent security breach at Grocery Stores, Inc.indicates to us that our security policies and procedures need serious scrutiny and oversight. However, even if we were found compliant with all security controls and financial protection measures, the fact remains that we were hacked. A major concern at many corporations is the potential for a man-in-the-middle attack, where an attacker can install a sniffer program and pull out the data as it flows through. You can reduce the risk of this type of attack by encrypting the data at the time it transverses the network. I also want to review the training policies and procedures of our personnel to make sure that everyone understands the rules, is complying, and that there are punitive measures in place to reduce the risk of incidents like these from happening again. The security breach at Grocery Stores, Inc. has caused major damage to the reputation and trust that our customers and stakeholders have in this organization. This cannot be tolerated; security of our valuable data is paramount. As CEO of this company, I am responsible for insuring security of our critical data and compliance. Security must be an important concept to every employee from top to bottom.We must demonstrate adequate internal controls of business records and information security. We need a layered security program so that if one defense is unsuccessful, the attacker must poke through other defenses. Even with a layered security program, there’s no guarantee that the company can prevent every attack from succeeding. Good security requires constant care and it doesn’t take much for a vulnerable opening to develop. We will do everything possible now and review for potential updates monthly in the future.Learn more about the Key Players in this scenario. Given the scenario, your role and the information provided by the key players involved, it is time for you to make a decision.<br><br>If you are finished reviewing this scenario, close this window and return to this Week’s You Decide tab, in your course, to complete the activity for this scenario.<br><br>You can return and review this scenario again at any time. What would you to resolve this scenario?
YOU DECIDE
Activity
Based on your assessment of the security breach and interviewing the staff in the scenario, develop a server malware protection policy that accounts for the concerns of the stakeholders involved in mitigating the risk of a malware attack; network security controls that prevent the infiltration of viruses, worms, and/or malware; and reducing the chances that the attack originates from an internal source. Please draft an 800–1,200 word paper and submit it to the Dropbox. Use transition words, a thesis statement, an introduction, a body, a conclusion, and a reference page with at least two references. Also, use double-spaced, 12-point Arial font.
Grading Rubric
| Grading Element | Percentage |
Assignment Content
|
80% |
| Required Length | 10% |
| Spelling and Grammar | 5% |
| APA Style | 5% |
| Total | 100% |
Note! Submit your assignment to the Dropbox l
Devry SEC 440 Week 5 Homework Latest
Homework
Security Measures Paper
You have just been hired as the security administrator of a major organization that was recently breached by a social engineer. After a thorough analysis of the network security, you have determined that there was no security plan in place and no standard operating procedures for e-mail, acceptable use, physical security, and incident response.
Please type a three to five page (800 to 1,200 word) paper using APA style, explaining your recommendations and why you think that they are necessary.
Use transition words, a thesis statement, an introduction, a body, a conclusion, and a reference page with at least two references.Use double-spaced, 12-point Arial font.
Assignment Grading Rubric
| Graded Element | Percentage |
Assignment Content
|
80% |
| Required Length | 10% |
| Spelling and Grammar | 5% |
| APA Style | 5% |
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this Tutorial .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=232″>Dropbox Tutorial.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
Devry SEC 440 Week 7 Homework Latest
Homework
HIPAA Compliance
You are a security engineer for a hospital group based in Cincinnati, OH. Your group has just acquired a small hospital in Alba, IA.Currently, everything except insurance billing is done on paper forms. The company CSO has asked you to draft a memo that gives an overview of what will be necessary to bring this small hospital into HIPAA security compliance. Please draft an 800- to 1,200-word paper and submit it to the Dropbox.
Please type a three- to five-page (800 to 1,200 word) paper using APA style, explaining your recommendations and why you think that they are necessary.
Assignment Grading Rubric
| Graded Element | Percentage |
Assignment Content
|
80% |
| Required Length | 10% |
| Spelling and Grammar | 5% |
| APA Style | 5% |
Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this Tutorial .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=232″>Dropbox Tutorial.
See the Syllabus section “Due Dates for Assignments & Exams” for due date information.
Devry SEC 440 Week 2 Quiz Latest
QUIZ 2
(TCO 1) Why is it important to prepare written policies?
It lets the policies be communicated more easily.
This helps to ensure consistency.
A policy is part of the corporate culture.
It is required by law.
In: Chapter 1, page 11
Points Received: 4 of 4
Comments:
Question 2. Question :
(TCO 2) Which of the following is NOT a threat to data confidentiality?
Hackers
Encryption
Improper access controls
IN Social engineering
In: Chapter 3, page 67
Points Received: 0 of 4
Comments:
Question 3. Question :
(TCO 1) Which of the following is MOST likely to reflect the policy audience for a corporate ethics policy at Acme Manufacturing?
All Acme Manufacturg employees and all vendors and service providers
All full- and part-time employees of Acme Manufacturg and its subsidiaries
The Acme Manufacturg board of directors
The fance, human resources, and marketg departments of Acme Manufacturg
: Chapter 2, page 45
Pots Received: 0 of 4
Comments:
Question 4. Question :
(TCO 2) Which of the followg are all federal regulations?
Sarbanes-Oxley, IEEE 802.11, and NIST 800-34
GLBA, HIPAA, and Sarbanes-Oxley
GLBA, HIPAA, and IEEE 802.11
GLBA, NIST 800-34, and Sarbanes-Oxley
: Chapter 2, page 41
Comments:
Question 5. Question :
(TCO 1) When should formation security policies, procedures, standards, and guideles be revisited?
As dicated the policy
Never; once they are written and published, they must be adhered to
Annually
When dictated by change drivers
: Chapter 1, page 18
Pots Received: 0 of 4
Comments:
Question 6. Question :
(TCO 2) What is a valid defition of data tegrity?
Knowg that the data on the screen have not been tampered with
Data that are encrypted
Data that have not been accessed by unauthorized users
The knowledge that the data are transmitted ciphertext only
: Chapter 3, page 69
Comments:
Question 7. Question :
(TCO 1) What should be the consequences of formation security policy violations?
Always up to, and cludg, termation
Immediate revocation of all user privileges
Commensurate with the criticality of formation the policy was written to protect
Violations cited the person’s annual performance review
: Chapter 1, page 24
Comments:
Question 8. Question :
(TCO 2) Match the followg terms to their meangs.
: Change driver » 2 : Any event that impacts culture, procedures, and activities with an organization
: Acceptable use agreement » 1 : List of actions that employees are not allowed to perform while usg company-provided equipment
: Statement of authority » 3 : troduction to the policy document
: Security policy document policy » 4 : Policy about a policy
: Chapter 4, page 95
Comments:
Question 9. Question :
(TCO 1) Which of the followg best describes how the penalties defed the Policy Enforcement Clause should relate to the fractions?
Any fraction should result suspension or termation.
The same penalty should apply each time an fraction occurs.
The penalty should be proportional to the level of risk curred as a result of the fraction.
Penalties should be at the discretion of management.
: Chapter 2, page 48
Comments:
Question 10. Question :
(TCO 2) Data tegrity is
protectg the data from tentional or accidental disclosure.
makg sure the data are always available when legitimately needed.
protectg the data from tentional or accidental modification.
makg sure the data are always transmitted encrypted format.
: Chapter 3, page 69
Comments:
Question 11. Question :
(TCO 1) Which is the worst that may happen if formation security policies are out of date or address technologies no longer used the organization?
People may take the policies less seriously or dismiss them entirely.
Executive management may become upset.
The company may cur unnecessary costs to change them.
People may not know which policy applies.
: Chapter 1, page 23
Comments:
Question 12. Question :
(TCO 2) Which of the followg federal regulations pertas to the medical field?
FERPA
GLBA
HIPAA
SOX
: Chapter 4, page 95
Comments:
Question 13. Question :
(TCO 1) which of the followg ways does understandg policy elements help you terpret your organization’s formation security policies?
Awareness of policy elements helps you determe the strength of the policy and whether you should take it seriously.
If you understand policy elements, you will be able to change the policies.
Knowg the purpose and goal of each section of the policy can help you better understand the tent of the policy, as well as how the policy applies to you.
You need to know the policy elements order to determe which parts of the policy apply to you.
Question 14. Question :
(TCO 2) Which of the followg federal regulations pertas to the educational field?
FERPA
GLBA
HIPAA
SOX
Question 15. Question :
(TCO 1) Which of the followg is an important function of the statement of authority?
It provides a bridge between an organization’s core values and security strategies.
It dicates who to talk to if you want to request a change the policy.
It describes the penalties for policy fractions.
It references standards, guideles, and procedures that the reader can consult for clarification of the policy.
Devry SEC 440 Week 4 Quiz Latest
(TCO 3) Which section of the ISO 17799 deals with asset classification?
2
3
4
5
Points Receied: 4 of 4
Comments:
Question 2. Question :
(TCO 4) The age group most inclined to use an online job search is
30 to 49.
18 to 29.
50 to 64.
None of the aboe—33% of persons across all age groups use online job searching.
Chapter 6, page 151
Points Receied: 4 of 4
Comments:
Question 3. Question :
(TCO 5) In ISO 17799, an area where assets are protected from man-made and natural harm is known as
secure area.
mantrap.
company property.
security perimeter.
Chapter 7, page 186
Points Receied: 4 of 4
Comments:
Question 4. Question :
(TCO 3) When it comes to information security, what is the purpose of labeling?
Communicating the sensitiity leel
Communicating the access controls
Enforcing the access controls
Auditing the access controls
Chapter 5, page 129
Points Receied: 0 of 4
Comments:
Question 5. Question :
(TCO 4) A security clearance inestigation does NOT inole research into a person’s
character.
reliability.
family connections.
trustworthiness.
Chapter 6, page 154
Points Receied: 4 of 4
Comments:
Question 6. Question :
(TCO 5) The clear desk and clear screen policy is the way to aoid which of the following kinds of physical attacks?
Shoulder surfing
Reprinting the last document from the fax machine
Looking at papers on desks
All of the aboe
Chapter 7, page 201
Points Receied: 4 of 4
Comments:
Question 7. Question :
(TCO 3) Information needs to be handled according to
its classification leel.
the statement of authority.
the access controls set forth in the asset management policy.
IN the access controls set forth in the affirmation agreement.
Chapter 5, page 129
Points Receied: 0 of 4
Comments:
Question 8. Question :
(TCO 4) Which of the following is a component of an affirmation agreement?
Statement of authority
Background check
Job description
Credit history
Chapter 6, page 160
Points Receied: 4 of 4
Comments:
Question 9. Question :
(TCO 5) What is the goal of the physical entry controls policy?
Restrict the knowledge of, access to, and actions within secure areas
Require authorized users to be authenticated and isitors to be identified and labeled
Require perimeter controls as appropriate
Make sure the organization pays attention to potential enironmental hazards and threats
Chapter 7, page 189
Points Receied: 4 of 4
Comments:
Question 10. Question :
(TCO 3) This is known as the process of downgrading the classification leel of an information asset.
Declassification
Classification reiew
Reclassification
Asset publication
Chapter 5, page 130
Points Receied: 4 of 4
Comments:
Question 11. Question :
(TCO 4) Match each of the following with its example.
: Security education » 3 : Recertification training for the network administrator
: Security training » : A presentation on creating good passwords
: Security awareness » 1: Posters reminding users to report security breaches
Chapter 6, page 165
Points Receied: 1.33 of 4
Comments:
Question 12. Question :
(TCO 5) Which of the following might the working in secure areas policy restrict from being brought into a facility?
Cameras
Recording deices
Laptop computers
All of the aboe
Chapter 7, page 192
Points Receied: 4 of 4
Comments:
Question 13. Question :
(TCO 3) When calculating the alue of an asset, which of the following is NOT a criterion?
Cost to acquire or deelop asset
Cost to maintain and protect the asset
Cost to disclose the asset
Reputation
Chapter 5, page 133
Points Receied: 0 of 4
Comments:
Question 14. Question :
(TCO 5) According to the equipment siting and protection policy, smoking, eating, and drinking will not be permitted
except in designated areas.
inside the security perimeter.
under any circumstances.
in areas where equipment is located.
Question 15. Question :
(TCO 3) A qualitatie approach to an analysis uses
hard numbers.
statistics.
expert opinions.
general population sureys.
Chapter 5, page 137
Points Receied: 4 of 4
Comments:
Devry SEC 440 Week 6 Quiz Latest
(TCO 6) An employee who fails to report a suspected security weakness
is doing his or her job.
will not be punished.
will be treated the same as if he or she had initiated a malicious act against the company.
is making sure not to aggravate the situation by making a mistake.
: 8, page 230
4 of 4
Question 2. Question :
(TCO 7) Which of the following is NOT an access control method?
MAC
RBAC
DAC
PAC
: 9, page 273
4 of 4
Question 3. Question :
(TCO 8) When is the best time to think about security when writing a new piece of code?
IN At the end, once all the modules have been written
After the users have had a chance to review the application
At the beginning of the project
After the application has been approved and authorized by the ISO
: 10, page 313
0 of 4
Question 4. Question :
(TCO 9) As it pertains to GLBA, what does NPI stand for?
Nonpublic information
Nonpublic personal information
Nonprivate information
Nonprivate personal information
: 12, page 390
4 of 4
Question 5. Question :
(TCO 6) The primary antimalware control is
an updated antivirus solution.
a firewall.
a router.
an acceptable use policy.
: 8, page 232
4 of 4
Question 6. Question :
(TCO 7) Which is the first target of a hacker who has gained access to an organization’s network?
Log files
Sensitive data
User accounts
Public data
: 9, page 276
4 of 4
Question 7. Question :
(TCO 8) Which formal security-related process should take place at the beginning of the code creation project?
Risk assessment
Input validation
Output validation
SQL injection validation
: 10, page 313
4 of 4
Question 8. Question :
(TCO 9) Who enforces the GLBA?
Eight different federal agencies and states
The FDIC
The FFIEC
The Secretary of the Treasury
: 12, page 392
4 of 4
Question 9. Question :
(TCO 6) The part of the antivirus solution that needs to be updated daily is
the DAT files.
central command.
the control panel.
the engine.
: 8, page 232
4 of 4
Question 10. Question :
(TCO 7) All users are expected to keep their password secret, unless
IN a member of the IT group asks for it.
another employee needs to log on as them.
- d.someone identifying themselves as the ISO asks for it.
There is no “unless.”
: 9, page 281
0 of 4
Question 11. Question :
(TCO 8) If an employee uses a company-provided application system and finds what he or she thinks is a loophole that allows access to confidential data, that employee should
alert his or her manager and the ISO immediately.
verify and test the alleged loophole before alerting anyone.
not say anything unless he or she is a member of the incident response team.
alert his or her manager whenever he or she happens to have a chance to do so.
: 10, page 317
4 of 4
Question 12. Question :
(TCO 9) What do the Interagency Guidelines require every covered institution to implement?
Quarterly risk assessments
A biannual review of the disaster recovery plan
A comprehensive written information security program
A monthly inventory of all information assets
: 12, page 394
4 of 4
Question 13. Question :
(TCO 6) Grandfather-father-son is a model used for
antivirus updates.
antispyware updates.
backup strategies.
change control management strategies.
: 8, page 236
4 of 4
Question 14. Question :
(TCO 7) Which of the following is the most popular single factor authentication method?
Cameras
IN Biometric devices
Tokens
Passwords
: 9, page 281
0 of 4
Question 15. Question :
(TCO 8) Input validation is
verifying that a piece of code does not have any inherent vulnerabilities.
making sure that employees know what information to enter in a new system.
testing an application system by entering all kinds of character strings in the provided fields.
testing what information an application system returns when information is entered.
: 10, page 318
Devry SEC 440 Final Exam Latest
FINAL
Page 1
Question 1.1. (TCO 1) A security policy must be accepted by (Points : 5)
management.
end-users.
customers.
all members of an organization.
Question 2.2. (TCO 2) What element of a security policy does the following phrase belong to? “This policy is established to achieve compliance with applicable statutes, regulations, and mandates regarding the management of information resources.” (Points : 5)
The statement of authority
The policy statement
The policy objectives
The policy audience
Question 3.3. (TCO 3) Which is the process of accumulating data regarding a specific logical or physical environment? (Points : 5)
Footprinting
Scanning
Enumeration
All of the above
Question 4.4. (TCO 4) Which of the following information about a person can be used to influence a hiring decision? (Points : 5)
Educational credentials
Negative credit history
Relevant certifications
All of the above
Question 5.5. (TCO 5) Why is it sometimes better to isolate critical equipment than it is to apply additional protective measures, in order to protect against exposure to greater hazards or risks from unauthorized access? (Points : 5)
Management requests it.
There is less risk involved.
It can be less costly.
Regulators prefer it.
Question 6.6. (TCO 5) A security perimeter is (Points : 5)
the widest imaginary circle around a facility.
a barrier of protection.
the field around which security alarms can monitor activity.
None of the above
Question 7.7. (TCO 6) Logging, as it pertains to media removal, is only needed when (Points : 5)
the media are paper based.
it is outsourced.
it is handled in-house.
It is always needed.
Question 8.8. (TCO 7) Prohibiting access to information not required for one’s work is the (Points : 5)
access need concept.
need-to-monitor concept.
need-to-know concept.
required information process concept.
Question 9.9. (TCO 8) Output validation is (Points : 5)
verifying that a piece of code does not have any inherent vulnerabilities.
making sure that employees know what information to enter in a new system.
testing an application system by entering all kinds of character strings in the provided fields.
testing what information an application system returns when information is entered.
Question 10.10. (TCO 9) This test subjects a system or device to real-world attacks. (Points : 5)
Audit
Penetration test
Assessment
Interview
Question 11.11. (TCO 10) As it pertains to HIPAA, which is a covered entity? (Points : 5)
A medical patient protected by HIPAA
A healthcare provider who must be compliant with HIPAA
A healthcare provider who does NOT have to be compliant with HIPAA
A medical patient NOT protected by HIPAA
Question 12.12. (TCO 10) Which of the following standards includes monitoring failed log-ons? (Points : 5)
Access Control
Audit Controls
Device and Media Controls
Integrity Controls
Question 13.13. (TCO 11) Which government agency is in charge of developing technical security standards and guidelines for unclassified federal systems, according to FISMA? (Points : 5)
The OMB
NIST
The OCS
The NSA
Question 14.14. (TCO 11) Transmitting ePHI in e-mail is not recommended because (Points : 5)
e-mail is usually in clear text.
e-mail can be forwarded.
Both A and B
Neither A nor B
Question 15.15. (TCO 12) Attaching an unauthorized wireless network to the corporate network is considered (Points : 5)
a major breach in network security and a violation of the security policy.
a major breach in network security but not a violation of the security policy.
a violation of the security policy but not a major breach in network security.
neither a major breach in network security nor a violation of the security policy.
Question 16.16. (TCO 12) A strong password is at least how many characters? (Points : 5)
5
6
7
8
Question 17.17. (TCO 1) A policy that secures and protects assets from foreseeable harm and provides flexibility for the unforeseen is (Points : 5)
accurately reflecting the current technology environment.
complying with applicable government policy.
the best goal for a new policy.
approved by management and understood by everyone.
Question 18.18. (TCO 2) Which of the following should you strive for in the policy statement, in order to have a well-written policy? (Points : 5)
Contain areas that address every aspect of operations and information and every area affecting the organization’s information assets.
Spell check the document to avoid typographical errors.
Include applicable standards, guidelines, and procedures within the policy document.
Describe everything in layman’s terms so that it is clear the policy is a statement of everyone’s intent.
Question 19.19. (TCO 3) When it comes to information security, what is labeling the primary vehicle for? (Points : 5)
Communicating the sensitivity level
Communicating the access controls
Enforcing the access controls
Auditing the access controls
Question 20.20. (TCO 5) In the context of information security, environmental security would refer to all of the following except (Points : 5)
design and construction of facilities.
configuration of wireless access points.
where equipment is stored.
how and where people move.
Page 2
Question 1. 1. (TCO 3) Explain and contrast the core information security concepts of confidentiality, integrity, and availability. (Points : 40)
Question 2. 2. (TCO 8) Describe the steps a system development team could take to make sure security features are designed into newly developed systems, and explain why this is important to an organization. (Points : 40)
Question 3. 3. (TCO 10) Describe and explain the HIPAA Security Rule. (Points : 40)
Question 4. 4. (TCO 12) What should every small business do to ensure that it is secure? (Points : 40)
DeVry Courses helps in providing the best essay writing service. If you need 100% original papers for Devry SEC 440 Full Course Latest, then contact us through call or live chat.
Devry SEC 440 Full Course Latest
Reviews
There are no reviews yet.