Premium Essay


In: Computers and Technology

Submitted By AmberRM
Words 4114
Pages 17
ITT Technical Institute

IT255 Introduction to Information Systems Security Onsite Course


Credit hours: 4 Contact/Instructional hours: 50 (30 Theory Hours, 20 Lab Hours) Prerequisite(s) and/or Corequisite(s): Prerequisites: IT220 Network Standards and Protocols, IT221 Microsoft Network Operating System I, IT250 Linux Operating System Course Description: This course provides an overview of security challenges and strategies of counter measures in the information systems environment. Topics include definition of terms, concepts, elements, and goals incorporating industry standards and practices with a focus on availability, vulnerability, integrity and confidentiality aspects of information systems.

Introduction to Information Systems Security


Where Does This Course Belong?
This course is required for the Bachelor of Science in Information Systems Security program. This program covers the following core areas:    Foundational Courses Technical Courses BSISS Project

The following diagram demonstrates how this course fits in the program:
Information Systems Security Capstone Project

400 Level

Access Control, Authentication & KPI

Security Policies & Implementation Issues

System Forensics Investigation & Response

Securing Windows Platforms & Applications

Securing Linux Platforms & Applications

Legal & Security Issues

Securing Windows Platforms & Applications

300 Level
Managing Risk in Information Systems

Security Strategies for Web Applications & Social Networking

Fundamentals of Network Security Firewalls & VPNs

Hacker Techniques Tools & Incident Handling

Introduction to Project Management
Linux operating System

CNS Program Prerequisites:


300 Level
WAN Technology &…...

Similar Documents

Premium Essay


...Multi-Layered Security Outline To: Richman Investments Senior Management Outline includes: Security solutions for each of the seven domains. User Domain: This is where the first layer of defense starts for a layered security strategy. We will conduct security awareness training, restrict access for users to specific systems and programs, create an acceptable use policy, and track and monitor employee behaviors. Workstation Domain: Start by creating strong passwords to protect workstation access, then enable antivirus protections, and mandate security awareness training to all employees. This domain is almost as vulnerable as the user domain and also needs constant monitoring. LAN Domain: To prevent unauthorized access we can physically secure wiring closets and data centers, implement encryption protection, define strong access control policies and strong second-level authentications. LAN-to-WAN Domain: Disable ping, probing and port scanning, apply strict security monitoring controls, and update devices with security fixes and software patches right away are excellent measures to take. WAN Domain: Use encryption and VPN tunnels for end-to-end secure IP communications, and scan all e-mail attachments for type, antivirus, and malicious software. Back up and store data in off-site data vaults. Remote Access Domain: Establish user ID and password policies requiring periodic changes, set automatic blocking for attempted logon retries, and encrypt all data within......

Words: 257 - Pages: 2

Premium Essay


...Richman Investments To: Don, IT supervisor From: XXXX,XXXXXXXXXX, IT Intern I was tasked with drafting a report on the Richman Investments “Internal Use Only” data classification standard. This report will address which IT Infrastructure domains are affected by the standard and in addition how they are affected. There are seven layers (domains) in the IT Infrastructure that are affected by this; however I will mainly focus on three. User Domain is the first layer in the IT Infrastructure and is the weakest link in an IT Infrastructure. This is where you will encounter your Risks, Threats and Vulnerabilities. But you can also mitigate most of the common User Security risks. Here, the employees can access systems, applications and data based on their access rights. This is where one will find an Acceptable Use Policy (AUP). The AUP defines what every system user is allowed to do with company owned systems. Workstation Domain is the second layer in the IT Infrastructure. This is where most users connect to the IT Infrastructure. Keep in mind, a workstation can be either a centralized desktop computer or a laptop computer or any device utilized to connect onto the network. The users will initially access systems, application and or data. However, in order to protect the systems, workstations require additional layers of security such as; logon IDs and passwords. LAN Domain is the third layer in the IT Infrastructure. Your LAN (Local Area Network) allows for......

Words: 374 - Pages: 2

Premium Essay

Lab 4 It255

...1. Define why change control management is relevant to security operations in an organization? Change control is a systematic way to approaching change. Within an organization, it can prevent the possibility of services becoming interrupted and if so, provide a plan to bring them back up as soon as possible. 2. What type of access control system uses security labels? Label-base access control (LBAC) 3. Describe two options you would enable in a Window’s Domain password policy? Minimum password length and password complexity requirements 4. Where would patch management and software updates fall under in security operations and management? Monitoring, Tracking, Testing 5. Is there a setting in your GPO to specify how many login attempts will lockout an account? Name 2 parameters that you can set to enhance the access control to the system. Account lockout duration and threshold 6. What are some Password Policy parameter options you can define for GPOs that can enhance the C-I-A for system access? Minimum password length, maximum password age, password must meet complexity requirements, and store passwords using reversible encryption 7. What sources you use as a source to perform the MBSA security state? Computer by Name or IP and multiple Computers by Domain or IP Range 8. What does WSUS stand for, and what does it do? Windows Server Update Service and it downloads Microsoft updates to a single server and deploys them 9. What is the difference between MBSA...

Words: 293 - Pages: 2

Premium Essay

It255 Unit 7

...Richman Investments’ Remote Access Security Standard defines required tools and practices to ensure that faculty and staff can access data from remote locations in a secure manner. Company data, which is fully defined in the Information Security Standard, can generally be grouped into three, broad categories: 1. Confidential Data: This category includes the most sensitive data (ex: Social Security numbers) and requires special protection. 2. Enterprise Data: This category also includes sensitive information (ex: business records) that must be protected. 3. Public Data: This information is generally widely disseminated and can be accessed with higher levels of security protection. Different security requirements apply to each of the categories of data. The objective of the company’s security standards is to keep company data on internal, secure systems whenever possible and apply high levels of security in the rare cases when sensitive data must be moved out of internal systems. Level 1 Minimum Computer Security Requirements: The requirements below apply to all computers that are used to access company data from remote locations. Faculty and staff who only need to meet these minimum requirements include those who only need SU “public” services. Such services include and other public web sites, Myslice “self service” functions, Outlook/Exchange e-mail, and departmental Terminal Servers, among others. Terminal server is easy to use and enables all company......

Words: 372 - Pages: 2

Premium Essay


...2. Cryptography: Overview An overview of the main goals behind using cryptography will be discussed in this section along with the common terms used in this field. Cryptography is usually referred to as "the study of secret", while nowadays is most attached to the definition of encryption. Encryption is the process of converting plain text "unhidden" to a cryptic text "hidden" to secure it against data thieves. This process has another part where cryptic text needs to be decrypted on the other end to be understood. Fig.1 shows the simple flow of commonly used encryption algorithms. Fig.1 Encryption-Decryption Flow As defined in RFC 2828 [RFC2828], cryptographic system is "a set of cryptographic algorithms together with the key management processes that support use of the algorithms in some application context." This definition defines the whole mechanism that provides the necessary level of security comprised of network protocols and data encryption algorithms. 2.1 Cryptography Goals This section explains the five main goals behind using Cryptography. Every security system must provide a bundle of security functions that can assure the secrecy of the system. These functions are usually referred to as the goals of the security system. These goals can be listed under the following five main categories[Earle2005]: Authentication: This means that before sending and receiving data using the system, the receiver and sender identity should be......

Words: 6825 - Pages: 28

Free Essay

It255 Project

...Part I The following outline presents the fundamental solutions for the safety of data and information that belongs to Richman Investments. As part of the general security plan of the organization the IT department puts together a proposal to provide multi-layered security strategies that can be applied at every level of the IT structure. The plan will lay out the importance of improving and safeguarding the levels of each domain and the process of protecting the information of the organization. User Domain At Richman Investments the personnel is accountable for the appropriate use of IT assets. Therefore, it is in the best interest of the organization to ensure employees handle security procedures with integrity. It is essential to create a strong AUP (Acceptable Use Policy) procedure and as part of the process, require employees sign an agreement to guarantee they understand and conform to implemented rules and regulations. In addition, the company will conduct security awareness training, annual security exercises, notices about securing information, and constant reminders security is everyone’s responsibility. Workstation Domain The plan to secure the workstation domain enforces a strong password policy on each workstation and also enables screen lockout protection for inactive times. Keeping all workstations with an up to date antivirus is essential. Furthermore, content filtering features will arrange access of specific domain names according to AUP......

Words: 779 - Pages: 4

Premium Essay


...Exam 1 1. Which edition of Windows includes DirectAccess and BranchCache? A. Windows 7 Enterprise B. Windows 7 Professional C. Windows 7 Home Basic D. Windows 7 Home Premium Answer: A Windows 7 Enterprise is targeted for managed environments, mainly large enterprises. It includes all features that Windows 7 offers, including BitLocker, BitLocker To Go, AppLocker, DirectAccess, and BranchCache. 2. How much memory does a 32-bit version of Windows 7 support? A. 1 GB B. 2 GB C. 4 GB D. 8 GB Answer: C A 32-bit version of Windows is based on a 32-bit address bus, which can use up to 4 GB of memory. 3. Which of the following does NOT include Aero? A. Windows 7 Home Premium B. Windows 7 Professional C. Windows 7 Home Basic D. Windows 7 Enterprise Answer: C Aero is not included in Windows 7 Home Basic or Windows 7 Starter. 4. What is the minimum processor that you need to install Windows 7 Home Basic, 32 bit? A. 800 MHz B. 1 GHz C. 1.2 GHz D. 2.0 GHz Answer: B ...

Words: 3862 - Pages: 16

Free Essay


...Answer the following questions a) What is the basic concept of interest? b) How is interest usually expressed? (In terms of the principal) Interested is usually expressed as a percent on the principal. c) What does the interest rate multiply on for simple interest? A 30-year loan for $100,000 with a rate of 6%. The monthly payment would be $599.56 for both the standard and simple interest mortgages. The interest due is calculated differently, however. On the standard mortgage, the 6% is divided by 12, converting it to a monthly rate of .5%. The monthly rate is multiplied by the loan balance at the end of the preceding month to obtain the interest due for the month. In the first month, it is $500. d) What does the interest rate multiply on for compound interest? It multiplies interest* total amount What is the formula for simple interest? I=P *r* t e) Example below f) What is the formula for compound interest? P is the principal (the initial amount you borrow or deposit) r is the annual rate of interest (percentage) n is the number of years the amount is deposited or borrowed for. A is the amount of money accumulated after n years, including interest. When the interest is compounded once a year: A=P(1+r)n*t Also you can use compound interest like this Annually = P × (1 + r) = (annual compounding) Quarterly = P (1 + r/4)4 = (quarterly compounding) Monthly = P (1 + r/12)12 = (monthly compounding) Given the......

Words: 367 - Pages: 2

Premium Essay

Itt It255 Research Project Part 1

...Brian Gobrecht IT255 Project Part 1 The domains of an infrastructure are broken down into several parts. The User, Workstation, LAN, LAN-to-Wan, Remote Access, Wan, and System/Application domains. All of these are a very crucial part of a domain structure and if one fails to do its proper job most of it or all of it will come to a screeching halt. The User Domain is pretty self-explanatory yes a system can do without a user but by itself it’s more probable to breakdowns and other things to go wrong. So to help the user out in a way it’s not damaging to the infrastructure. One way is to have the computer scan for viruses in anything that plugs into the usb slot such as a portable hard drive or a memory card. As for unauthorized downloads such as music or photos I suggest enable content filtering. Workstation domains are another vital part of keeping the system healthy at most times. To protect this I suggest either at the door of the server room keycards to get in and at the workstation itself both a physical and pass worded approach to ensure the right person is getting in. And to add further measure of security the room would be camera surveyed and users will be logged. A LAN domain can be a very volatile domain with all the wiring and NIC cards and LAN switches common in most rooms. If we are to hopefully secure this part of the domain I would like to be able to restrict access to the computers and laptops that are only necessary to the work environment. So if someone...

Words: 474 - Pages: 2

Premium Essay

It255 Define an Acceptable Use Policy Essay

...IT255 Acceptable Use Policy (AUP) I have reviewed the list of forbidden traffic and came up with this acceptable use policy. Some ports (20&69) would be disabled denying file transfer if all traffic listed is forbidden. I propose the use of content filtering, file transfer monitoring, scanning and alarming for unknown file types from unknown or restricted sources. The restriction on downloading executables could be changed in the same fashion. Both of these guidelines could otherwise interfere with otherwise normal business practice and hinder the productivity of the company. The redistribution copyrighted material is restricted because the system administrator ensures all workstations have what they need. No exporting internal software or technical material in violation of export control laws. If a worker needs such software or material for a location that does not have it then they will be issued license for said use of such property. Workstations will run antivirus and malicious removal software. These programs will be update as new definitions and malicious code data are provided. The organizations data classification standard should address remote access. The company will deny outbound traffic using source IP addresses in access control lists. If remote access is allowed, encrypt where necessary. This will prevent any unauthorized access to internal resources or information from external sources. No unauthorized port scanning or probing on the company’s......

Words: 487 - Pages: 2

Premium Essay

It255 Unit5 Assignment

...TO: FROM: DATE: SUBJECT:Unit 5 Assignment 1: Testing and Monitoring Security Controls REFERENCE: Testing and Monitoring Security Controls (IT255.U5.TS1) How Grade: One hundred points total. See each section for specific points. Assignment Requirements Part 1:Identify at least two types of security events and baseline anomalies that might indicate suspicious activity. Explain why they might indicate suspicious activity.(Forty points. Twenty points for each event.) # | Security Event & Baseline Anomaly That Might Indicate Suspicious Activity | Reason Why It May Indicate Suspicious Activity | 1. | Authentication Failures | Unauthorized access attempts | 2. | Network Abuses | Employees are downloading unauthorized material. | 3. | | | 4. | | | 5. | | | 6. | | | Part 2: Given a list of end-user policy violations and security breaches, select three breaches and consider best options for monitoring and controlling each incident. Identify the methods to mitigate risk and minimize exposure to threats and vulnerabilities. (Sixty points. Twenty points for each breach.) # | Policy Violations & Security Breaches | Best Option to Monitor Incident | Security Method (i.e., Control) to Mitigate Risk | 1. | A user made unauthorized use of network resources by attacking network entities. | Monitor the logs | Fire the user | 2. | Open network drive shares allow storage......

Words: 295 - Pages: 2

Free Essay


...1. Data Encryption Standard (DES): A predominant algorithm for the encryption of electronic data. It was influential in the advancement of modern cryptography in the academic world. 2. Rivest, Shamir and Adleman (RSA) encryption algorithm: Internet encryption and authentication system that uses an algorithm. It is most commonly used encryption and authentication algorithm used. 3. Triple DES: A block cipher, which applies the data encryption standard cipher algorithm three times to each data block. 4. Diffie-Hellman key exchange: A specific method of exchanging cryptographic keys. It allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel. 5. International Data Encryption Algorithm (IDEA): Uses a block cipher with a 128-bit key, and is generally considered to be very secure. It is known as the best public known algorithm. 6. El Gamal encryption algorithm: An asymmetric key encryption algorithm for public-key cryptography which is based on the Diffie-Hellman exchange. It is used in the free GNU Privacy Guard software, recent versions of PGP, and other cryptosystems. 7. Carlisle Adams and Stafford Taveres (CAST) algorithm: This is a substitution-permutation algorithm similar to DES. It was designed with a public criteria. 8. Elliptic curve cryptography (ECC): A public key encryption technique based on elliptic curve theory that can be used to create faster, smaller, and more efficient......

Words: 519 - Pages: 3

Free Essay

It255 Unit 4 Aup

...Acceptable Use Policy The acceptable use policy is a set of rules that a corporation, organization or internet service providers, provide to their employees about the use of computers, networks and associated resources. These rules would state that not only just employees but users as well should not access the system areas where they are not authorized to, they would be held accountable for what all they do, they should only use to computer that was issued to them for purposes assigned to them, etc. These rules basically state that the computers are not to be used improperly or illegally during or after work hours at job sites. Verizon wireless “acceptable use policy” states that there should be no illegal use of their personal internet meaning that their services should only be used for lawful purposes only. This includes any unauthorized actions to illegal sites or violation of control laws. Their email use is prohibited for users to use illegally. NO commercial advertising or informational announcements are allowed. AT&T “acceptable use policy” prohibits any use of their services in any way illegally, unlawful, or harmful in any way to their company or any other company. Their AUP also doesn’t want any unauthorized access to pornography sites, inappropriate interaction with minors or threatening of material or contents. AT&T email services are not to be used for inappropriate emails or messages. Cox Communication email prohibits sending any unsolicited mail messages.......

Words: 430 - Pages: 2

Free Essay

It255 Project Part 1

...Richman Investments Security Outline Richman Investments has experienced an increase in security breaches that have resulted in the loss of company proprietary information and damage to systems due to many virus and Trojan Horse infections. The following outline contains some of the security mitigation proposals to be implemented shortly. This is just a basic plan for the moment and if security breaches continue, more stringent policies will be installed. The Seven Domains of a typical IT infrastructure are as follows, with the corresponding security proposed for each domain. 1.) User domain proposal: Track and monitor abnormal employee behavior and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on Acceptable use policy (AUP) monitoring and compliance. 2.) Workstation Domain proposal: Use workstation antivirus and malicious code polices, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 3.) LAN Domain (including wireless LANs) proposals: Implement encryption between workstations and Wireless Access Points (WAPs) to maintain confidentiality. 4.) LAN-to-WAN Domain proposal: Conduct post configuration penetration tests of the layered security solution within the LAN-to WAN Domain. Test inbound and outbound traffic and fix any gaps. 5.) Remote Access Domain proposal: Apply first-level (i.e., user ID and password)......

Words: 335 - Pages: 2

Premium Essay


...Internet DMZ Equipment Policy 1.0 Purpose The purpose of this policy is to define standards to be met by all equipment owned and/or operated by Richman Investments located outside Richman Investment's corporate Internet firewalls. These standards are designed to minimize the potential exposure to Richman Investment from the loss of sensitive or company confidential data, intellectual property, damage to public image etc., which may follow from unauthorized use of Richman Investment resources. Devices that are Internet facing and outside the Richman Investment firewall are considered part of the "de-militarized zone" (DMZ) and are subject to this policy. These devices (network and host) are particularly vulnerable to attack from the Internet since they reside outside the corporate firewalls. The policy defines the following standards: * Ownership responsibility * Secure configuration requirements * Operational requirements * Change control requirement 2.0 Scope All equipment or devices deployed in a DMZ owned and/or operated by Richman Investment (including hosts, routers, switches, etc.) and/or registered in any Domain Name System (DNS) domain owned by Richman Investment, must follow this policy. This policy also covers any host device outsourced or hosted at external/third-party service providers, if that equipment resides in the "" domain or appears to be owned by Richman Investment. All......

Words: 1219 - Pages: 5