Nt2580: Unit 1 Match Risks/Threats to Solutions

In: Computers and Technology

Submitted By andy3drew
Words 447
Pages 2
Instructions:
You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed.

Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat.

Risks or threats:
1. Violation of a security policy by a user ___C_____
2. Disgruntled employee sabotage ____I____
3. Download of non-business videos using the
Internet to an employer-owned computer ____A____
4. Malware infection of a user’s laptop ____L___
5. Unauthorized physical access to the LAN ____N__
6. LAN server operating system vulnerabilities ____F_
7. Download of unknown file types from unknown sources by local users ____B___
8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____H___
9. WAN eavesdropping ____M___
10. WAN Denial of Service (DoS) or Distributed Denial of
Service (DDoS) attacks ____D___
11. Confidential data compromised remotely ____K____
12. Mobile worker token stolen ____G___
13. Corrupt or lost data ____E___
14. Downtime of customer database ____J__

Solutions or preventative actions:
A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types.
B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources.
C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews.
D. Apply filters on exterior Internet Protocol (IP) stateful firewalls and IP router WAN interfaces.
E. Implement daily data backups and off-site data storage for monthly data archiving.…...

Similar Documents

Match Risks/Threats to Solutions

...Match Risks / Threats to Solutions 1. Violation of a security policy by a user. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the internet to an employer-owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users. B. Apply file transfer monitoring, scanning, and alarming for unknown...

Words: 270 - Pages: 2

Match Risks/Treats to Solutions

...Unit 1 Assignment 1: Match Risks/Threats to Solutions Risks or Threats: Answers: 1. Violation of a security policy by a user C 2. Disgruntled employee sabotage i 3. Download of non-business videos using the Internet to an employer-owned computer A 4. Malware infection of a user’s laptop L 5. Unauthorized physical access to the LAN N 6. LAN server operating system vulnerabilities F 7. Download of unknown file types from unknown sources by local users B 8. Errors and weaknesses of a network router, firewall, and network appliance c configuration file H 9. WAN eavesdropping M 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks D 11. Confidential data compromised remotely G 12. Mobile work token stolen K 13. Corrupt or lost data E 14. Downtime of customer database J Solutions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable work station auto-scans and auto-quarantine for unknown file types. B. Apply file transfer monitoring scanning and alarming for unknown file types and sources. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. D. Apply filters on exterior Internet Protocol (IP) stateful firewalls and IP router WAN interfaces. E. Implement......

Words: 398 - Pages: 2

Nt2580 Unit 1

...Unit 1 Match Risks/Threats to Solutions 1. Violation of a security policy by a user C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business video using the Internet to an employer-owned computer A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN N. make sure wiring closets, data centers, and computer room are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources to local users B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources. 8. Errors...

Words: 373 - Pages: 2

Nt2580 Unit 1

...NT2580 Unit 1 Assignment 1 Multiple Choice 1. Violation of a security policy by a user. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the internet to an employer-owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users. B. Apply file transfer monitoring, scanning, and alarming for unknown......

Words: 366 - Pages: 2

Nt2580 Unit 1 Homework

...Instructions: You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user ____C____ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop ____L____ 5. Unauthorized physical access to the LAN ____N____ 6. LAN server operating system vulnerabilities ____F____ 7. Download of unknown file types from unknown sources by local users ____B____ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____h____ 9. WAN eavesdropping ____M____ 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks ____D____ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ____G____ 13. Corrupt or lost data ____E____ 14. Downtime of customer database ____J____ Solutions or preventative actions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation......

Words: 447 - Pages: 2

Nt2580 Week 1

...ITT Technical Institute 3825 West Cheyenne Avenue, Suite 600 North Las Vegas, Nevada 89032 NT2580 Introduction to Information Security Week 1, Unit 1 – Information Systems Security Fundamentals Class Plan Time Duration: This Class Period will be approximately 4 ¾ Hours in length. It will be divided 2 ¾ hours for Theory and 2 ½ hours for Lab. Content Covered: • Textbook o Chapter 1 - Information Systems Security Objectives: After completing this unit, the student should be able to: • Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts: ▪ Confidentiality, integrity, and availability (CIA) concepts ▪ Layered security solutions implemented for the seven domains of a typical IT infrastructure ▪ Common threats for each of the seven domains ▪ IT security policy framework ▪ Impact of data classification standard on the seven domains Materials: Week 1 PowerPoint Presentation Assignment Overview: Refer to Assignment 1: Match Risks/Threats to Solutions in the Graded Assignment Requirements section of this instructor guide. In this assignment, the students need to match common risks or threats within the seven domains of a typical IT infrastructure with the possible solutions or preventative actions. Use the hand out worksheet NT2580.U1.WS1.doc. Refer to Assignment 2: Impact of a Data Classification Standard, you must write a brief......

Words: 530 - Pages: 3

Match Risk/Threats to Solutions

...Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Three IT Infrastructure Domains affected by the “Internal Use Only” data classification standard are User Domain, Workstation Domain and LAN Domain Here at Richmond Investments. * User Domain This Domain is where only one user will have access to it. Generally this is an internal use only. By default, the IT department tries to maintain a certain level of Security for this so no one can access from the outside. Only the IT Department can grant access privileges for a Remote Access Point. The (User Domain) where only the company is responsible for the security of the environment will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data they have access to. * Workstation Domain Workstation Domain, all the users have access. Before a user can log in he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username, password and in some instances Biometrics. A security protocol requires the password to be changed every 90 days and must contain at least one capital letter and one number. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are allowed on the network. ...

Words: 377 - Pages: 2

Nt2580 Unit 6 Assign 1

...JO STARNES, NT2580, UNIT 2 CALCULATING THE WINDOW OF VULNERABILITY The window of vulnerability is the amount of time the systems defense measures are compromised, minimized, or eliminated. This is when the system is most likely to be at risk, and can be affected by malicious attacks. It is not stated as what day the server software detected the attack on the SMB server. It only states that it was detected the day before. So from day one, these are the steps we will need to take to get the SMB server back up and running properly and safely, as well as the amount of time it will take for us to solve the issue: Day 1 - The software company will release a patch for this attack in three days. Day 4 – We will receive the patch, and we need to install and test the patch, this will take at least five days. Day 9 – After installation and testing is completed; we will send the update to the entire company’s network devices. As soon as all the updates are sent out to all the devices, they will need to be rebooted in order for the patch to take effect. We can send out a message to all devices to insure this happens. This could take a day or two to complete. This could all be completed as early as 10 days if there are no issues during the process, however problems may arise and it could possibly take a day or two more. I hope that this is helpful and we will start immediately on the problem. It is of upmost importance that you have team members monitoring the server at all times......

Words: 310 - Pages: 2

Nt2580 Unit 1 Assignment Match Risk/Threats to Sulutions

...Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user _____C___ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop ___L_____ 5. Unauthorized physical access to the LAN ___N_____ 6. LAN server operating system vulnerabilities ___F_____ 7. Download of unknown file types from unknown sources by local users ____B____ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ___H_____ 9. WAN eavesdropping ___M_____ 10. WAN Denial of Service (DoS) or Distributed Denial of Service (DDoS) attacks ____D____ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ___G_____ 13. Corrupt or lost data ___E_____ 14. Downtime of customer database ____J____ Solutions or preventative actions: A. Enable content filtering and antivirus scanning at the entry and exit points of the Internet. Enable workstation auto-scans and auto-quarantine for unknown file types. B. Apply file transfer monitoring, scanning, and alarming for unknown file types and sources. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. D. Apply......

Words: 409 - Pages: 2

Nt2580 Unit 1

...NT2580-M1 Introduction to Information Security Unit 1: Information Systems Security Fundamentals 2015-Summer, 6/20/2015, Saturday (9:00am – 1:30pm) Student Name ___________________________________ Lesson Plan Theory (in class, Lab #2)……………………………..…………………..……...2 Reading  Kim and Solomon, Chapter 1: Information Systems Security. Objectives……………..………………….……………………………….2 Student Assignments for this Unit Unit 1 Lab Perform Reconnaissance & Probing Using ZenMap GUI (Nmap) Lab #1: Performing Network Reconnaissance using Common Tools Overview and access vLab..............................................................................................3 Part 1: Exploring the Tools used in the Virtual Lab Environment……………16 Unit 1 Assignment Match Risks/Threats to Solutions Part 2: Connecting to a Linux Machine …………………. .........................44 Unit 1 Assignment Impact of a Data Classification Standard Part 3: Using Zenmap to Perform Basic Reconnaissance ……………………59 Appendix A. SYLLABUS………………………………………………..……..………….69 B. Forgot your password?………………………………………………..……..73 Instructor: Yingsang “Louis” HO Tel: 425-241-8080 (cell), (206) 244-3300 (school) Email: yho@itt-tech.edu NT2580_2015_Summer_M1_UNIT1.doc Page 1 of 76 Unit 1: Information Systems Security Fundamentals Learning Objective  Explain the concepts of information systems security (ISS) as applied to an IT infrastructure. Key Concepts  Confidentiality, integrity, and......

Words: 3379 - Pages: 14

Nt2580 Unit 1 Assignment 2

...------------------------------------------------- Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Richman Investments Internal Use Only Data Classification Standard Domain Effects Richman Investments has implemented an “Internal Use Only” data classification standard. This report will describe the effects of the Internal use Only Standard on our respective system domains. “Internal Use Only” sets up a restricted access security policy to our network. Any access, including from a website would require company mandated credentials to log on and enter the system. This type of policy is enforced because companies do not want to allow “free access” to their network for potential threats to their system or their security. This policy will impact three of the seven domains. These include: * User Domain * Define: This Domain defines what users have access to the information system.   * Policy Impact: The IT Team will use the User domain to define who has access to the company’s information systems. The domain will impose an acceptable use policy (AUP) that will define the permissions of what actions a user may make while inside the system. These permissions may also be defined by the data they are accessing at the time. All third party users (vendors, contractors, outside users, etc.) must also agree to the AUP. Any violation will be reported to management and/or the authorities, depending on the violation. * Workstation......

Words: 508 - Pages: 3

Nt2580 Unit 1 Assignment 1

...NT2580 Information Security Sonja Moskal Unit 1 Assignment 1 Worksheet: Match Risk/Threats to Solutions F. Mohamed 1. Violation of a security policy by a user C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance review. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the Internet to an employer owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown files. 4. Malware infections of a user’s computer. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, procedures, and guidelines. Conduct LAN domain vulnerability assessment. 7. Download of unknown file types from unknown sources by local users. B.......

Words: 380 - Pages: 2

Assignment #2 Match Risks/Threats to Solutions

...Nt2580 - Unit 1 Assignment 2: Impact of a Data Classification Standard Three IT Infrastructure Domains affected by the “Internal Use Only” data classification standard are User Domain, Workstation Domain and LAN Domain Here at Richmond Investments. * User Domain This Domain is where only one user will have access to it. Generally this is an internal use only. By default, the IT department tries to maintain a certain level of Security for this so no one can access from the outside. Only the IT Department can grant access privileges for a Remote Access Point. The (User Domain) where only the company is responsible for the security of the environment will enforce an acceptable use policy (AUP) to define what each user can and cannot do with any company data they have access to. * Workstation Domain Workstation Domain, all the users have access. Before a user can log in he/she will need to be verified in order to gain access. At Richman Investments, we provide very secure access for the employee workstations with a username, password and in some instances Biometrics. A security protocol requires the password to be changed every 90 days and must contain at least one capital letter and one number. All computers maintain regular updates and continuous antivirus protection for monitoring. Additionally, no personal devices are......

Words: 304 - Pages: 2

Match Threats and Risks

...Instructions: You are presented with a list of some risks and threats associated with the seven domains of a typical IT infrastructure. Below the list, the solutions or preventive actions to manage those risks and threats are listed. Write the letter of the correct solution or preventative action in the blank to the right of each risk or threat. Risks or threats: 1. Violation of a security policy by a user _____C___ 2. Disgruntled employee sabotage ____I____ 3. Download of non-business videos using the Internet to an employer-owned computer ____A____ 4. Malware infection of a user’s laptop _____L___ 5. Unauthorized physical access to the LAN ___N_____ 6. LAN server operating system vulnerabilities ____F____ 7. Download of unknown file types from unknown sources by local users ____B____ 8. Errors and weaknesses of network router, firewall, and network appliance configuration file ____H____ 9. WAN eavesdropping _____M___ 10. WAN denial of service (DoS) or distributed denial of service (DDoS) attacks ____D____ 11. Confidential data compromised remotely ____K____ 12. Mobile worker token stolen ____G____ 13. Corrupt or lost data ____E____ 14. Downtime of customer database ___J_____ Solutions or preventative actions: A. Enable content......

Words: 449 - Pages: 2

Match Risks/Threats to Solutions

...IT-255 – ISS Unit 1 – Assignment 1 Match Risks/Threats to Solutions Match Risks / Threats to Solutions 1. Violation of a security policy by a user. C. Place employee on probation, review acceptable use policy (AUP) and employee manual, and discuss status during performance reviews. 2. Disgruntled employee sabotage. I. Track and monitor abnormal employee behavior, erratic job performance, and use of IT infrastructure during off-hours. Begin IT access control lockout procedures based on AUP monitoring and compliance. 3. Download of non-business videos using the internet to an employer-owned computer. A. Enable content filtering and antivirus scanning at the entry and exit points of the internet. Enable workstation auto-scans and auto-quarantine for unknown file types. 4. Malware infection of a user’s laptop. L. Use workstation antivirus and malicious code policies, standards, procedures, and guidelines. Enable an automated antivirus protection solution that scans and updates individual workstations with proper protection. 5. Unauthorized physical access to the LAN. N. Make sure wiring closets, data centers, and computer rooms are secure. Provide no access without proper credentials. 6. LAN server operating system vulnerabilities. F. Define vulnerability window policies, standards, procedures, and guidelines. Conduct LAN domain vulnerability assessments. 7. Download of unknown file types from unknown sources by local users. ...

Words: 385 - Pages: 2