SEC 280 ALL CASE STUDIES Week 1 – 6
SEC280 Week 1 Case Study Ping Sweeps and Port Scans
Your boss has just heard about some nefarious computer activities called ping sweeps and port scans. He wants to know more about them and what their impact might be on the company. Write a brief description of what they are, and include your assessment of whether the activities are something to worry about or not. This assignment requires two to three pages, based upon the APA style of writing.
SEC280 Week 2 Case Study Network Infrastructure Vulnerabilities
You are the Information Security Officer at a medium-sized company (1,500 employees). The CIO asks you to explain why you believe it is important to secure the Windows and Unix/Linux servers from known shortcomings and vulnerabilities. Explain to your CIO what you can do to make sure the network infrastructure is more secure.
SEC280 Week 3 Case Study Asymmetric and Symmetric Encryption
ABC Institute of Research has sensitive information that needs to be protected from its rivals. The Institute has collaborated with XYZ Inc. to research genetics. The information must be kept top secret at any cost. At ABC Institute, the researchers are unsure about the type of key (asymmetric or symmetric) to use. Please formulate a possible solution, and describe the advantages and disadvantages of any solution employed.
SEC 280 Week 4 Case Study: Personal Computer Security Threats
Computer security is not an issue for organizations alone. Anyone whose personal computer is connected to a network or the Internet faces a potential risk of attack. Identify all the potential security threats on a personal computer. Identify some of the techniques an attacker might employ to access information on the system.
SEC 280 Week 5 Case Study Information Security Risk Management Policy
You have just been hired as an Information Security Engineer for a large, multi-international corporation. Unfortunately, your company has suffered multiple security breaches that have threatened customers’ trust in the fact that their confidential data and financial assets are private and secured. Credit-card information was compromised by an attack that infiltrated the network through a vulnerable wireless connection within the organization. The other breach was an inside job where personal data was stolen because of weak access-control policies within the organization that allowed an unauthorized individual access to valuable data. Your job is to develop a risk-management policy that addresses the two security breaches and how to mitigate these risks.
SEC 280 Week 6 Case Study Incident-Response Policy; Gem Infosys
Gem Infosys, a small software company, has decided to better secure its computer systems after a malware attack shut down its network operations for 2 full days. The organization uses a firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user access and authentication, ten PCs, and a broadband connection to the Internet. The management at Gem needs you to formulate an incident-response policy to reduce network down time if future incidents occur. Develop an incident-response policy that covers the development of an incident-response team, disaster-recovery processes, and business-continuity planning.