Information Systems

see attachment 

Required Reading

· .

· Application of Security Principles to Security Failures

Introduction

Unit 5 contains a description of the security architecture within a particular organization. You are asked to analyze that description, identify the areas of weakness that exist, and align those weaknesses with the security principles that were covered in Unit 1 of this course. (For example, housing networking equipment in the janitors’ closet would be a failure in the principle of physical security.) Once weaknesses are discovered, it is sometimes necessary to petition the executives of an organization to provide the financing necessary to mitigate those risks. Another objective of Unit 5 is to explore the communication strategies that security professionals can use in these situations to ensure the best outcome.

Objectives

To successfully complete this learning unit, you will be expected to:

1. Evaluate how the security principles have been implemented within a particular organization.

2. Analyze common security failures that exist within a particular organization.

3. Identify specific design principles that have been violated within this particular organization.

4. Explore the optimal means by which information security professionals can communicate potential areas of vulnerability to organizational executives.

5. Exhibit proficiency in writing, critical thinking, and research topic areas in IT security fundamentals.

· Accordion Toolbar

· Required Reading

Use

Nmap 6: Network Exploration and Security Auditing Cookbook

to read the following:

· Chapter 1, “Nmap Fundamentals,” pages 9–44.

· Chapter 2, “Network Exploration,” pages 45–76.

· Web Resources

Video

The objective of this video is to provide examples of network security incidents and the steps taken to mitigate the vulnerabilities associated with those incidents. This will provide support for completion of the unit assignment and discussion.

·

Information Security 2014: Dealing With Today’s Threats and Vulnerabilities

(52 minutes).

Optional Skillsoft Resource

· Skillsoft. (n.d.). 

CompTIA Network+ N10-006: Network Security [Tutorial]

.

· Lachance, D. (2015). 

CISSP: Network security and vulnerability management [Video]

. Skillsoft Ireland.

· Failures in Design and Security Principles

Billy Jones has recently opened a new optical business in the local mall. He ran into some financial difficulties along the way, so he was forced to do much of the work himself in order to get the business open and generating income. Among the tasks that Billy performed was the creation of the network that will support his business. Billy has no IT experience, but he is very resourceful and relied on the local salesman at the neighborhood big-box electronic store to tell him what equipment he needed to purchase for his network. Billy then fired up some YouTube videos to show him the steps involved in assembling and configuring the equipment. Billy discovered along the way that the mall has a network infrastructure and support that it sells to tenants in the building, but Billy decided against participating because of the costs associated with providing the service. He also discovered that there was a charge for storing the networking equipment in the secure computing center within the mall, so he opted instead to store his servers in the back room of the shop he was renting. The salesman at the big-box store recommended to him that he implement a wireless network in order to avoid the hassle of running cables throughout the store.

Among the equipment that Billy purchased was a used server running a Windows 2003 operating system. This server has been loaded with the point-of-sale (POS) software that will collect and store, in the back-end database, the transactions generated by the electronic cash register. These transactions are recorded by scanning the item being purchased with a wireless bar code scanner into the host software, which then generates a paper receipt for the customer, and will be sent to the server through wireless communication between the host and the server. Billy got a great deal on some used POS software through a distributor in the Philippines. Billy has spent several weeks configuring the software through trial and error, but he has finally got it set up so that it is capable of functioning in the manner expected. Billy plans to save the transactions to a USB stick and then upload that data to his laptop at home in order to create financial statements for his silent partner. Billy recently discovered that he was able to use the cable connection of his neighbor down the hall, so he opted to cancel his own connection at home in a cost-saving exercise.

Billy was dismayed after being open for business for only a week to discover that his system was virus ridden and no longer functioning properly. He blamed the teenager he had hired to sit at the reception desk when he discovered that she had downloaded to the POS system a number of games, Twitter, and Facebook applications. He is reaching out to you to help him sort through his problems. Write a 2–3 page paper that covers the following topics:

· Your first task is to identify the failures in process and design that have created the current situation for Billy’s business.

· Next evaluate which of the security principles you covered in Unit 1 were violated throughout these activities to set up and manage his network.

· It is clear that Billy is fond of taking the least expensive route to running his business. Create a strategy for the most effective means by which to communicate your findings.

Assignment Requirements

· Written communication: Written communication is free of errors that detract from the overall message.

· APA formatting: Resources and citations are formatted according to APA (6th edition) style and formatting.

· Length of paper: 2–3 pages, excluding the references page.

· Font and font size: Times New Roman, 12 point.