7-2 Project Three Submission Evaluation of Network Protection Technologies Brandon Meadows

Computer Science Pick one security law that most interests you with an emphasis on the areas that impact information security and assurance. Write a 1 page summary that includes what it is, what is its purpose/relevance, why is it important, who or what it applies to, ramnifications if not followed, and impact on information and assurance.

Principles of Information Security Case :  A client of yours is concerned about the external intrusion on their corporate network, and those inside their environment that they seek to fire! They've heard about firewalls and they need your professional opinion as to whether, with the implementation of firewalls, they can feel 100% secure. Still, on their quest to maintain a secure environment, especially with much concern on external attacks, they would like to understand what Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS) are about. Q : What Firewalls are designed to prevent and how?

Principles of Information Security Case :  A client of yours is concerned about the external intrusion on their corporate network, and those inside their environment that they seek to fire! They've heard about firewalls and they need your professional opinion as to whether, with the implementation of firewalls, they can feel 100% secure. Still, on their quest to maintain a secure environment, especially with much concern on external attacks, they would like to understand what Intrusion Detection Systems (IDS) and Intrusion Prevention System (IPS) are about. Q : What can IDS and IPS protect against?

Describe the principles of "Zero Trust Network Access" (ZTNA) and its relevance in modern system security.

Two security architecture models should be contrasted.

Describe, contrast, and compare any two of the following security architecture models:

Expert data hackers are exploiting vulnerabilities in the banking industry. The efforts of The Cybersecurity and Infrastructure Security Agency of the United States (CISA) increased the conviction rate due to coordinated efforts of exchanging information about data intrusion events across the United States Banking Industry.   Instructions The purpose and intent to detect irregular patterns is a priority with CISA more than in the past, as highly classified information is being lost and passwords and logins are being stolen (such as those belonging to the Pentagon).   Research the (CISA) topic list for three frauds perpetrated by hackers show on the Department of Homeland Security's TopicsLinks to an external site. page. Describe how each fraud is perpetrated and devise a cyber-detection risk plan according the direction of the CISA rules. Support your rationale and provide examples.

Book title: Cybersecurity Essentials - Charles J. BrooksChapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 1. Policy creation sample ofmanaging access to authorized devices and resources based on the following items (NIST PR.AC-1). 2. Method creation sample of controlling physical access to secured assets (NIST PR.AC-2). 3. Action plan creation sample of informing and training general employees (NIST PR.AT-1). 4. Plan sample of helping privileged users understand their job roles and responsibilities (NIST PR.AT-2). (Refer to screenshot for reference)

Two alternative security architecture models should be compared and contrasted.

Book title: Cybersecurity Essentials - Charles J. Brooks Chapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 2. Inventory creation sample of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). 3. Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3). 4. Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). (Refer to screenshot for reference)

It is essential to describe, evaluate, and contrast at least two distinct security architecture models.

What does the term "security" mean in the context of information and communication technologies? In your opinion, what are some of the most pressing concerns regarding physical security today? Organizations can be attacked in a variety of ways, each appropriate to the specifics of the target.

Book title: Cybersecurity Essentials - Charles J. Brooks Chapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 1. Inventory creation sample of physical assets (devices and systems) within the organization (NIST ID.AM-1)? 2. Inventory creation sample of cyber assets (software platforms and applications) within the organization (NIST ID.AM-2). 3. Prioritize the organization’s assets based on their criticality or value to the business functions of the organization (NIST ID.BE-3). 4. Identify any assets that produce dependencies or provide critical functions for any of the organization’s critical services (NIST ID.BE-4).Create a risk assessment of asset vulnerabilities identified (NIST ID.RA-1, 3). (Refer to screenshot for reference)

Listed below are some instances of how a security framework may be used to assist in the design and deployment of a network security architecture. Is there such a thing as information security governance, and how does it function? Who in the organization should be in charge of making the necessary preparations?

Book title: Cybersecurity Essentials - Charles J. BrooksChapter 1 - Infrastructure security in the Real world From the information provided in the second scenario, consider the NIST functions detailed in this section and then write what to observe as they relate to each category. 1. Sample type of response plan that might be necessary when general physical security is breached at the facility (NIST RS.AN-1, 2, 3)? 2. Considering the information kept on the company’s servers, which type of response plan might be necessary when physical security is breached in the server room (NIST RS.CO-4, 5)? (Refer to screenshot for reference)

The issues of authentication and access in IT security need to be investigated. Access and Authentication in Information Security should be examined.

The two security architecture models you have selected to distinguish between should be explained, contrasted, and compared.

Explain and contrast two security architecture models.

Any two security architecture models should be described, compared and contrasted

Describe, compare and contrast any two security architecture models

The design of systems translates the specifications into componenents that will implement them. The design will satisfy the specifications if and only if under all relevant circumstances, the design will not permit the system to violate those specifications. In cybersecurity, there are specific design principles that can support security policies and usually the principle are build on the ideas for simplicity and restrictions.   Identify three principles that you think are the most important in securing the design? Provide real life implementation example? Discuss and provide citation if needed?

What are the key differences between the top-down and bottom-up approaches to the protection of confidential information? Why is it better to work from the top down rather than working from the bottom up?

3. Access control is one of the security approaches that enable an organization to restrict access of its group of users to information or tangible assets. a) Explain any TWO (2) the importance of access control implementation in an organization. b) Describe THREE (3) principles required to apply the access control. c) By considering Uniec Campus System, why a different group of users such as student and lecturer are assigned with different access rights to the same information such as coursework?

Case study 1 Chapter 7 - Investigating Theft Act Assuming you are an agent with the Federal Bureau of Investigation, do the following: 1. Plan and coordinate an investigation in a manner that would not arouse suspicion from Cummings and Baptiste. 2. Create a vulnerability chart to coordinate the various elements of the possible fraud. 3. Assuming your investigation used surveillance and/ or covert investigation techniques, what types of surveillance and/or covert operations would you use? How would technology play a role in this part of the investigation? 4. Finally, how would analysis of physical evidence help in this investigation? What types of physical evidence would be especially helpful?