четверг, 14 января 2016 г.
IS3110 WEEK 5 LAB 5.1 (ITT TECH)
Overview
The most important task for a business continuity and disaster recovery plan is to document all identified mission critical IT systems, applications, and data recovery procedures. Fast recovery times for IT systems and applications are achievable with efficient and accurate recovery instructions. This lab has the students apply the same concepts of disaster recovery back-up procedures and recovery instructions to their own data.
Lab Assessment Questions
How do documented back-up and recovery procedures help achieve RTO?
True or False. To achieve an RTO of 0, you need 100% redundancy in your IT system, application, and data.
Review the “Restore Horror Stories” scenario on page 371 of the text. What is most important when considering data back-up?
Review the “Restore Horror Stories” scenario on page 371 of the text. What is most important when considering data recovery?
What are the risks of using your external e-mail box as a back-up and data storage solution?
IS3110 WEEK 4 LAB 4.1 (ITT TECH)
Week 4 Lab: Assessment Worksheet
Performing a Business Impact Analysis for an IT Infrastructure
Performing a Business Impact Analysis for an IT Infrastructure
Overview
Answer the following questions, specific to the creation and focus of Business Impact Analysis as well as BCP documentation.
Lab Assessment Questions & Answers
What is the goal and purpose of a BIA?
Why is a business impact analysis (BIA) an important first step in defining business continuity plan (BCP)?
How do risk management and risk assessment relate to a business impact analysis for an IT infrastructure?
True or False - If the Recovery Point Objective (RPO) metric does not equal the Recovery Time Objective (RTO), you may potentially lose data or not have data backed-up to recover. This represents a gap in potential lost or unrecoverable data.
What questions would you have for executive management prior to finalizing a BIA report?
How does a BCP help mitigate risk?
What kind of risk does a BCP help mitigate?
If you have business liability insurance, asset replacement insurance, and natural disaster insurance, do you still need a BCP or DRP? Why or why not?
What does a BIA help define for a BCP?
Who should participate in the development of BCP within an organization?
Why does disaster planning and disaster recovery belong in a BCP?
What is the purpose of having documented IT system, application, and data recovery procedures and steps?
Why must you include testing of the plan in your BCP?
How often should you update your BCP document?
IS3110 WEEK 3 LAB 3.1 (ITT TECH)
Overview
One of the most important first steps to risk management and implementing a security strategy is to identify all resources and hosts within the IT infrastructure. Once you identify the workstations and servers, you now must then find the threats and vulnerabilities found on these workstations and servers. Servers that support mission critical applications require security operations and management procedures to ensure C-I-A throughout. Servers that house customer privacy data or intellectual property require additional security controls to ensure the C-I-A of that data. This lab requires the students to identify threats and vulnerabilities found within the Workstation, LAN, and Systems/Applications Domains.
Lab Assessment Questions & Answers
What are the differences between ZeNmap GUI (Nmap) and Nessus?
Which scanning application is better for performing a network discovery reconnaissance probing of an IP network infrastructure
Which scanning application is better for performing a software vulnerability assessment with suggested remediation steps
While Nessus provides suggestions for remediation steps, what else does Nessus provide that can help you assess the risk impact of the identified software vulnerability
Are open ports necessarily a risk? Why or why not
When you identify a known software vulnerability, where can you go to assess the risk impact of the software vulnerability
If Nessus provides a pointer in the vulnerability assessment scan report to look up CVE-2009-3555 when using the CVE search listing, specify what this CVE is, what the potential exploits are, and assess the severity of the vulnerability
Explain how the CVE search listing can be a tool for security practitioners and a tool for hackers
What must an IT organization do to ensure that software updates and security patches are implemented timely
What would you define in a vulnerability management policy for an organization
IS3110 WEEK 2 LAB 2.1 (ITT TECH)
Overview
The following risks, threats, and vulnerabilities were found in an IT infrastructure. Consider the scenario of a Healthcare provider under HIPPA compliance law and what compliance to HIPPA involves
Given the list below, perform a qualitative risk assessment:
Determine which typical IT domain is impacted by each risk/threat/vulnerability in the “Primary Domain Impacted” column.
Next, for each of the identified risks, threats, and vulnerabilities, prioritize them by listing a “1”, “2”, and “3” next to each risk, threat, vulnerability in the “Risk Impact/Factor” column. “1” = Critical, “2” = Major, “3” = Minor. Use the following qualitative risk impact/risk factor metrics:
Craft an executive summary for management using the following 4-paragraph format. The executive summary must address the following topics:
Week 2 Lab: Assessment Worksheet
Perform a Qualitative Risk Assessment for an IT Infrastructure
Overview
Answer the following Assessment Worksheet questions pertaining to your qualitative IT risk assessment you performed.
Lab Assessment Questions & Answers
What is the goal or objective of an IT risk assessment?
Why is it difficult to conduct a qualitative risk assessment for an IT infrastructure?
What was your rationale in assigning “1” risk impact/ risk factor value of “Critical” for an identified risk, threat, or vulnerability?
When you assembled all of the “1” and “2” and “3” risk impact/risk factor values to the identified risks, threats, and vulnerabilities, how did you prioritize the “1”, “2”, and “3” risk elements? What would you say to executive management in regards to your final recommended prioritization?
IS3110 WEEK 1 LAB 1.1 (ITT TECH)
One of the most important first steps to risk management and implementing a risk mitigation strategy is to identify known risks, threats, and vulnerabilities and organize them. The purpose of the seven domains of a typical IT infrastructure is to help organize the roles, responsibilities, and accountabilities for risk management and risk mitigation. This lab requires students to identify risks, threats, and vulnerabilities and map them to the domain that these impact from a risk management perspective.
Lab Assessment Questions & Answers
The following risks, threats, and vulnerabilities were found in a healthcare IT infrastructure servicing patients with life-threatening situations. Given the list, select which of the seven domains of a typical IT infrastructure is primarily impacted by the risk, threat, or vulnerability.
Of the listed risks, threats, and vulnerabilities identified in the table above, which one requires a disaster recovery plan and business continuity plan to maintain continued operations during a catastrophic outage?
Which domain represents the greatest risk and uncertainty to an organization?
Which domain requires stringent access controls and encryption for connectivity to corporate resources from home?
Which domain requires annual security awareness training and employee background checks for sensitive positions to help mitigate risk from employee sabotage?
Which domains need software vulnerability assessments to mitigate risk from software vulnerabilities?
Which domain requires AUPs to minimize unnecessary User initiated Internet traffic and can be monitored and controlled by web content filters?
HU4640 MODULE 6 PROJECT PART 2
Title: Ethics in Practical Application
In Project Part 1, you analyzed each of the leading contemporary theories. In Project Part 2, you will apply these theories to issues of civilization and culture, justice, and your chosen profession and/or field of study. Use your course notes, textbook, lessons, and perform research on the internet to discuss each of the questions below
Reward and Punishment
1) Explain Social Contract Theory and answer the following prompts:
Why was the Social Contract Created?
In what ways is the Social Contract a myth?
Provide an example illustrating the concept of the social contract
Would you sign the Social Contract in the U.S. if you had the choice?
2) Explain the differing viewpoints on justice with the help of an example:
Retribution (Deserts Theory)
Utilitarianism (Results Theory)
Restitution (Compensation Theory)
3) Explain John Rawls’ Theory of Justice and the Veil of Ignorance allegory
4) Briefly describe cultural relativism and respond to the following questions:
Do you agree that what is right is relative to culture, or is there one absolute morality or set of principles that all cultures should maintain?
What would the perfect, just society look like?
5) Think about the business, economical, technological, environmental, biomedical, cultural, or any other major ethical considerations in your chosen field of study or profession and do the following:
Select, define, and explore what you would consider to be the three most pressing ethical concerns in your field, using illustrative examples from the real world when possible.
For each primary ethical consideration, apply a minimum of two types of ethics to the issue. For example, you might select corporate social responsibility (CSR) and determine how a utilitarian might handle CSR the same as or differently from an egoist or a deontologist.
6) Conclude your project by summarizing your thoughts on the pressing ethical issues in your field and discussing the types of ethics you will use going forward in your professional life.
HU4640 MODULE 3 PROJECT PART 1 (ITT TECH)
Title: An Introduction to Ethical Theories
Answer the following questions:
1) What, according to you, is ethics?
2) Discuss the following approaches to the study of morality and identify the approach that is closest to your own.
Scientific
Philosophical
Theological/Religious
3) Explain the following sources of ethics with the help of an example
Reason based ethics
Emotion based ethics
Intuitionism
Virtue Ethics (Individualism) and Care Ethics (Collectivism)
4) Include a general discussion with three core features (with at least one criticism) of Virtue Ethics.
Discuss Aristotle’s Nicomachean Ethics.
Explain the Golden Mean.
Discuss Confucian Moral Self-Cultivation.
Provide an example of Virtue Ethics
5) Include a general discussion with three core features (with at least one criticism) of Care Ethics
Provide an Example of Care Ethics.
Explain your personal viewpoint on Care Ethics.
Absolutism v. Relativism
6) Define Absolutism and provide an example of absolutist ethical decision.
7) Define Relativism and provide an example of a relativist ethical decision
8) Define and discuss Cultural Relativism.
9) Reflect on whether you are an absolutist or relativist
Consequentialism v. Deontological Ethics
10) Define Consequentialism and discuss the pros and cons of both Act and Rule Utilitarianism. Provide your own insights on Utilitarianism.
11) Explain the following types of egoism with the help of an example:
Psychological Egoism
Ethical Egoism
Individual Ethical Egoism
Universal Ethical Egoism
12) Include a general discussion with three core features (with at least one criticism) of Deontological Ethics.
13) Compare and contrast Kant’s Absolutism with Ross’ Prima Facie Duties
14) Provide an Example of Ethical Nonconsequentialism.
15) Reflect on whether you are a deontologist or a consequentialist.
Free Will v. Determinism
16) Analyze Free Will and Determinism, their potential compatibility. Discuss your own reflections on the subject.
Подписаться на:
Комментарии (Atom)