SEC 280 Principles of Information Systems Security Case Studies

SEC 280 Principles of Information Systems Security Case
Studies
https://hwguiders.com/downloads/sec-280-principles-of-information-systems-security-case-studies/
EC 280 Principles of Information Systems Security Case Studies
SEC 280 Week 1:
Your boss has just heard about some nefarious computer activities called ping sweeps and port
scans. He wants to know more about them and what their impact might be on the company.
Write a brief description of what they are, and include your assessment of whether the activities
are something to worry about or not. This assignment requires two to three pages, based upon the
APA style of writing.
SEC 280 Week 2:
You are the Information Security Officer at a medium-sized company (1,500 employees). The
CIO asks you to explain why you believe it is important to secure the Windows and Unix/Linux
servers from known shortcomings and vulnerabilities. Explain to your CIO what you can do to
make sure the network infrastructure is more secure.

SEC 280 Week 3:
ABC Institute of Research has sensitive information that needs to be protected from its rivals.
The Institute has collaborated with XYZ Inc. to research genetics. The information must be kept
top secret at any cost. At ABC Institute, the researchers are unsure about the type of key
(asymmetric or symmetric) to use. Please formulate a possible solution, and describe the
advantages and disadvantages of any solution employed.
SEC 280 Week 4:
Computer security is not an issue for organizations alone. Anyone whose personal computer is
connected to a network or the Internet faces a potential risk of attack. Identify all the potential
security threats on a personal computer. Identify some of the techniques an attacker might
employ to access information on the system.
SEC 280 Week 5:
You have just been hired as an Information Security Engineer for a large, multi-international
corporation. Unfortunately, your company has suffered multiple security breaches that have
threatened customers’ trust in the fact that their confidential data and financial assets are private
and secured. Credit-card information was compromised by an attack that infiltrated the network
through a vulnerable wireless connection within the organization. The other breach was an inside
job where personal data was stolen because of weak access-control policies within the
organization that allowed an unauthorized individual access to valuable data. Your job is to
develop a risk-management policy that addresses the two security breaches and how to mitigate
these risks.

SEC 280 Week 6:
Gem Infosys, a small software company, has decided to better secure its computer systems after
a malware attack shut down its network operations for 2 full days. The organization uses a
firewall, three file servers, two Web servers, one Windows 2008 Active Directory server for user
access and authentication, ten PCs, and a broadband connection to the Internet. The management
at Gem needs you to formulate an incident-response policy to reduce network down time if
future incidents occur. Develop an incident-response policy that covers the development of an
incident-response team, disaster-recovery processes, and business-continuity planning.