IT Management

Describe procedures for information system control governance and policy enforcement. Describe system security related incidents.

Properly configuring and collecting audit logs requires meticulous care. Complete the Practice Lab titled “Audit Logs.” Capture screenshots taken during the lab (With Date evidence visible) in your Microsoft® Word document as specified within the lab instructions. At the end of the lab, you will be asked to respond to the following in a 2- to 2.5-page response at the end of your Microsoft® Word document: o Describe what information was contained in the logs and what value it might have in a security investigation. o Think about the challenges of getting all of the Active Directory audit policy settings right. For an infrastructure administrator, how important are these types of settings? o What are the risks associated with logging too little data or not auditing the correct events?  o What are the risks associated with logging too many events?  o When the default configuration is to create audit logs, what impact can this have on security incident investigations? o This was just a single domain with two systems on a local LAN. How much more complicated would auditing and log management be for 100 computers? What about an enterprise with 10,000 computers in several domains on their LAN/WAN? o Consider a cloud-hosted Infrastructure as a Service (IaaS) environment with many new, internet-accessible systems regularly being built and brought online. What challenges might there be managing audit policies and logs in such an environment? o Finally, conclude this week’s assignment with a page explaining how the tools and processes demonstrated in the labs might be used by an infrastructure administrator to help secure an environment.

Scenario You are the manager of a team of 10 software developers working on a new application for your company, Optimum Way Development, which is based out of Raleigh, North Carolina. Your organization recently acquired a smaller software company based in San Jose, California. You have been informed that your team will be bringing on five people from this newly acquired company; all five people will be moving to Raleigh to join your team. You schedule a phone call with the five new team members and discover that they are upset about the recent impersonal message they received from human resources informing them that they would have to relocate to Raleigh in order to stay employed; no one expressed excitement about joining the team. During this conversation, you also discover that many of the new team members have more education and experience than the people currently on your team. Based on the conversation, you notice that most of these team members are likely older than you, whereas all of the current Raleigh team members are younger than you. After the call, one of your current senior team members approaches you about rumors that are circulating concerning the Raleigh team being required to train the new team members from San Jose. They heard that there are plans to eliminate positions and are concerned the new hires will ultimately be taking their positions. The director who oversees your division has requested that you create and present a recommendation report that documents your plans for managing the conflicts that currently exist or may arise on your team. The director has an advanced degree in a computer science-related field and has worked in technology for over a decade. Directions In order to identify and resolve existing and future conflicts, you have been asked to compose and present your plan for managing conflict for this project. In addition to identifying and resolving the conflicts, you are also responsible for keeping the development of the new application moving forward by continuing to meet scheduled milestones. To do this, you will create a recommendation report and corresponding presentation. The audience for both deliverables is your director. As you create your report and presentation, remember to use communication techniques and platforms that are appropriate for your audience’s preferences and motivations. Both deliverables should be based on the above scenario and include the following: To start, explain the major elements of the software application, including background, audience, functions, and features. Next, explain the areas of conflict for the team. Make sure to include contributing factors and the possible impacts. Articulate the desired outcome of any conflict resolution activities. How would you like to see this conflict resolved? What is the “best-case” scenario? Recommend action steps for managing areas of possible conflict with a detailed explanation on how the action steps contribute to conflict resolution. In the presentation only, use dialogue to communicate the appropriate main ideas to the audience. Although you will not give this presentation over video, you should use the speaker’s notes section in PowerPoint to write the accompanying speech. What to Submit To complete this project, you must submit the following: Recommendation Report Your report should be at least 2 full pages in length (not including a title page), single-spaced and submitted as either a Word document or PDF. Outside resources are not required, but any resources used must be appropriately cited using APA style. You may use the Recommendation Report Template for this submission. Presentation Your presentation should be in a presentation format (such as PowerPoint) and provide an overview of the main ideas from the recommendation report. Using the speaker’s notes section of PowerPoint, include the speech that would accompany the presentation. Outside resources are not required, but any resources used must be appropriately cited using APA style.

Assessment Details: Choose an IT/IS technology company and analyse, discuss and present their technological innovation:? The core business activity and the role of innovation in their value proposition.? How innovation is making this business different than competitors?? Research and development and its relationship with the organisation’s innovation.? What factors affected the firm’s innovation success? Is their innovation a “sciencepush” or“demand-push”? What’s the firm’s innovation category? What type of innovation is proposed by the firm? Explain the innovation type from different aspects of innovation type.? Study the firm’s technology S-Curve. What is the stage of this business on the S-Curve?? How successful the firm has been in utilising innovation in their own advantage?

You have been hired as an IT consultant for a company that is opening a new office in a new location. The company needs to provide employees with high-performance desktop and laptop systems. They are looking to you to provide recommendations on system components that will provide the best possible performance and reliability. In your answer, describe at least two of the most-used motherboard form factors and three of the components that you might find on a motherboard. Explain the role that each component plays in the functionality and performance of a computer.

Mitigating Risks There are multiple ways to bring threats and vulnerabilities to light. Common practices and lessons learned can help us explore for known or common threats. Write a 3–4 page paper in which you: Explain the differences in threat, vulnerability, and exploit assessments for information systems and define at least two tools or methods to perform each type. Describe at least two tools or methods used to implement both physical and logical security controls (four in total), then identify the type of security personnel that would be used to implement each and discuss their roles and responsibilities. Describe three considerations when translating a risk assessment into a risk mitigation plan; and discuss the differences between a risk mitigation plan and a contingency plan.  Explain the two primary goals to achieve when implementing a risk mitigation plan and discuss at least methods of mitigation for common information system risks. Use at least two quality resources in this assignment. Note: Wikipedia and similar websites do not qualify as quality resources. The Strayer University Library is a good source for resources. The specific course learning outcome associated with this assignment is: Examine the placement of security personnel and their functions in an organization.

This is a paper that will dive deep into Business Intelligence software and SaaS from the view point of: When BI is warranted and useful (including case studies dealing with ROI) The creation of competitive advantage Availability Market addressed Market size Market penetration Suite features, etc. Advantages of locally hosted vs. Cloud hosted packages It should also discuss: current trends Criteria for comparisons rating/ranking cite case studies Included, should be relaxant exhibits (graphics and tables) as well.

Topic: The purpose of this lab is to recognize the risks, threats, and vulnerabilities commonly found in the workstation domain. You will identify known vulnerabilities and exploits on the Common Vulnerabilities and Exposures (CVE) database listing. You will describe how risks, threats, and vulnerabilities or misconfigurations at the operating system level in the workstation domain might expose that workstation. You will also identify steps to harden the workstation domain operating system and applications installed on the user’s workstation for compliance and safeguarding of sensitive data and access to that data. Finally, you will apply Department of Defense (DoD) guidelines for securing the workstation domain, including the review and assessment of Windows 10 and Windows 2016 security guidelines. Participate in each section of the lab and follow the instructions for the exercises in each section. You will use a text document to develop your homework assignment by completing the sections listed below: Lab 5.1a Review the following scenario: You are a security consultant for an information systems security firm and have a new healthcare provider client under the Health Insurance Portability and Accountability Act (HIPAA) compliance. Your new client wants to know the requirements and business drivers for securing the workstation domain in its healthcare environment. Your new client requires compliance with HIPAA. Similarly, your firm has a DoD client that also wants you to perform a workstation domain compliance audit per DoD workstation hardening guidelines and baseline requirements. In your homework assignment, discuss how the compliance law requirements and business drivers for the healthcare provider’s workstation domain might differ from the DoD’s workstation domain security compliance requirements. Lab 5.1b Launch your Web browser. Navigate to the following website: http://cve.mitre.org/. Review the site, and then in your homework assignment, identify the risks, threats, and vulnerabilities commonly found in the workstation domain. Launch your Web browser. Navigate to the following website: https://public.cyber.mil/stigs /. Review the Security Technical Implementation Guides (STIGs) available and the proper implementation of security based on DoD’s workstation/desktop hardening guidelines. In your document, discuss three STIGs and the DoD’s workstation/desktop hardening guidelines. Lab 5.1c Launch your Web browser. Navigate to the following website: https://public.cyber.mil/stigs/ View and Download STIGs Search for the ‘Desktop Application’ Security Technical Implementation Guide (Version 4, Release 5) document from the STIG database website. Sunset-Desktop Applications General STIG-Ver4, Rel 5 Review the following concepts from this overarching DoD standards document, and, in your homework assignment, discuss the significant points of two of these topics: Appropriate backup strategy does not exist Public instant message clients are installed Peer-to-Peer clients or utilities are installed Execution Restricted File Type Properties Open-restricted File Type Properties You can view the contents of the STIG by visiting the following site: https://vaulted.io/library/disa-stigs-srgs/desktop_applications_general Lab 5.1d Launch your Web browser. Type the following Web address: https://public.cyber.mil/stigs/ Using the search tool search for and review Microsoft Windows Firewall STIG and Advanced Security. View the STIG. Determine which technical controls are appropriate for the Windows OS. Note these in your text document. The STIGs Master List (A to Z) link can be found at this link: https://public.cyber.mil/stigs/downloads/ Scroll down the list to locate and then download the following Windows OS security guideline documents/zip files: Windows 10 STIG (you will see several Windows 10 STIG options; click the one with only a Version number and a Release number after STIG). Microsoft Windows 10 STIG Ver 1, Rel 20 Windows 2016 STIG (you will see a couple of Windows 2016 STIG options; click the one with only a Version number and a Release number after STIG). Microsoft Windows Server 2016 STIG Ver 1,Rel 10 Once you have downloaded the Windows 10 STIG ZIP file to your desktop, double-click the ZIP file to extract the Windows 10 STIG folder. Double-click the folder to open it, double-click the Windows 10 Manual STIG ZIP file to extract the Windows 10 Manual STIG folder, double-click the folder to open it, and then double-click the Windows 10 STIG Manual XML file to open it. For help in viewing an XML file, watch the this video on How to Easily View a STIG XML file Review the following concepts. In your Microsoft Word document, list each of these and discuss a significant point about each one: display shutdown button, clear system pagefile, removable media devices, halt on audit failure, and security configuration tools. Next, you will work with the Windows 2016 STIG ZIP file on your desktop. Double-click the ZIP file to extract the Windows 2016 STIG folder. Double-click the folder to open it, double-click the Windows 2016 DC Manual STIG ZIP file to extract the Windows 2016 DC Manual STIG folder, double-click the folder to open it, and then double-click the Windows 2016 DC STIG Manual XML file to open it. Review the following concepts and vulnerabilities for configuring and hardening Windows 2016 Domain Controllers. In your document, list each of these and discuss a significant point about each one: system recovery backups, caching of logon credentials, dormant accounts, recycle bin configuration, password uniqueness, and printer share permissions. Lab 5.1e Navigate to the following website: http://cve.mitre.org/ Review the National Cyber Security Division of the U.S. Homeland Security Department’s CVE listing hosted by the Mitre Corporation. To access the CVE listing, click CVE List in the left-hand column to reach the CVE List main page. In your homework assignment, discuss how workstation domain OS and application software vulnerabilities are housed in the CVE listing. Next, click the National Vulnerability Database link on the CVE homepage or CVE List main page. In your text document, discuss how vulnerabilities are housed in the National Vulnerability Database. Discuss how this is both a security control tool and an attack tool used by hackers Lab 5.2 Write an executive summary to discuss the top workstation domain risks, threats, and vulnerabilities, and include a description of the risk mitigation tactics you would perform to audit the workstation domain for compliance. Use the U.S. DoD workstation hardening guidelines as your example for a baseline definition for compliance.

Explain what requirements and restrictions would be encountered in order to Build an IT infrastructure for a school of 600 students. Explain how you would go about constructing this project using an engineering approach

Leveraging the class discussions, research some sample cyber risk assessment reports, and provide major components of a report.