Need that in 15 hours

profileSeba & Rabab :)
493FinalExam.doc
Home>Computer Science homework help>Need that in 15 hours

ITEC 493-J10 IT Security for Managers Summer 2019

integrated Information Technology Department

College of Engineering and Computing

Final Reflective Exam (6/17-20/19)

Learning and Reflecting about IT Cyber Security (25 pts)

“Critical Reflection” is the process of analyzing, reconsidering, and questioning one’s experience within a broad context of issues and content knowledge.” [Barbara Jacoby, 2012]

Background Summary

During the past five weeks, we studied an overview of information security for IT managers. The goal of the course was to prepare you, as an IT professional, to become aware of the cyber security challenges in a world where continuously emerging threats, ever-present attacks, and the success of criminals illustrate weaknesses in current information technologies. This should also help you become aware of the role of an information security management practitioner who secures the systems and networks. The important lesson, however, is that EVERY IT PROFESSIONAL has a responsibility to be aware, to secure, and to protect the employees and data / information of a company of all potential security threats.

Purpose of the Assignment

Rather than take a traditional true false / multiple-choice test covering topics about specific security threats, this exam is designed to have you review and use critical thinking to answer three short essay questions.

Learning to write a “reflective” short essay is important because it helps you increase the value of your learning experience, it encourages you to take meaning from your own research and apply it to what you are learning, and it helps you relate new learnings and experiences to your prior knowledge.

Assignment Hint

Think about each question first. Then, list some bullet points off the top of your head. Research the question to find specific information to support your thoughts and your answers. Spend some time outlining your answer to be sure you have included everything you want to say. Include why you think and feel that way as well (justification). Then use the outline to write your thoughts in complete sentences and paragraphs. Do not submit your rough notes or outline, only submit your final written short essay for each question. Each short essay answer should be a minimum of 150 - 200 words . Remember, this assignment is worth 25 points (8-9 points per question.)

(Note: The previous four paragraphs are 318 words.)

There are no right answers. Good answers are your thoughts, your research, and how well you express what you have to say.

Final Exam Short Essays:

1. (8 pts) Two of the “Student Learning Outcomes” in the course Syllabus included:

6. Understand the trends, impacts, and effective security controls for the following types of threats:

· Web Application Attacks (#3)

· Point-of-Sale Intrusions (#4)

· Insider & Privilege Misuse (#5)

· Miscellaneous Errors (#6)

· Physical Theft & Loss (#7)

· Crimeware (#8)

· Payment Card Skimmers (#9)

· Cyber-Espionage (#10)

· Denial of Service Attacks (#11)

7. Compare the types of security attacks which affect the 17 Critical Infrastructure Sectors.

As a student, did the ITEC 493, IT Security for Managers, course accomplish these two Student Learning Outcomes (STOs)? Describe your feelings. Choose one security threat and one critical infrastructure sector that you studied over the semester as an example (counts as one question for grading purposes).

a. What did you learn about this threat and sector that was new to you?

b. How might you use this information in your future IT professional career?

2. (8 pts) During this summer, we studied the Verizon Data Breach Investigation (DBIR) reports (2019, 2018, 2017). We used the DBIRs throughout the course to find examples of actual security intrusions and threats plus the necessary security controls, which should be implemented to avoid or, at least, mitigate the security threats and attacks. Under BLACKBOARD / Module 3, I just posted another source of security best practice tools: DISA’s (Defense Information Systems Agency’s) STIGS’ (security technical implementation guides’) role in cybersecurity. Please review this information and prepare answers to the following two questions from the Quick Start Introduction & Demonstration Video (34:21 mins), https://public.cyber.mil/stigs/srg-stig-tools/ , (counts as one question for grading purposes). The answers to these questions are in the first two minutes of the video.

a. What is the difference between a STIG “Guide” and a STIG “tool?”

b. List three different members of the “User Community” and explain how you, as an IT Professional” might use the DISA STIGs even if you are not working in the Defense Sector?

3. (9 pts) During this semester, we used Small Group Virtual Discussions (SGVDs) to learn about nine different security threats . Small groups allowed you to discuss the threat examples and controls with only 7-8 other students instead of the entire class of 22 students. Separate SGVDs allowed you to concentrate each discussion on one security threat. Rather than discuss what you learned in these discussions, please take the time to reflect on the assignments and write the pros and cons of this type of learning method. What did you like or dislike? Any recommendations for future classes?

You have from Monday, 6/17/19, 6:00 pm, through Thursday, 6/20/19, 11:00 pm, to complete this exam. Please POST your written answers to these three questions as one MS Word document posted as an attachment to BLACKBOARD / ASSIGNMENTS / EXAMS / FINAL. Be sure to include your name, course, date, and assignment title on your submission. Each question is worth from 0-8 or 9 points. See Grading Rubric on the next page. I look forward to reading your answers.

Final Exam Grading Rubric (for each question)

Questions #

1

2

3

Below Expectations

Poor answer, little thought and reflection, no connections between class readings and your own research and learning, some grammar / spelling mistakes

1 pt

 

 

Approaching Expectations

Good answer, some thought and reflection, although descriptions of connections between class readings and your own research and learning is minimal, some grammar / spelling mistakes

2 pts

 

 

Meets Expectations

Good answer, good thought and reflections, strong connections between class readings and your own research and learning, no grammar / spelling mistakes

3 pts

 

 

·

Exceeds Expectations

Excellent answer, excellent thinking and reflection, multiple and specific connections between class readings and your own research and learning, clearly articulated, well-written – no grammar / spelling mistakes

4-6 pts

 

 

Plus   Word  Count

· > 150 words = 3 pts

· 100 < answer < 150 words   = 2 pts

· < 100 words = 0 pts   

0-3 pts

 

 

Total Points

 

 

KPP 6/17/19