Sweet1

QUESTIONS 1-4 DUE ON 10/05/2022 QUESTIONS 5-8 DUE ON 10/08/2022 QUESTION 1 ========== Review the link below read the special publications, then explain in a real-world scenario how a security professional would use this resource. Express why it is beneficial. LINK ==== https://www.isaca.org/resources/news-and-trends/isaca-now-blog/2017/cobit-5-and-the-nist-cybersecurity-framework-a-simplified-framework-solution TOPIC ====== COBIT 5 and the NIST Cybersecurity Framework – A Simplified Framework Solution ===================================================================================================== QUESTION 2 ========== What is the importance of using an access control model in determining how employees in an organization should gain access to resources? Justify your rationale. Quote your Sources ===================================================================================================== QUESTION 3 You are a member of the security team in your organization. To help manage and operate an ongoing security program in an organization, the information security team must adopt a security model that serves as a guide for the development and implementation of the security program.Using the company from your Programmatic Business Continuity Plan Project below, address the following: PART A =Which is your introduction ====== Provide a basic description of the company to include: -mission statement, -web applications, -servers, -departments, -routers and switches, -remote access, -wireless communication, -firewalls, and demilitarized zone (DMZ). PART B = your Body ======= The NIST cybersecurity framework is a list of guidelines and practices designed to help organizations better manage their security programs. It rests on various industry best practices and standards like ISO 27001 and the Control Objectives for Information and Related Technologies (COBIT) 5 (refer to the topic Resources to learn more about these standards). This framework discusses critical security activities that can be tailored and customized to your organization's unique needs. prepare and present a report to management. In your report discuss how you would incorporate these critical security activities into the following steps: 1. Determine current/recent risks or threats to information security. 2. Develop system-specific plans for the protection of intellectual property. 3. Apply the security model to protect the organization from being compromised by unauthorized users. 4. Determine the access control mechanisms that would apply to ensure information is protected against unauthorized users. PART C= Third paragraph and conclusion Outline and explain the roles of the following personnel in the planning and managing of this security: 1. Board of Directors 2. Senior Management 3. Chief Information Security Officer (CISO) 4. IT Management (CIO, IT Director, etc.) 5. Functional Area Management 6. Information Security personnel 7. End users ====================================================================================================== QUESTION 4 PART A ======= Payment Card Industry Data Security Model (PCI DSS) is not a law, but rather a set of industry standards that are mandated for any organization processing online payments. What are the benefits of PCI DSS compliance as promoted by the PCI security standards council? Explain how PCI standards can protect cardholders' data. Part B ======= Define what a Network Access Control (NAC) is. How can a NAC be most effective for organizations in managing BYOD? ======================================================================================================QUESTION 5 You were a part of a meeting that confirmed the need for action in the matter of customer information offered for sale on a public auction site. This was a risk your company was not prepared/planned for. As chief information security officer of the company, you are assigned to research/investigate this incident. Knowing that the auction site was hosted on a server owned by a company outside of the U.S., what best practices would you follow to investigate this case? Which law enforcement agency do you think you should consult? On what factors do you base that recommendation? ====================================================================================================== QUESTION 6 =========== Research your industry's organizational and professional ethical foundations and frameworks. Then, list a minimum of two professional organizations specialized in conducting and establishing a code of ethics that members are expected to follow. For each organization, explain its role in protecting society, the common good, and necessary public trust and confidence. It will be helpful to consider each organization's code of ethics, code of conduct, and/or efforts to combat piracy of intellectual property . ====================================================================================================== QUESTION 7 ============ Select one of the scenarios below and research any applicable laws. What should an organization do to deter someone from violating them? Protection of credit card information Online comments and information protection Threats to computers National cyber infrastructure protection Consider the General Data Protection Regulation (GDPR). How would you professionally and legally react to someone using their power of authority in the company to impose their view of what is truthful and appropriate, or offensive and objectionable, on everyone else. QUESTION 8 ================================================================================================ The dynamic nature of social media and digital environments require professional to have a solid foundation in law and ethics. As a prospective information security professional, you will be required to understand the scope of your organization's legal and ethical responsibilities. You will need to be critical in helping to control the organization's liability for privacy and security risks.In 1,500–1,700 words, address each item below to demonstrate how one would build a reliable, ethical, and legal information system that businesses and consumers can trust. Part 1 ====== As the computer forensics industry is growing, consider how the methods for handling computer crimes differ from traditional methods. Make sure to address the following: 1. What is the purpose of digital forensics? 2. Explain why is it important for any organization to sustain a permanent digital forensics team? 3. In digital forensics, must all investigations follow the same basic methodology? Justify your rationale and explain the steps involved in this methodology. 4. In relation to digital forensics, list the applicable laws and policies related to cyber defense and describe the major components of each pertaining to the storage and transmission of data. Note: This information can be presented in a table or chart. 5. Using the organization you selected in Topic 1, discuss the legal rights of the organization or the user to perform forensic investigations on personal mobile devices that are part of your BYOD policy. Part 2 ======= In many situations, multiple levels of government must work in partnership when ensuring security compliance. For each scenario, research and understand the Federal, State and Local Cyber Defense partners/structures. Then, identify the applicable law(s) it would fall under, as well as describe how the type of legal dispute (civil, criminal, private) affects the evidence used to resolve it. Note: This information can be presented in a table. 1. Transmission of underage photographs to various email addresses in CA, AZ, and CO 2. Colonial Pipeline Hack 3. Victim's identity used to open a new account 4. Bank fraud/scam 5. A firm's credit card records are stolen 6. Several cyberattacks penetrated several U.S. federal organizations 7. Financial scandal 8. Financial institutions refuse to disclose their privacy policies to their customers 9. Patients' information is stolen 10. A candidate is not selected for employment due to a disability Part 3 ======= When providing information assurance, a sound defense strategy does not only look at the legal aspects but also the ethical abuses of abilities on the job. 1. There are three main categories of unethical behavior that organizations must seek to minimize: Ignorance, Accident, and Intent. From your professional/personal experience, provide example(s) for each of the categories of some best practices for how to prevent such activities from happening. 2. What happens when a job task borders on unethical from your personal viewpoint? Is your response to the issue any different than what you discussed above? What behaviors/tasks would an organization find acceptable where your personal viewpoint may not? Select 2-3 scenarios and discuss how you would address them from a Christian worldview. Consider Matthew 18:15-18. How could you apply this to a workplace scenario? 3. Refer to the ISACA codes of conduct. Describe the responsibilities related to the handling of data as it pertains to legal, ethical and/or agency auditing issues. 4. InfoSec professionals are under increasing pressure to provide global access to information/data without sacrificing security. Explain how the following can be used to manage security in your company's network: a) Firewalls, B) IDS, and C) IPS. Justify your rationales. Make sure to address how security practices, methods, and updates have been improved over time to address current global needs. BUSINESS CONTINUTITY PLAN ========================= Business Continuity Plan (BCP) In every business, information security is one of the important aspects that promote the functioning of every business. In a case of a telecommunication company, the business needs to have a serious and more advanced information security system that would enable no threats like cyber security effects. Verizon communications are giant telecommunication that was formed on June 30, 2020. This company is headquartered in New York. In 2021, this company generated a revenue of 133.6 billion dollars. This discussion will focus on the information system put in place by Verizon Company. The Verizon Company is a telecommunications company that provides telephone service, internet service, and television service. The primary aspects of the Verizon Company that should be considered in the BCP are Identification of critical systems and services Identification of potential attack vectors Evaluation of risk and impact Establishment of continuity plans and procedures Training and education for employees Testing and validation of continuity plans Continuity management plan update meetings Maintenance and review of continuity plans The purpose of the Business Continuity Plan (BCP) is to protect the organization's critical business functions in a disaster or emergency. The plan will be designed to restore critical functions on time, allowing the company to continue operations. The BCP will be developed following the company's risk assessment and will address the following key components: Executive Overview: Verizon is a telecommunications company that offers broadband and wireless services to consumers and businesses. The company has a large customer base and a strong market position. Verizon is also a major player in the telecommunications industry, and its broadband and wireless networks are among the largest in the world. The company has a diversified business mix, with a strong focus on wireless services. Verizon is also a major player in the media and advertising industries. The company is listed on the New York Stock Exchange and the Dow Jones Industrial Average constituent. Verizon operates a large and diverse network covering most of the United States. The company offers broadband and wireless services to consumers and businesses and media and advertising products. Verizon's wireless networks are among the largest globally, and it is a major player in mobile phone services and fixed-line broadband services. The company has a diversified business mix, with a strong focus on wireless services. Business Needs: The business needs section will outline the company's critical business functions and how they are essential to operations. Plan Objectives: The objectives of the BCP will be to protect the company's critical business functions and ensure that they can be restored promptly. The plan will also include strategies for recovering from a disaster or emergency. Plan Assumptions: The assumptions of the BCP will be based on the company's risk assessment. Risk Assessment Matrix Template: The risk assessment matrix will provide a detailed overview of the risks to the company's critical business functions and how the BCP mitigates them. The matrix will also identify any gaps in coverage or vulnerability. Company Organizational Chart: The organizational chart will show which departments have responsibility for each component of the BCP. The chart will also include information about who owns and manages technology and infrastructure resources. Technology and Infrastructure Requirements: The technology and infrastructure requirements section will identify the technologies and systems required to protect the company's critical business functions. The section will also identify any necessary upgrades or replacements. Operational Strategies: The operational strategies section will outline how the company plans to restore its critical business functions on time. The section will also include contingency plans for when the restoration is impossible.