Week 9

Part-A: Email Analysis - A sometimes-overlook system that requires monitoring is the email system. It is important for the cybersecurity professional to be able to perform email analysis. Select a recent email message that you have received. Using your email client, view the email header information. Copy this information into a word processing program. In the word processor, mark the different email defenses that can be used to protect email. These include Sender Policy Framework (SPF), Domain Keys Identified Mail (DKIM), and Domain-based Message Authentication, Reporting, and Conformance (DMARC). Make note of any other observations from the email header information.

Part-B: Analyzing Log Files - Analyzing log files is an important skill for a cybersecurity analyst. However, there are several problems with log analysis. These problems are caused by multiple devices generating logs, a very large volume of data, and different log formats. Perhaps the biggest obstacle to log management is that different devices record log information in different formats and even work with different data captured.  To sharpen your skills of analyzing different logs you will go to a website that contains many different examples, analyze one of the logs, and post your work.

The log file that you select must be unique. Go to the OSSEC site that contains a wide array of sample log files (ossec-docs.readthedocs.io/en/latest/docs/log_samples/) and select one that has not already been analyzed by another learner in the class. Analyze the log file (some items are obvious, while other items will take more research on your part). Post your analysis (minimum of 200 words) of that log. Include information on its content, what items are included in the log, things that are excluded, any trips or tricks you learned, and how valuable you think this log could be.

Part-C: Google Security Blog - The Google Security Blog contains news and insights from Google on security and safety on the Internet. For this activity, you will read and summarize one blog posting. The posting that you select must be unique. Go to the site (security.googleblog.com/) and identify a blog posting that is of particular interest to you that has not been already used by another learner. Read the Google Security Blog posting. Post a summary (minimum of 200 words) of its content. Include information on content, its coverage, the conclusion, and other pertinent information. Assign it a grade (A-F) regarding its value. Justify your answer.

Part-D: Data Masking and Tokenization - Research data masking and tokenization. Explain in detail how each is used. What are their strengths? What are their weaknesses? What alternatives are there to these technologies? Write a two-page report on your research.

Upload a single docx document with APA-7 format.