For KIm Woods only
Operations Security"
· Imagine you are the CISO of a large organization that changes its assets, applications, and configurations dynamically. The organization is in a constant reactive model in responding to security incidents. Explain what benefits would be realized if continuous monitoring and risk management processes are in place and operational.
· Recommend and describe the vulnerability management procedures you believe should be in place for a small finance company that has two remote sites connected with a virtual private network connection.
"Change and Configuration Management"
· Imagine you are the CISO of a large organization. Analyze change and configuration management and explain why it is important in regard to computer operations. Justify your response by including two examples of changes introduced to networks.
· From the e-Activity, evaluate the organization’s security policies from your findings and make a suggestion to improve at least one of these policies. Support your response and cite all sources.
Please respond to the above questions with short paragraph answers of at least 2-3 paragraphs each For question 4 the link to the e-Activity is http://csrc.nist.gov/publications/nistpubs/800-65/SP-800-65-Final.pdf
______________________________________________________________
Case Study 3: Mobile Devices Security
The use of mobile devices is prevalent and growing rapidly as users heavily depend on them. Unfortunately, attackers follow the money and user population. In addition, mobile devices do not receive patches for their vulnerabilities. The Zeus-in-the-Mobile (ZitMo) attack against Android users is an example defeating the emerging technology to steal user’s credentials and ultimately money. Mobile devices can also spread malware. Read the article titled, “ Mobile device attacks surge ” and FIPS 140-2 Security Policy . In addition, read the report titled, “ Emerging Cyber Threats 2012 ”.
“ Mobile device attacks surge ”(link) http://www.treasuryandrisk.com/2011/02/08/pr-mobile-device-attacks-surge
" FIPS 140-2 Security Policy " (link) http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1648.pdf
“ Emerging Cyber Threats 2012 ” (link) https://www.gtisc.gatech.edu/doc/emerging_cyber_threats_report2012.pdf
Write a five to eight (5-8) page paper in which you:
1. Describe the emerging cybersecurity issues and vulnerabilities presented in the “Emerging Cyber Threats 2012” report.
2. Analyze vulnerabilities of mobile devices in regard to usability and scale based on your research and suggest methods to mitigate the vulnerabilities of mobile devices.
3. Assess and describe the value of cryptography and encryption in regard to Equifax’s approach to implementing stronger security policies around mobile devices.
4. Justify Gunter Ollmann’s comments about Zeus-in-the-Mobile (ZitMo) and describe the implications of advanced security breaches such as this.
5. Several challenges of controlling information online are set forth in the section of the article titled, “Controlling Information Online – A New Frontier in Information Security”. Determine what you believe is the greatest challenge in regard to controlling information online.
6. Justify Dan Kuykendall’s statement about the biggest issue with mobile browsers and give two (2) examples illustrating his point.
7. Use at least three (3) quality resources in this assignment. Note: Wikipedia and similar Websites do not qualify as quality resources.
Your assignment must follow these formatting requirements:
· Be typed, double spaced, using Times New Roman font (size 12), with one-inch margins on all sides; citations and references must follow APA or school-specific format. Check with your professor for any additional instructions.
· Include a cover page containing the title of the assignment, the student’s name, the professor’s name, the course title, and the date. The cover page and the reference page are not included in the required assignment page length.
The specific course learning outcomes associated with this assignment are:
· Analyze the methods of managing, controlling, and mitigating security risks and vulnerabilities.
· Define common and emerging security issues and management responsibilities.
· Explain access control methods and attacks.
· Describe the applications and uses of cryptography and encryption.
· Use technology and information resources to research issues in security management.
· Write clearly and concisely about the theories of security management using proper writing mechanics and technical style conventions.