New England College Computer Security Incident Response Team Discussion
Search “scholar.google.com” or your textbook. Discuss the technical skills required to have a CSIRT response team consisting of employees with other job duties (i.e., not a full-time CSIRT job category)? Why or why not? What factors will influence their decision?
Cumberland University Information Systems for Business and Beyond Questionnaire
Information Systems for Business and Beyond Questions:
Chapter 9 – study questions 1-10, Exercise 3 &4.
Information Technology and Organizational Learning Assignment:
CIS 512 SU Strategic Planning for Information Security Discussion
Just as quickly as new technology is developed, hackers find new ways to disrupt operations. As a result, security is an ongoing endeavor in all organizations. Strategic planning can help organizations be prepared to address new daily threats to information security. Moreover, many of today’s organizations are adopting virtualization as a way to reduce their footprint in hardware costs and to improve their backup system capabilities at the client and server levels. At the same time, virtualization poses security risks that organizations need to consider as part of their strategic planning process.
Go to Basic Search: Strayer University Online Library to locate and integrate at least two quality, academic resources (in addition to your textbook) on the role of strategic planning in mitigating information security threats, including those associated with virtualization. You may also use government websites, such as Cybersecurity from the National Institute of Standards and Technology.
As you write this post, keep in mind your current organization’s or a previous organization’s strategic planning for information security, its infrastructure, and its training.
Please respond to the following in a post of at least 200 words:
In 60 to 75 words, please respond to student’s comment below:
Professor and Peers,
Ed here. In general English Language usage, I want to consider strategic planning as an activity that is used to set priorities, focus energy and resources, strengthen operations, ensure that all those involved in the activity are working toward common goals, establishing agreement around intended outcomes/results, and assessing and adjusting the direction in response to a changing environment. It should be a disciplined effort that produces fundamental decisions and actions that shape and guide those involved in it, who it serves, what it does, and why it does it, with a focus on the future. Effective strategic planning should convey not only where those involved in it is going and the actions needed to make progress, but also how it will know if it is successful.
Concerning our discussion, this week, our textbook outlines strategic planning from three angles; namely enterprise strategic planning, information technology (IT) strategic planning, and cybersecurity or security strategic planning.
What is the importance of strategic planning to an organization’s information security?
I would like to think here, professor and peers that, the importance or business benefits of an effective information security strategic plan are significant and can offer a competitive advantage. This is because an organization’s information security strategic plan, should allow executives, management and employees to see where they are expected to go, focus their efforts in the right direction and know when they have accomplished their goals. It should be a clear and concise document (Evans, 2015). The plan can also position an organization to mitigate, transfer, accept or avoid information risk related to people, processes and technologies. An established strategy also helps the organization adequately protect the confidentiality, integrity and availability of information.
What are the topics to be included in strategic planning for information security?
Included in the strategic plan should be; complying with industry standards, avoiding a damaging security incident, sustaining the reputation of the business and supporting commitment to shareholders, customers, partners and suppliers, a list of deliverables or benchmarks for the initiatives, including the name of the person responsible for each, defining the vision, mission, strategy, initiatives and tasks to be completed so they enhance the existing information security program, etc.
What are the security threats associated with virtualization?
Industry observers are sounding the alarms on the security realities of a virtual enterprise. As we know too well, professor and peers, it’s the nature of the threat landscape: attackers move where emerging technology moves (Mari-Len De Guzman, 2007). In its latest Internet Security Threat Report (ISTR), a compilation and analysis of IT security activities worldwide, Symantec Corp. cited virtualization-related security attacks as among the trends to watch for in the near future (Mari-Len De Guzman, 2007).
There is no doubt that the use of virtualization adds additional layers of concern (Stallings, 2019). We’re told that virtualized environments aren’t more secure. Some of these threats include; Shared Technology Issues, Denial of Service, Data Loss, Advanced Persistent Threats (APTs), Malicious insiders, Account hijacking, data breach, etc. The week’s readings made it clear that security threats can originate externally and internally in a virtualized environment, and these “intra-host threats” can elude any existing security protection schemes.
Since these virtualized security threats are hard to pin down “this can result in the spread of computer viruses, theft of data, and denial of service, regulatory compliance conflicts, or other consequences within the virtualized environment,” (Dignan, 2008). One compromised virtual machine could infect all Virtual Machines on a physical server. And so, the biggest security risk with virtualization, we are told, is the “guest-to-guest attacks,” where an attacker gets the root or administrator privileges on the hardware, and then can hop from one virtual machine to another (Dignan, 2008).
How can strategic planning help to mitigate the security threats associated with virtualization?
As we’ve discussed earlier, strategic planning is an activity that is used to set priorities, focus energy and resources, strengthen operations, etc. A way to mitigate these threats in an organization, professor and peers, is to get in touch with companies that’ve carried out some measurable work in virtualization security, and incorporate such measures to the security strategic plan. Some of the private companies worth checking out include BlueLane’s flagship product, VirtualShield, finds virtual machines and updates and patches them. Reflex Security’s approach creates a virtualized security appliance and infrastructure. Catbird has a VMware certified virtual appliance dubbed V-Agent. IBM and VMware, we’re told, are also developing secure hypervisor technology and ways to lock down virtual machines, respectively (Dignan, 2008).
In last week’s discussion, we touched on the continuous new challenges for IT to meet, and so, this week, executing a security strategic plan is a critical success factor for organizations that truly want to maximize their ability to manage information risk. I’m hoping that I’ve touched all areas of the week’s discussion.
Ed.
References:
Stallings, W. (2019). Effective Cybersecurity: A Guide to Using Best Practices and Standards. Pearson Education (1st
edition).
Evans, B. (2015). The Importance of Building an Information Security Strategic Plan. Retrieved from
(https://securityintelligence.com/the-importance-of-building-an-information-security-strategic-plan/).
Dignan, L. (2008). Virtualization: What are the security risks? Retrieved from
(https://www.zdnet.com/article/virtualization-what-are-the-security-risks/).
Mari-Len De Guzman. (2007). Security bells ringing over virtualization. ComputerWorld Canada; North York Vol.
23, Iss. 9, (Apr 2007): N_A. Retrieved from
(https://www-proquest- com.libdatab.strayer.edu/docview/219925650?accountid=30530).
CIS 512 SU Virtualization & Explosion of The Internet Essay
Virtualization offers organizations these benefits:
In addition to examining these virtualization benefits in this assignment, you will also examine challenges associated with virtualization. Specifically you will write a 2–3-page paper in which you:
This course requires the use of Strayer Writing Standards. For assistance and information, please refer to the Strayer Writing Standards link in the left-hand menu of your course. Check with your professor for any additional instructions. Note the following:
The specific course learning outcome associated with this assignment is:
SU Hotel Management Reservation System Discussion
In this week, your task for the project is to research in the South University Online Library and on the Internet to identify a case study of your choice with a pertinent information system application.
Some examples could be: a health care organization, such as a health care insurance company, a major hospital, or medical laboratory; an academic institution, such as a university or a professional institute; a commerce and transportation center, for example a major airport, or maritime port; a transportation carrier, such as an airline company, a railroad company, or even a car transportation service; a network service provider, such as a telecommunications service carrier/provider, an Internet and voice digital service provider, or a cloud service provider; a major media organization, such as television network, or a multimedia service operator; an industry firm that manufactures products, such as a computer products manufacturer, a car manufacturer, or a hardware manufacturer; a major retailer, for example a food retailer, a home maintenance retailer, or clothes outlet; an entertainment complex, such as a hotel, a vacation resort, or a large recreation and entertainment complex; a financial institution, for example a banking system, a credit card service, or an investment trading service.
The above are examples to guide you with your research, but you are not limited to these areas. It is important that you arrive at your own case study, based on your personal interests, and one that is well suited to explore from an information systems analysis for this course. Some criteria that you should consider in arriving at your case study are listed below:
this week, create a report that focuses on the current status of your IS. In the report complete the following tasks:
1. Create a scope for your application that you’ll design. The scope should consist of the following components:
2. Identify the stakeholders for your project and identify at least five (5) key stakeholders’ needs. For each need, discuss the business problems to be solved
3. From your needs, determine at least seven (7) target-system features.
4. Produce a requirements management plan for your project. This plan will include:
Delaware County Community College Working on Assembly Language Exercise
(50) Write a function numones(x) in x86 assembly language that would
report the number of 1’s in the argument x, which is assumed to be a
four byte integer. For example numones(7) should return 3, numones(12)
should return 2, and numones(1022) should return 9.
Write numones() so that it could be assembled using NASM and linked
to a calling program using gcc and called from C using:
y = numones(x);
where x is a declared as int. Make sure that your program is wellcommented so that it becomes easy to read and you have clearly described
how it works. Code which is hard to read will not receive full credit,
whether it is correct or not.
NPU Business Process Management Research Paper
Discuss a current business process in a specific industry. Note the following:
-The current business process itself.
-The industry the business process is utilized in.
After explaining the current situation, take the current learning from the course and:
Explain a new technology that the business should deploy. Be specific, don’t only note the type of technology but the specific instance of technology. (For example, a type of technology is smart automation a specific type of automation is automated light-dimming technology).
Note the pros and cons of the technology selected.
NPU Technology and Information Management Discussion
Question 1: There have been many books and opinion pieces writ-ten about the impact of AI on jobs and ideas for societal responses to address the issues. Two ideas were mentioned in the chapter – UBI and SIS. What are the pros and cons of these ideas? How would these be implemented?
Discussion 2: Explain how GDSS can increase some benefits of collaboration and decision making in groups and eliminate or reduce some losses.
NPU Information Security Technologies Question
I’m working on a computer science question and need guidance to help me learn.
The required article readings this week give a good discussion and look at some of the frameworks that are used to manage risk within organizations and enterprises. One of the readings this week provided an introduction and comparison of different frameworks. As with anything, there are going to be strengths and weaknesses to all approaches.
For your research paper, please address the following in a properly formatted research paper:
Do you think that ISO 27001 standard would work well in the organization that you currently or previously have worked for? If you are currently using ISO 27001 as an ISMS framework, analyze its effectiveness as you perceive in the organization.
Are there other frameworks mentioned has been discussed in the article that might be more effective?
Has any other research you uncover suggest there are better frameworks to use for addressing risks?
