NO PLAGIARISM

1. APA format is required. 

2. References should be listed immediately after the question that is being answered. 

3. 3 Unique references

All references should be from the years 2007 to present day.

1. What is the difference between planning and control? Use at least three unique references. Length: 4-5 paragraphs. 

2. How are demand and capacity measured? Use at least three unique references. Length: 4-5 paragraphs.

3. How is the supply side and demand side managed? Use at least three unique references. Length: 4-5 paragraphs. 

4. What is enterprise resource planning and how did it develop into the most common planning and control system?  Use at least three unique references. Length: 4-5 paragraphs. 

  

Many companies and agencies conduct IT audits to test and assess the rigor of IT security controls in order to mitigate risks to IT networks. Such audits meet compliance mandates by regulatory organizations. Federal IT systems follow Federal Information System Management Act (FISMA) guidelines and report security compliance to US-CERT, the United States Computer Emergency Readiness Team, which handles defense and response to cyberattacks as part of the Department of Homeland Security. In addition, the Control Objective for Information Technology (COBIT) is a set of IT security guidelines that provides a framework for IT security for IT systems in the commercial sector.

These audits are comprehensive and rigorous, and negative findings can lead to significant fines and other penalties. Therefore, industry and federal entities conduct internal self-audits in preparation for actual external IT audits, and compile security assessment reports.

In this project, you will develop a 12-page written security assessment report and executive briefing (slide presentation) for a company and submit the report to the leadership of that company.

There are six steps to complete the project. Most steps in this project should take no more than two hours to complete, and the project as a whole should take no more than three weeks to complete. Begin with the workplace scenario, and then continue to Step 1.

 
 

Deliverables

security assessment report (SAR), slides to support executive briefing, lab report

Step 1: Conduct a Security Analysis Baseline

In the first step of the project, you will conduct a security analysis baseline of the IT systems, which will include a data-flow diagram of connections and endpoints, and all types of access points, including wireless. The baseline report will be part of the overall security assessment report (SAR).

You will get your information from a data-flow diagram and report from the Microsoft Threat Modeling Tool 2016. The scope should include network IT security for the whole organization. Click the following to view the data-flow diagram: [diagram and report]

Include the following areas in this portion of the SAR:

1. Security requirements and goals for the preliminary security baseline activity.

2. Typical attacks to enterprise networks and their descriptions. Include Trojans, viruses, worms, denial of service, session hijacking, and social engineering. Include the impacts these attacks have on an organization.

3. Network infrastructure and diagram, including configuration and connections. Describe the security posture with respect to these components and the security employed: LAN, MAN, WAN, enterprise. Use these questions to guide you:

a. What are the security risks and concerns?

b. What are ways to get real-time understanding of the security posture at any time?

c. How regularly should the security of the enterprise network be tested, and what type of tests should be used?

d. What are the processes in play, or to be established to respond to an incident?

e. Workforce skill is a critical success factor in any security program, and any security assessment must also review this component. Lack of a skilled workforce could also be a security vulnerability. Does the security workforce have the requisite technical skills and command of the necessary toolsets to do the job required?

f. Is there an adequate professional development roadmap in place to maintain and/or improve the skill set as needed?

g. Describe the ways to detect these malicious code and what tactics bad actors use for evading detection.

4. Public and private access areas, web access points. Include in the network diagram the delineation of open and closed networks, where they co-exist. In the open network and closed network portion, show the connections to the Internet.

5. Physical hardware components. Include routers and switches. What security weaknesses or vulnerabilities are within these devices?

6. Operating systems, servers, network management systems.

a. data in transit vulnerabilities

i. endpoint access vulnerabilities

ii. external storage vulnerabilities

iii. virtual private network vulnerabilities

iv. media access control vulnerabilities

v. ethernet vulnerabilities

7. Possible applications. This network will incorporate a BYOD (bring your own device) policy in the near future. The IT auditing team and leadership need to understand current mobile applications and possible future applications and other wireless integrations. You will use some of this information in Project 2 and also in Project 5.

The overall SAR should detail the security measures needed, or implementations status of those in progress, to address the identified vulnerabilities. Include:

1. remediation

2. mitigation

3. countermeasure

4. recovery

Through your research, provide the methods used to provide the protections and defenses.

From the identification of risk factors in the risk model, identify the appropriate security controls from NIST SP 800-53A and determine their applicability to the risks identified.

The baseline should make up at least three of the 12 pages of the overall report.

When you have completed your security analysis baseline, move on to the next step, in which you will use testing procedures that will help determine the company’s overall network defense strategy.

Step 2: Determine a Network Defense Strategy

You’ve completed your initial assessment of the company’s security with your baseline analysis. Now it’s time to determine the best defenses for your network.

Start by reading a publication by the National Institute of Standards and Technology, NIST-SP-800-115 Technical Guide to Information Security Testing and Assessment, and outline how you would test violations. Identify how you will assess the effectiveness of these controls and write test procedures that could be used to test for effectiveness. Write them in a manner to allow a future information systems security officer to use them in preparing for an IT security audit or IT certification and accreditation. Within this portion of the SAR, explain the different testing types (black box testing, white box testing).

Include these test plans in the SAR. The strategy should take up at least two of the 12 pages of the overall report.

Click the following link to learn more about cybersecurity for process control systems: Cybersecurity for Process Control Systems

After you’ve completed this step, it’s time to define the process of penetration testing. In the next step, you’ll develop rules of engagement (ROE).

Step 3: Plan the Penetration Testing Engagement

Now that you’ve completed your test plans, it’s time to define your penetration testing process. Include all involved processes, people, and timeframe. Develop a letter of intent to the organization, and within the letter, include some formal rules of engagement (ROE). The process and any documents can be notional or can refer to actual use cases. If actual use cases are included, cite them using APA format.

This portion should be about two pages of the overall 12-page report.

After you have outlined the steps of a penetration testing process, in the next step you will perform penetration testing. During the testing, you will determine if the security components are updated and if the latest patches are implemented, and if not, determine where the security gaps are.

Step 4: Conduct a Network Penetration Test

You’ve defined the penetration testing process, and in this step, you will scan the network for vulnerabilities. Though you have some preliminary information about the network, you will perform a black box test to assess the current security posture. Black box testing is performed with little or no information about the network and organization.

To complete this step, you will use industry tools to carry out simulated attacks to test the weaknesses of the network.

Your assessments within the lab will be reported in the SAR.

Step 5: Complete a Risk Management Cost Benefit Analysis

You’ve completed the penetration testing, and now it’s time to complete your SAR with a risk management cost benefit analysis. Within this analysis, think about the cost of violations and other areas if you do not add the controls. Then add in the cost for implementing your controls.

When you have finished with the cost benefit analysis, which should be at least one page of your overall report, move to the final step, which is the completed SAR. As part of the final assignment, remember that you will need to create a slide presentation as part of the executive briefing, and submit that along with the SAR.

Step 6: Compile the SAR, Executive Briefing, and Lab Report

You have completed comprehensive testing in preparation for this audit, provided recommended remediations, and developed a set of recommendations. Now you are ready to submit your SAR and executive briefing.

The requirements for Project 1 are as follows:

1. Executive briefing: A three- to five-slide visual presentation for business executives and board members.

2. Security assessment report (SAR): Your report should be 12 pages minimum, double-spaced with citations in APA format. The page count does not include figures, diagrams, tables or citations.

3. Lab report: A document sharing your lab experience and providing screenshots to demonstrate that you performed the lab. Attach it to the SAR as an artifact.

IT Solution Stage 1

Stage 01: Requirements Document Instructions

Introduction (Please see attachment also)

Before you begin this assignment, be sure you have read the attached Udo, Marian, & Uduak

Corporation Case Study. Also, you should review your Stages 2 – 5 individual

assignments to get an understanding of the future projects that build on this initial stage.

FYI.

Stage 2 – Data & Process Models

Stage 3 – Decision Table & Decision Tree

Stage 4 – Systems Deployment Decision Paper

Stage 5 – Change Control Board Memo

Purpose of this Assignment

This assignment gives you the opportunity to apply the course concepts to document

system requirements. This assignment specifically addresses the following course

outcomes to enable you to:

· Achieve successful systems design, development, and implementation by

effectively applying the role of systems engineering and integrating with project

management

· Effectively communicate with stakeholders to determine, manage, and document

business requirements throughout the SDLC

· Perform modelling to assist with analysis and decision making

· Translate business requirements into systems by applying appropriate SDLC

methodologies and incorporating industry best practices

The Deliverable

Using the Udo, Marian, & Uduak Corporation Case Study, develop and deliver

a Requirements Document for a new billing and payment system. The document will

include a high-level description of the current information system that handles some of

the company’s administrative and financial tasks and identify the requirements for the

new system (as is/to be). It will also provide a high-level functional decomposition

diagram (FDD) of the new system. And, it will include a systems requirements checklist

for the new billing and payment system that includes five (5) key parameters for output,

input, process, performance, and control.

The Requirements Document must include the following:

· The paper should be 2 – 4 pages in length, plus diagrams and a checklist,

responding to the bulleted items below. The diagrams and checklist are not

included in the page count.

· Cover and a Works Cited page are also required. These are not included in the

page count.

· The Cover page must include an appropriate title and your name.

· Use the Works Cited page to correctly cite and reference any sources you use

with APA format.

· Use the Grading Rubric to be sure you have covered everything.

· Submit your paper via your Assignment Folder as a Microsoft Word document

with your last name included in the filename.

· “As-Is” Process

Ø “As-Is” refers to the current system as described in the case study that

does not meet the company’s administrative needs

Ø This should include a brief commentary describing the existing information

system and its shortcomings.

Ø This should include a process diagram. (See example in Helpful

Resources, below)

· “To-Be” process

Ø “To-Be” refers to the new billing and payment system that meets the

company’s administrative needs as described in the case study

Ø This should include a brief commentary describing the proposed billing

and payment system.

Ø This should include a process diagram.

· Functional Decomposition Diagram (FDD) of the new billing and payment system

Ø The FDD should be broken down to three levels as shown in the following

link”: http://it.toolbox.com/blogs/enterprise-solutions/levels-of-detail-forfunctional-

decomposition-1462

· System Requirements Checklist for the new billing and payment system

Ø You should have a complete statement for each requirement in each of

the following categories of the new system:

_ Process

_ Output

_ Input

_ Performance

_ Control

o Each requirement should be individually numbered within the category.
Helpful Resource

· “As-Is” and “To-Be” Business Process Modelling

http://www.businessballs.com/business-process-modelling.htm

· Functional Decomposition Diagram (FDD)

http://academic.regis.edu/ladams/Diagramming%20101.html

· Textbook “Systems Analysis and Design,” Chapter 4, Requirements Modelling

Tools that can assist you in developing the graphics for this project:

· “As-Is” and “To-Be” graphic

Ø Microsoft Visio

· Functional Decomposition Diagram (FDD)

Ø Microsoft Visio

Ø The file “Graphics That Can be Used for Drawing Diagrams” in the Course

· Systems Requirements Checklist

Ø Microsoft Excel

Ø Microsoft Word

Objective

ABC Invitation Design and XYZ Invitation Printing have decided to merge into one company, A2Z Invitations. ABC is a virtual company with a proprietary website that allows customers to do some preliminary work on invitations and then consult with a designer for the final product. XYZ is a traditional company with a system that allows customers to submit designs and track their orders. It also has a contact management and invoicing system. ABC will be moving its application into the XYZ data center and will be using all of XYZ’s back end systems.

Both companies have experienced data breaches in the past and do not want to have them in the future. A2Z has hired you to do a security analysis of its new network and to recommend how it can be set up in a secure manner. It has budgeted for a capital expenditure (outside of man hours) of $250,000 for hardware and software and $25,000 every year for additional security measures.

Guidelines

The Statement of Work objectives are:

• Perform online reconnaissance on XYZ to see what information is available to an attacker. No social engineering of employees is allowed. Use the Week 1 You Decide as the data for this section.
• Perform an analysis of the current XYZ network, using the current network diagram and nmap report Diagram; NMAP and files are below.
• Check the user’s password strength. Use the Week 3 You Decideas the data for this section.
• Redesign of network. Current network below.
• System hardening procedures for both IIS and Apache (even if they only use IIS).
• Three complete security policies. Use the Week 5 writing assignmentas your starter policy for this section.
• Template for future security policies.
• Your paper must conform to all requirements listed below.

Requirements

• Papers must be at least 5–10 pages in length, double-spaced.
• Papers must include at least three references outside of the text.
• Paper and references must conform to APA style, including:
  • cover page;
  • header with student’s name and page number; and
  • sections including Introduction, Body, and Conclusion/Summary.

 

 

 

 

 

Milestones

Each You Decide and other write-ups should be used as the raw material for this report. This report is the analysis of that data.

• Week 1 You Decide

Welcome to InfosecWizards.com. We are a group of infosec professionals dedicated to consulting with our clients on their security needs. This is the first training exercise of the orientation that you need in order to become full consultants. You must pass each of the exercises before you can be brought on full time.

Your Assignment

The scenario below relates responses to our typical customer engagement kickoff interview. Your job is to pick a target company (such as Microsoft, IBM, Google, or one of your choice) and find out the following information about that company using Google, that company’s website, Whois, or nslookup:

• Where the company is located
• Who works there
• What IP address is its network Internet connection
• What its mailserver IP is
• What its URL is
• How many other sites link to it

 

• Week 3 You Decide

Welcome to InfosecWizards.com. We are a group of infosec professionals dedicated to consulting with our clients on their security needs. This is the second training exercise of your orientation before you become full consultants. You must pass each of the exercises before you can be brought on full time.

Your Role/Assignment

Your job is to run an NMAP scan of a target website and crack the password hashes obtained from the servers. The scan is done to show what is really on the network. Cracking the passwords shows how many users have weak passwords.

WARNING: THESE TOOLS SHOULD ONLY BE USED AGAINST THE BELOW TARGET SITE. ANY USE OUTSIDE OF THIS EXERCISE FOR THIS CLASS IS PROHIBITED. ALSO, CONTACT THE INSTRUCTOR IF THIS DOES NOT WORK. THE HELP DESK WILL NOT BE ABLE TO ASSIST.

• Go to http://nmap-online.com/ and generate a report for your PC
• Go to http://www.md5decrypter.co.uk and decrypt the following
  • f4dcc3b5aa765d61d8327deb882cf99 – MD5
  • 200ceb26807d6bf99fd6f4f0d1ca54d4 – MD5
  • 391d878fd5822858f49ddc3e891ad4b9 – NTLM
  • a2345375a47a92754e2505132aca194b – NTLM

 

 

 

• Week 5 writing assignment

 

Type a three- to five-page (800–1,200-word) security policy write-up for the antivirus, spyware, and adware policies for a medium-sized organization. Be sure to suggest security tools and set up a schedule for maintaining a company that is free of infestations of malware.

No Plagarism, need to be APA formatted

QUESTION 1: Min 275 words, Min 1 reference

How would one define business intelligence (BI)? Identify and briefly discuss a real-world application of BI?

————————————————————————-

QUESTION 2: Min 275 words, Min 1 reference

Provide a real-world example or describe a hypothetical situation in which a legitimate organization used spam in an effective and nonintrusive manner to promote a product or service.

——————————————————————————

QUESTION 3: Min 400 words, Min 2 references

TEXT BOOK: Reynolds, G. W. (2016). Information technology for managers (2nd ed.). Boston, MA: Cengage Learning.

From Chapter 12, page 379 WEB-BASED CASE STUDY, THE FUTURE OF LIFE INSTITUTE.  Read the case and answer all questions (20 points).

Elon-Musk donated $10 million to a foundation called the Future of Life Institute.  The institute published an open letter from an impressive array of AI experts who call for careful research into how humanity can reap the benefits of AI “while avoiding its pitfalls.”  Go online and find out about the institute’s initiatives.  

1. What are its primary goals?  

2. How can humans establish and maintain careful oversight of the work carried out by robots?  

3. How valid are Elon Musk, Bill Gates, and Stephen Hawking’s concerns?  

4. What ETHICAL concerns should the public bear in mind as the technological revolution advances?

Sources:  Future of Life Institute.  http://futureoflife.org