can you do these assignments?
Objective of this assignment is to understand detailed concepts of the Module (1 to 3) that you have studied from the book. To solve the following questions, you will need to carefully read and understand all the topics of the Module 1 to 3. Note: The question sets are derived base on the Modules/Chapters. You will see questions of Module 1 followed by Module 2 & 3. Module 1/Chapter 1 (To answer following question read module 1): PART 1: Discussion/Ethical Decision-Making Question 1. How does the exchange between JJ and Paul earlier in this module indicate that this company has thought about contingency planning? 2. Should JJ push the issue or initiate the event review process himself? PART 2: Review Questions 1. How is the CNSS model of information security organized? 2. What three principles are used to define the C.I.A. triad? Define each in the context in which it is used in information security. 3. What is intellectual property? Describe at least one threat to this type of asset. 4. How does a brute force password attack differ from a dictionary password attack? 5. What is phishing, and how is spear phishing different? PART 3: Real-World Exercises 1. Go to www.symantec.com/security-center/threat-report, then download and review the latest Internet Security Threat Report. According to the report, what threats are currently the most dangerous? Which of these top threats represent problems for you and your use of the Internet? Which of these top threats represent problems for your school or business? 2. Go to https://cve.mitre.org. What type of site is this, and what information can it provide? Now, paste in the URL https://cve.mitre.org/cve, then click Search CVE List, and enter “Ransomware” in the search field. Click Search again. What information is provided? How would this be useful? Click on one of the named results. What additional information is provided? How could this be useful? 3. Open a Web browser and search for the “OWASP Top Ten.” Visit the site. What information is provided here? What does it mean? How could a security manager use this information? 4. Open a Web browser and search for “NIST Computer Security Resource Center.” Link to the home page. Click the Publications link, then click on the “SP NIST Special Publications” option. Locate SP 800-100. Review the HTML version. What critical information could a security administrator or manager gain from this document? What other documents would be of value to the security manager or technician? Module 2/Chapter 2 (To answer following questions, read module 2): PART 1: Discussion/Ethical Decision-Making Question 1. How often should an organization rehearse its contingency plans? 2. Who should coordinate the rehearsal of the contingency plans? Why would that be the appropriate person? 3. What degree of cross-training between the various roles in the plans is most effective? Identify the advantages and disadvantages of such a cross-training plan. What trade-offs do you think exist between extensive and minimal cross-training? PART 2: Review Questions 1. What is the first step in beginning the contingency planning process? 2. What are the primary responsibilities of the contingency planning management team (CPMT)? 3. Which teams may be subordinate to the CPMT in a typical organization? 4. What is a business impact analysis (BIA), and why is it important? 5. What are the usual stages in the conduct of the BIA? PART 3: Real-World Exercises 1. Use the Web to search the terms “CitiBank backup tapes lost.” You will find many results. Select one article and identify what the article considers a shortcoming in CitiBank’s planning. What part of the contingency planning process came up short (IR, DR, or BC)? How could the shortcoming have been prevented? 2. Visit the article abstract at www.ncjrs.gov/App/publications/Abstract.aspx?id=246582. Read the abstract and then answer this question: Do you think having a simulator for training and readiness would help or hinder the quality of response to contingencies? Explain your answer. Module 3/Chapter 3 (To answer following questions, read module 3): PART 1: Discussion/Ethical Decision-Making Questions 1. What goals should be included when planning for the resumption of critical business functions at an alternate site for four weeks? What would be different if the planning horizon were 30 weeks instead? 2. When the organization makes a plan like the one described here, what parts of the plan should be from the contingency planning management team (CPMT) and what parts should come from the subject area experts? 3. It seems that the company exposed its employees to some stress during the “white powder” drill without telling the employees that it was taking place. While this is almost certainly legal, do you think it was ethical to spring the surprise on the employees as part of a training event? 4. What if a key customer had an urgent special request that the company could not respond to because of this drill? Is it an ethical lapse to fail to meet a customer expectation? PART 2: Review Questions 1. What is a redundant array of independent disks (RAID), and what are its primary uses? How can it be used in a backup strategy? 2. What is disk striping, and how might it be considered the opposite of disk mirroring? 3. In what way are the backup needs of systems that use databases different from backups to safeguard other systems that don’t use databases? 4. Beyond simply identifying what to back up, when to back it up, and how to restore it, what should a complete backup recovery plan include? 5. What is bare metal recovery? PART 3: Real-World Exercises 1. Do a Web search for available commercial applications that use various forms of RAID technologies, such as RAID 0 or RAID 5. What is the most common implementation? What is the most expensive? 2. Not too long ago, tape backup was the industry standard. Is it still? Do a Web search for “What is the best way to back up my office computer.” Review the top two or three articles found to determine whether magnetic tape, hard disks, optical disks, or cloud-based backups are the most prevalent approach. What do you think will still be the best practice in five years? 3. Do a Web search for vendors that provide alternate-site strategies, such as hot sites, warm sites, and cold sites. How prevalent are they? What about mobile sites? Open the provided spreadsheet Incident_Calculator.xlsx and the document guide ENISA_Cost_incident_handling.pdf. Get familiarized with the documents. Please note only the cells highlighted in yellow are meant to be modified for specific scenarios. You are going to work with the College numbers and compare them with the Internet Store. When answering the questions below, add a screenshot to support your responses when necessary. 1. In the Spam tab, what security controls would help reduce the % of spam messages getting to user’s inboxes? 2. And how could you reduce the amount of time employees need to identify spam messages? 3. Change the two numbers to 1% and 2 seconds. Why the ROSI (last tab) is not affected? 4. A recent virus infection is quickly spreading over the college network and now 3 out of 4 computers are infected. The IT staff is struggling to control the situation and they need 2 hours to clean each computer, so all of them are completely focused on the incident. How much is this incident costing the College? 5. What about the ROSI this time? Explain it. 6. To be realistic, the impact of the IDS/IPS on stopping a new virus should be 0.1. How this change affects the ROSI? Why? 7. After a few days, the IT staff has more knowledge about the new virus and they can tune the IDS/IPS to better prevent the infection. Show the impact on the ROSI if the effectiveness doubled from 0.1. 8. If the likelihood of a DDoS attack to the College increased to 5%, how much would be lost per year in such attacks?. Tip: please note the values below 0 use a comma instead of a dot. 9. As you noted the increase in DDoS attacks, you seek advice from your IDS/IPS provider and they tell you an upgrade in the appliance firmware would help stopping half the attacks. The license cost would increase by 10%. Is it worth it? 10. During the negotiation, the vendor offers you to pay 20000 for 5 years to acquire the license for the firmware upgrade. Would you accept it?