CMGT 400 All participations
CMGT 400 All participations
The Latest Version A+ Study Guide
CMGT 400 Week 1 Discussion: Penetration Testing
Pluralsight: “Penetration Testing and Vulnerability Scanning Concepts”
Lynda.com®: “Planning a Penetration Test”
Penetration testers specialize in analyzing an organization for the purpose of making an authorized simulated attack on the organization’s IT systems, to evaluate the security of its IT systems.
The ability to analyze an organization’s security and make authorized simulated attacks on it, to identify security risks, is a useful skill for anyone involved in cybersecurity to develop–not just penetration testers.
This week you will select an organization you wish to explore throughout the course. Discusshow you will analyze the security of the organization prior to conducting a penetration test. Why is it important to gain authorization before you conduct a penetration test? How do you plan to attack the organization’s IT systems? How will you report vulnerabilities which you identify back to the organization?
CMGT 400 Week 1 Discussion: Threats and Vulnerability Scanning
Resource: Practice Labs: “Threats – Vulnerability Scanning” (SYO-401)
Open Vulnerability Assessment System (OpenVAS) is free software that draws on a database of known vulnerabilities for various types of network devices. The software scans the network and collects information by monitoring various open ports to determine whether a given host is vulnerable to any of the known security threats. Based on the information collected, the vulnerability assessment software suggests solutions to address the detected vulnerabilities.
Discuss how you could use OpenVAS to identify and resolve security threats and vulnerabilities in an organization’s IT infrastructure. How could cloud-based vendors use OpenVAS to identify and resolve security threats and vulnerabilities in cloud-based services, platforms, and software applications which they provide? Why would you need to continue to run OpenVAS on a periodic basis to continue to scan for threats and vulnerabilities?
CMGT 400 Week 2 Discussion: Firewalls and Evasion
Resource: Practice Lab: Firewalls and Evasion (SYO-501)
A firewall is a device that prevents unauthorized access to a host or a network either from within the corporate environment or coming from the public network, like the internet. Generally, there are two types of firewalls. A hardware firewall takes the form of a closed proprietary appliance with its own operating system. This is considered faster but a bit expensive. A software firewall is installed on a computer and it utilizes the computer’s operating system. Firewalls either hardware or software use rules to filter incoming and outgoing traffic to the network.
Discuss how you could use firewalls to support organizational security? What are the advantages and disadvantages of using hardware and software-based firewalls? What software tools could you use to assess the security of the firewalls used to protect your organization’s computer architecture? How can you bypass blocked sites using anonymous website surfing sites?
CMGT 400 Week 2 Discussion: Mobile Device Security
Lynda.com®: “Mobile Device Security”
Lynda.com®: “Mobile Application Security”
Mobile device security continues to increase in importance and has become a key security focus as organizations and individuals protect their information assets and IT technology.
Discuss how you would approach mobile device security for employees, customers, stakeholders, and partners as they use mobile devices to access technology and software applications in the organization you chose in Week 1? How would you integrate mobile devices with security-enhancing solutions to reduce the risk of hackers targeting them to exploit security vulnerabilities?
CMGT 400 Week 3 Discussion: Industry and Government Regulations
Research industry and government regulations in the context of the organization you chose in Week 1.
Discuss which resource(s) you found to be most useful in terms not only of researching the different types of industry and government regulations that exist, but which industry and government regulations must be implemented for a given security scenario.
What criteria are you using, or thinking of using, to determine which type of industry or government regulation is most appropriate for your particular individual assignment?
CMGT 400 Week 3 Discussion: Protecting Data
Consider legal, ethical, and regulatory considerations of protecting data in the context of the organization you chose in Week 1.
Discuss which resource(s) you found to be most useful in terms not only of researching the different types of legal, ethical, and regulatory considerations of protecting data that exist, but also which legal, ethical, and regulatory considerations of protecting data must be implemented for a given security scenario.
What additional considerations need to be addressed when storing and protecting the data of people who live in the European Union?
CMGT 400 Week 4 Discussion: Security Risk Management Plan
A cybersecurity risk management plan is a plan designed to protect a system exposed to the internet, internal employees, contractors, disasters, failures, etc.
Discuss some common cybersecurity risk response, change management, version control, and incident response processes that you might consider incorporating into the cybersecurity plan you will be creating for this week’s individual assignment. Are cybersecurity risk management processes similar from system to system? Where can you locate best practices for preventing or mitigating cybersecurity risk management threats?
CMGT 400 Week 4 Discussion: Backup and Recovery
Resource: Practice Lab: Backup and Recovery (SYO-501)
Backup and recovery processes serve two important purposes. The first purpose is to recover data after it is lost and the second is to recover data from a prior time. Good, well tested, backup and recovery processes are key to mitigating disasters and recovering from disasters as well as ensure business continuity of operation.
Discuss the recovery model for a backup and recovery strategy. What considerations should you take into account as you determine backup schedules? How will you test the execution of your backup and recovery processes to ensure that they will work appropriately?
CMGT 400 Week 5 Discussion: Secure Application Development
Lynda.com®: “Application Security” (4 minutes 16 seconds)
Lynda.com®: “Secure Coding Practices” (18 minutes 4s)
Application security is the use of hardware, software, and design, development, and implementation methods to create applications which are protected from cybersecurity threats.
Discuss the methods that should be used during application design, build, and implementation to protect software applications from cybersecurity threats. What hardware and software resources can an organization implement to create more secure software applications?
CMGT 400 Week 5 Discussion: Embedded Systems
Lynda.com®: CISSP Cert Prep: 8 Software Development Security
Embedded systems are being integrated into many products. They are also being used to enable the Internet of Things. As embedded systems become more widespread, they present additional opportunities for hackers to exploit them to gain access to systems and data.
Discuss how organizations should analyze the security implications of embedded systems that they use. What are the consequences of having unprotected Linux operating systems installed on embedded systems? What steps should an organization take to secure the embedded systems that integrate with their technology architecture?