Refer a friend and get % off! They'll get % off too.

CMGT 400 Entire Course

CMGT 400 Entire Course

INTRO TO INFORMATION ASSURANCE & SECURITY

 
The Latest Version A+ Study Guide

 
CMGT 400 Week 1 Threats, Attacks, and Vulnerability Assessment
 

Throughout this course you will study the different roles that contribute to an organization’s information security and assurance.

Part A:

Select an organization you wish to explore and use throughout the course.

As you make your selection, keep in mind that you will explore the following roles in the organization: Cyber Security Threat Analyst, Penetration Tester, Cyber Security Engineer, Risk Management Analyst, and Software Engineer. You need sufficient knowledge of the organization you select to complete these security assignments.

Part B:

A Cyber Security Threat Analyst conducts analysis, digital forensics, and targeting to identify, monitor, assess, and counter cyber-attack threats against information systems, critical infrastructure, and cyber-related interests.

Take on the role of a Cyber Security Threat Analyst for the organization you select. Use the Threats, Attacks, and Vulnerability Assessment Template to create a 3- to 4-page Assessment Document.

Research and include the following:

 

 

 

Tangible assets: 

 

 

 

Include an assessment scope. The scope must include virtualization, cloud, database, network, mobile, and information system.
 

 

 

 
 

 

Asset descriptions: 

 

 

 

Include a system model, A diagram and descriptions of each asset included in the assessment scope, and existing countermeasures already in place. (Microsoft® Visio® or Lucidhart®)
 

 

 

 
 

 

Threat agents and possible attacks
 

 

Exploitable vulnerabilities
 

 

Threat history
 

 

Evaluation of threats or impact of threats on the business
 

 

A prioritized list of identified risks
 

 

Countermeasures to reduce threat
 

 

 

Submit the assignment.

 

 
 

 

 

CMGT 400 Week 2 Financial Service Security Engagement
 

Your Learning Team is a cybersecurity engineering team for a financial services company that sells investments to, and manages investment portfolios for, high net-worth individuals.

Your organization just completed the migration of the account managers to a cloud-based, customer relationship management (CRM) software application. Your organization has integrated the cloud-based CRM with on-site investing and account management systems to improve the sales of investment products to customers and potential customers and for managing customer accounts and investment portfolios. Account managers are excited to use the new system, especially since it supports mobile device access.

Management hopes the new cloud-based CRM, integrated with the on-site software applications that manage customer accounts and investment portfolios will help the organization to generate more leads, increase sales, improve customer service, reduce the cost of sales for the organization, and increase revenue.

The Chief Information Security Officer (CISO) of your organization is concerned about the security of this new system and its integration to existing systems and has requested that your team complete the following 6- to 8-page security analysis:

 

 

 

Create a plan that addresses the secure use of mobile devices by internal employees and external employees as they use mobile devices to access these applications.
 

 

Recommend physical security and environmental controls to protect the data center which runs the on-site applications.
 

 

Propose audit assessment and processes that will be used to ensure that the cloud-based CRM software provider uses appropriate physical security and environmental controls to protect their data centers which run your cloud-based CRM software.
 

 

Develop identity and access management policies for both the on-site systems and the cloud-based CRM.
 

 

Recommend cryptography and public key infrastructure (PKI) uses which could be used to increase security for these systems.
 

 

 

Submit the assignment.

 

 

 

CMGT 400 Week 2 Penetration Testing Plan
 

A Penetration Tester evaluates the security of an information infrastructure by intentionally, and safely, exploiting vulnerabilities.

Take on the role of Penetration Tester for the organization you chose in Week 1.

Use the Penetration Testing Plan Template to create a 3- to 4-page Penetration Testing Plan for the organization you chose.

Research and include the following:

 

 

 

Pentest Pre-Planning 

 

 

 

Engagement timeline: Tasks and who performs them
 

 

Team location: Where will the penetration team execute their tests?
 

 

Organization locations tested: multiple locations, countries (Export restrictions and government restrictions)
 

 

Which pentest technologies will be used? Consider the following as you research options: 

 

 

 

Scanning Tools: Nmap, Nikto
 

 

Credential Testing Tools: Hashcat, Medussa, John the Ripper, Cain and Abel
 

 

OSINT Tools: Whois, TheHarvester
 

 

Wireless Tools: Aircrack-ng, Kismet
 

 

Networking Tools: Wireshark, Hping
 

 

 

 
 

 

What client personal are aware of the testing?
 

 

What resources provided to pentest team?
 

 

Test Boundaries: 

 

 

 

What is tested?
 

 

Social engineering test boundaries? What is acceptable?
 

 

What are the boundaries of physical security tests?
 

 

What are the restrictions on invasive pentest attacks?
 

 

What types of corporate policy affect your test?
 

 

 

 
 

 

Gain Appropriate authorization (Including third-party authorization)
 

 

 

 
 

 

Pentest Execution Planning: Given the scope and constraints you developed in your Pentest Pre-Plan, plan the following pentest execution activities 

 

 

 

Reconnaissance
 

 

Scanning
 

 

Gaining Access
 

 

Maintaining Access
 

 

Covering Tracks
 

 

 

 
 

 

Pentest Analysis and Report Planning: 

 

 

 

Analyze pentest results
 

 

Report pentest results
 

 

 

 
 

 

 

Submit the assignment.

 

 

CMGT 400 Week 3 Security Standards, Policies, and Procedures Manual
 

Cyber Security Engineers are responsible for safeguarding computer networks and systems in an organization in order to protect the sensitive data they store.

Take on the role of Cyber Security Engineer for the organization you chose in Week 1.

Develop a 5- to 6-page manual using the Security Standards, Policies, and Procedures Template with recommendations to management of security standards, polices, and procedures which should be implemented in your chosen organization.

Research and include the following:

 

 

 

Explain the importance to your organization of implementing security policies, plans, and procedures. Discuss how security policies, plans, and procedures will improve the overall security of the organization.
 

 

Recommend appropriate policies and procedures for: 

 

 

 

Data privacy
 

 

Data isolation
 

 

NDA
 

 

IP Protection
 

 

Passwords
 

 

Acceptable use of organizational assets and data
 

 

Employee policies (separation of duties/training)
 

 

Risk response 

 

 

 

Avoidance
 

 

Transference
 

 

Mitigation
 

 

Acceptance
 

 

 

 
 

 

 

 
 

 

Compliance examples that might affect your organization or others [Regulatory, Advisory, Informative] 

 

 

 

HIPPA
 

 

FERPA
 

 

ISO
 

 

NIST
 

 

SEC
 

 

Sarbanes/Oxley
 

 

 

 
 

 

Incident response 

 

 

 

Preparation
 

 

Identification
 

 

Containment
 

 

Eradication
 

 

Recovery
 

 

Lessons learned
 

 

 

 
 

 

Auditing
 

 

Environmental/Physical
 

 

Administrative
 

 

Configuration
 

 

 

Submit the assignment.

 

 

CMGT 400 Week 4 Disaster Recovery and Business Continuity Plan
 

Using the financial services scenario from the Week 2 Learning Team assignment, “Financial Service Security Engagement,” create an 8- to 10-page Disaster Recovery and Business Continuity Plan with the following:

 

 

 

Determine the recovery model for your backup and recovery strategy
 

 

Design the backup strategy and include a diagram to document your backup strategy. Include recovery steps in your diagram
 

 

Recommend a schedule for backups
 

 

Explain how you will test your backup and recovery strategy 

 

 

 

Recovery sites 

 

 

 

Hot site
 

 

Warm site
 

 

Cold site
 

 

 

 
 

 

Order of restoration
 

 

Backup types 

 

 

 

Differential
 

 

Incremental
 

 

Snapshot
 

 

Full
 

 

 

 
 

 

Geographic considerations 

 

 

 

Off-site backups
 

 

Distance
 

 

Location selection
 

 

Legal implications
 

 

Legal implications
 

 

Data sovereignty
 

 

 

 
 

 

Continuity of operation 

 

 

 

Exercises
 

 

After-action reports
 

 

Failover
 

 

Alternate processing sites
 

 

Alternate business practices
 

 

 

 
 

 

 

 
 

 

 

Submit the assignment.

 

 

CMGT 400 Week 4 Security Risk Mitigation Plan
 

A Risk Management Analyst identifies and analyzes potential issues that could negatively impact a business in order to help the business avoid or mitigate those risks.

Take on the role of Risk Management Analyst for the organization you chose in Week 1.

Using the Security Risk Mitigation Plan Template, create a 4- to 5.5-page Security Risk Mitigation Plan for the organization you chose.

Research and include the following:

 

 

 

Security Risk Mitigation Plan: 

 

 

 

Select and document security policies and controls.
 

 

Create password policies.
 

 

Document administrator roles and responsibilities.
 

 

Document user roles and responsibilities.
 

 

Determine authentication strategy.
 

 

Determine intrusion detection and monitoring strategy.
 

 

Determine virus detection strategies and protection.
 

 

Create auditing policies and procedures.
 

 

Develop education plan for employees on security protocols and appropriate use.
 

 

Provide risk response. 

 

 

 

Avoidance
 

 

Transference
 

 

Mitigation
 

 

Acceptance
 

 

 

 
 

 

Address change Management/Version Control.
 

 

Outline acceptable use of organizational assets and data.
 

 

Present employee policies (separation of duties/training).
 

 

Explain incident response. 

 

 

 

Incident types/category definitions
 

 

Roles and responsibilities
 

 

Reporting requirements/escalation
 

 

Cyber-incident response teams
 

 

 

 
 

 

Discuss the incident response process. 

 

 

 

Preparation
 

 

Identification
 

 

Containment
 

 

Eradication
 

 

Recovery
 

 

Lessons learned
 

 

 

 
 

 

 

 
 

 

 

Submit the assignment.

 

 

CMGT 400 Week 5 Secure Staging Environment Design and Coding Technique Standards Technical Guide
 

A Software Engineer designs, develop, tests, and evaluates the software and the systems that allow computers to execute their applications.

Take on the role of Software Engineer for the organization you selected in Week 1.

Use the technical guide template to create a 3- to 4-page Secure Staging Environment Design and Coding Technique Standards Technical Guide for the organization you chose.

Research and include the following:

 

 

 

Design a secure staging environment for your organization 

 

 

 

Diagram your staging environment
 

 

Include descriptions for each object in your environment
 

 

 

 
 

 

Create a secure coding technique/quality and testing standard for your organization covering the following secure coding techniques: 

 

 

 

Proper error handling
 

 

Proper input validation
 

 

Normalization
 

 

Stored procedures
 

 

Code signing
 

 

Encryption
 

 

Obfuscation/camouflage
 

 

Code reuse/dead code
 

 

Server-side vs. client-side execution and validation
 

 

Memory management
 

 

Use of third-party libraries and ADKs
 

 

Data exposure
 

 

Code quality and testing 

 

 

 

Automation
 

 

Static code analyzers
 

 

Dynamic analysis (e.g. fuzzing)
 

 

Stress testing
 

 

Sandboxing
 

 

Model verification
 

 

 

 
 

 

 

 
 

 

 

Submit the assignment.

You will get a ZIP (3MB) file

$ 39.00

$ 39.00

Buy Now

Discount has been applied.

Added to cart
or
Add to Cart
Adding ...