Lab #10 Create a CIRT Response Plan for a Typical IT Infrastructure
1. What risk mitigation security controls or security countermeasures do you recommend
for the portion of the network that you built a CIRT response plan? Explain your answer
1. What is the difference between DITSCAP and DIACAP?
a. DITSCAP stands for DoD Information Technology Security Certification and
Accreditation Process. DITSCAP is a certification issued by the DOD.
Customers can obtain this certification from a sec
Unit 6 Lab
1. Were you successful in finding your states data and security breach notification law?
Specify the name of the law and the date of its ratification.
Answer: I really wasnt able to find one for Alabama.
2. If your state does not have a data or
1. What are some common risks, and vulnerabilities commonly found in the
System/Application Domain that must be mitigated with proper security
Unauthorized access to data centers, computer rooms and wiring closets, servers must
1. Workstations and home PCs may not be as prone to attack as networks or servers, but
since they often contain sensitive data, such as credit card information, they are targeted
by system crackers. Workstations can also be co-opted without the user
1. What are some common risks, threats, and vulnerabilities commonly found in the
LAN-to-WAN Domain that must be mitigated through a layered security strategy?
A layered security strategy will encompass Rouge protocols such as Bit
mining and P2P, Un
1. Identify 3 vendor centric professional certifications in security.
2. Within the DoD 8570.01M directive, which professional certifications map to the
1. GLBA repealed part of the GlassSteagall Act of 1933, removing barriers in the market
among banking companies, securities companies and insurance companies that prohibited
any one institution from acting as any combination of an investment bank, a
IT 321 UNIT 1 - 6/24/2011
Vocabulary Exercise: Matching
a. With classful routing, _ must be avoided because they are not visible
classful network boundaries.
b. does not advertise subnet mask information.
c. describes t
1. What is a PHP Remote File Include (RFI) attack, and why are these prevalent in todays
a. A Remote File Include allows an attacker to include a remote file. This
vulnerability is most often found on websites and is usually implemen
1. What are four parts of the administrative simplification requirements of HIPAA?
a. Electronic transaction and code sets standards requirements
b. Privacy requirements
c. Security requirements
d. National identifier requirements
2. Name 3 factors
Unit 6 Assignment 1
My example breach notification letter is from HIPAA. It states that personal information may
have been accessed by unauthorized personnel and it indicates the dates and information that
may have been accessed. The breach notification a
Unit 4 Lab 1
1. Which US government agency acts as the legal enforcement entity for businesses and
organizations involved in commerce?
2. Which US government agency acts as the legal enforcement entity regarding HIPAA
compliance and HIPAA viol
Unit 2 Exercise 1
Amount of DDT in algae = o.0002 mg
Weight of shrimp = 1 g
Shrimp eat how much algae = 10 g
10g algae x 0.0002mg DDT per g algae = 0.002mg DDT
0.002mg DDT / 1g shrimp = 2 ppm
1700g x 0.002mg DDT/g shrimp = 3.4 mg DDT
0.0034g / 150g
Unit 4 Lab 1
Talking about indoor air pollution you need to first know where it can come from. Indoor air
pollution sources that release gases or particles into the air are the primary causes of poor indoor
air quality problems in homes. The inadeq
Unit 3 Problem Set 1
1. The forest
2. Feeding animals that pass on their energy
3. Grassy areas with bushes
4. Grass and bushes for herbivores
5. All the animals and grasses are seeable and the chain can be watched
1. What is the purpose of identifying IT assets and inventory?
So that the organization has a detailed knowledge of what they need to protect.
2. What is the purpose of an asset classification?
So that an organization can determine risk to it
1. The essential difference between secrecy and privacy as security concepts is that secrecy
attempts to hide information that can be gleaned through simple observation and analysis
from others, while privacy attempts to keep communications b
1. What section of the SOX compliance law requires proper controls and hence, security
controls, to ensure the confidentiality and integrity of financial information and
recordkeeping within an IT infrastructure? Explain the information contained in
UNIT 1 ASSIGNMENT 1
When it comes to the Johnson Company they are behind in the aspect of customer service
relationship. They are only getting customer orders through telephone calls and by taking
customer orders by hand. In these da
UNIT 2 ASSIGNMENT 2
Data storage center centers will benefit greatly from the continued evolution of Ethernet.
We have seen in the past and present how Ethernet protocols enabled faster transmissions of
data. Data centers will improv
January 28, 2016
Unit 6 Assignment 6: Ciscos Layer 2 Resiliency Compared to HPs IRF Layer 2
1. What are three primary differences between Cisco Layer 2 network resiliency and
A). Cisco Layer 2
January 25, 2016
Unit 4 Assignment 4
1. Will you use a private address scheme for internal addressing?
a. Using a private IP address on a business network can improve network
security and conserve public addressing space. Having said
January 25, 2016
Unit 5 Assignment 5: A WLAN Solution
With the current application of 802.11b wireless that Highbrow Ed is using is slow
and the range is incompetent for applications delivery.802.11b operates at 2.4 GHz,
speed of 11m
LAYER 3 NETWORK DESIGN
A hierarchical network design model breaks the complex problem of network design into
smaller, more manageable problems. Each level, or tier in the hierarchy addresses a
different set of problems. This helps the designer optimize ne
September 15, 2015
Unit 1 Assignment
Unit 1 Assignment
For YieldMore Executives,
We here in your IT department have recently audited our infrastructure for our companys
network. Upon the review we did find several threats and vulnera
October 6, 2015
Week 3 Assignment Risk Mitigation Plans
1. Why is it important to prioritize your IT infrastructure risks, threats, and vulnerabilities?
Because you need to know which is most important and which is negligible. In som
November 3, 2015
1. List at least two differences between BCP and a DRP plan. Two differences between the
BCP and the DRP plans are that the BCP covers all functions of a business by
ensuring the entire business continues to o