Security Strategies

In: Computers and Technology

Submitted By JessieJay
Words 521
Pages 3
Unit 3 Lab 3 Assessment Questions

1. Within a Microsoft Windows 2008 Server R2 environment, who has access rights to the EFS features and functions in the server?
Only users that have rights to encrypt file systems certainties and have rights to encrypt and decrypt but this is not a default thing, these rights would have to be given to them.
2. There are three modes of access control that Bitlocker can enable on drives. List these three modes.
Three modes that run on Bitlocker are: TPM, PIN, and USB
3. What feature and function can you enable to mitigate the risk caused by USB thumb drives moving confidential data to/from a USB hard drive?
You can be able to use either a USB key/password or smartcard, via windows prompts and it should encrypt the data.
4. What are some best practices you can implement when encrypting BitLocker drives and the use of Bitlocker recovery passwords?
For encrypting BitLocker drives and the use of Bitlocker recovery passwords, Windows will ask where you would like to save a recovery key and it gives you some options which are: Save to USB flash drive, a file, or print the recovery key.
5. What encryption algorithm is supported BitLocker?
The main encryption algorithm is asymmetric algorithm, secure hash algorithm or elliptic curve cryptography could be used to.
6. What is the Trusted Platform Module (TPM) within Bitlocker and how does this verify the integrity of the Workstation Domain and laptops boot process?
TPM within Bitlocker is microchip to accomplish and protect the key used for volume encryption and decryption. This will use TPM, PIN, USB and any combination of the three for authentication purposes.
7. How do you add additional user’s to have access rights to your EFS encrypted folders and data files?
Need to be logged in as the admin and then you will need to enable the user to be able to encrypt and decrypt…...

Similar Documents

Information Security Strategy and Architecture

...INFORMATION SECURITY STRATEGY AND ARCHITECTURE The path for risk management and the security panels consumed by a corporation are offered by information security strategy and architecture, which is very important to any companies and organizations. The security architecture would need to define the way that obligation would be accomplished in the numerous regions of the corporate. Furthermore, the security architecture must report past activities that have affected the company’s information properties. These incidences designate areas that may need larger safekeeping controls. Fresh intimidations may compel differences in the security design and supplementary controls. The safekeeping design must also integrate with the current technology substructure and postulate assistance in inaugurating the appropriate risk controls needed for the corporate to accomplish its business firmly. Its purpose is significant in proposing risk management for the foundation and for organizing the controls that diminish that hazard. A safety package is not an occurrence management guides those particulars what transpires if a security break is noticed. It takes a usual method that labels in what way part of corporation is tangled in the package. A decent safety package delivers the immense copy in what way to retain corporation's facts protected. It designates in what way the package regularly will be re-evaluated and rationalized, and when we will measure compliance with the program.......

Words: 1510 - Pages: 7

Security

...(WoV). Assignment Requirements You are reviewing the security status for a small Microsoft workgroup LAN. The workgroup contains many distinct separations in the network determined by group memberships. An example of the network divisions is as follows: * Windows laptops: Traveling salespeople, remote suppliers, branch offices * Windows desktops: Accounting group, developer group, customer service group * Windows servers: Administrative server, Microsoft SharePoint server, Server Message Block (SMB) server A security breach has been identified in which the SMB server was accessed by an unauthorized user due to a security hole. The hole was detected by the server software manufacturer the previous day. A patch will be available within three days. The LAN administrator needs at least one week to download, test, and install the patch. Calculate the WoV for the SMB server. Required Resources * None Submission Requirements * Format: Microsoft Word * Font: Arial, Size 12, Double-Space * Length: 1 page * Due By: Unit 3 Self-Assessment Checklist * I have accurately calculated the WoV. Unit 2 Assignment 2: Microsoft Environment Analysis Learning Objectives and Outcomes * You will learn how to analyze a mixed-version Microsoft Windows environment and to identify the issues described in Microsoft Security Advisories. Assignment Requirements You are reviewing the security status for a small Microsoft workgroup LAN. The......

Words: 5555 - Pages: 23

Layered Security Strategy for Ip Network Infrastructure

...Week 4 Lab - Assessment Worksheet Design a Layered Security Strategy for an IP Network Infrastructure Lab Assessment Questions & Answers 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regards to physical location and back-end security for privacy data and credit card data? I would place the e-commerce server in the DMZ with the private and credit card data......

Words: 475 - Pages: 2

Security Domains and Strategies Project

...User Domain: The first layer of security in a multi-layer security plan. It’s also the weakest in the IT Infrastructure. Certain protocols and procedures need to be followed. • Implement and Conduct Security Awareness Training. • Implement Acceptable Use Policy (AUP). • Monitor employee behaviors. • Restrict access to users to certain programs and areas. Workstation Domain: The second layer of security in a MLS plan. This is where most users connect via Workstation computers, PDA’s, Laptops and smartphones. • Admins create a strong password policy, by making a minimum amount of characters with capitalization and numbers • Enable Up to date anti-virus programs. • Implement a mandated Employee Security Awareness Training. • Limit access to company approved devices only. • Disable CD drives and USB ports. LAN Domain: The third layer of security in the MLS plan. This is the collection of computers in an area to one another or to a common connection medium. To prevent the unauthorized access, recommend implementing the following: • Physically secure the wiring closets and data centers. • Implement encryption procedures. • Implement strict access policies and second-level authentication. • Implement WLAN network keys that require a password for wireless access. • Implement LAN server and configuration standards, procedures, and guidelines. LAN-to-WAN Domain: The fourth layer in the MLS plan. This is where the IT infrastructure is linked to a wide area network and......

Words: 574 - Pages: 3

Design a Layered Security Strategy for an Ip Network Infrastructure

...Design a Layered Security Strategy for an IP Network Infrastructure NaTasha Scott Dr. Danielle Babb CIS 534 Advanced Network Security Design March 6, 2014 1. Block diagram design of a layered security solution 2. A written function overview of your design Lab Assessment Questions and Answers for Lab 8 1. Explain why a layered security strategy helps mitigate risk and threats both external and internal. Multiple layers can be used to secure internal threats like keeping employees from accessing inappropriate material, update and patch workstations and run current anti-virus/malware on workstations daily. The layers also help mitigate external threats like hackers by using firewalls and shutting traffic out of the internal network. 2. Why is it a good idea to put shared servers and services on a DMZ when both internal and external users need access? When you have a DMZ there are two firewalls to protect the internal network from external threats. The necessary servers can be placed between the two in order to allow access from either side through strict firewalls while still allowing very little external traffic into the internal zone. The outermost firewall can allow a certain set of traffic to come in and access the servers. The inner most firewall blocks access into the intranet while allowing internal users to access the information on the servers. 3. What recommendations do you have for the future e-commerce server and deployment in regard to......

Words: 779 - Pages: 4

Security Domains and Strategies Action Plan

...Security Domains and Strategies Action Plan NT 2580 03/31/2014 Keeping information assets secure is challenging for any business, regardless of its size. It seems there's no limit to the ingenuity and maliciousness of today's cybercriminals, hackers and identity thieves. In fact, hackers have become so sophisticated and organized that their operational methods are similar to those of traditional software development and business practices. While these current threat trends should give any Internet user pause, they can be particularly worrisome for small businesses. After all, with confidential business information at risk yet limited IT staff on hand to focus on security, small businesses must be very vigilant. To that end, by putting in place multiple layers of defense, small businesses can protect their assets from increasingly complex, multifaceted threats. A sound security plan is the first step towards a multi-layered defense. To develop a plan, the company must assess its most important assets, identify vulnerabilities as well as the infrastructure and technology most appropriate for mitigating risk, then implement a strategy for putting the plan into action. Such security technologies must be installed at various levels of the infrastructure-such as the gateway, mail servers and desktop or laptop. This way, threats that may bypass one level are dealt with at another. In addition, layering security helps mitigate the risk of an employee who disables......

Words: 591 - Pages: 3

The Uk Cyber Security Strategy - Written Ministerial Statement

...MINISTERIAL STATEMENT CABINET OFFICE 25 November 2011 Minister for the Cabinet Office and Paymaster General: The UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World ______________________________________________________________________ Francis Maude I have today published the new Cyber Security Strategy for the United Kingdom. I have placed a copy in the Library. The growth of the internet has transformed our everyday lives. But with greater openness, interconnection and dependency comes greater vulnerability. The threat to our national security from cyber attacks is real and growing. Organised criminals, terrorists, hostile states, and ‘hacktivists’ are all seeking to exploit cyber space to their own ends. This Government has moved swiftly to tackle the growing danger posed by cyber attacks. Our National Security Strategy published last year classed cyber security as one of our top priorities alongside international terrorism, international military crises and natural disasters. To support the implementation of our objectives we have committed new funding of £650m over four years for a transformative National Cyber Security Programme (NCSP) to strengthen the UK’s cyber capabilities. The new Cyber Security Strategy we have published today sets out how the UK will tackle cyber threats to promote economic growth and to protect our nation’s security and our way of life. One of our key aims is to make the UK one of the most secure places in the......

Words: 930 - Pages: 4

Security Domains and Strategies

...drives and usb ports and enable auto antivirus scanning for any inserted media and email attachments * User destruction of data or systems Restrict access to job essential systems/applications. Keep write permissions to a minimum. Workstation Domain Vulnerabilities * Download of photos music and videos from the internet Enable content filtering and workstation auto antivirus scans for all new files * Desktop/laptop application software vulnerabilities Establish a software vulnerability upgrade procedure and push software and security patches in a timely manner LAN Domain Vulnerabilities * Unauthorized access to LAN Implement security measures to gain access to data closets/centers. ie. Access ID cards. * Securing confidentiality of data transmissions via WLAN Use encryption for all wireless transmissions on the WLAN. LAN-to-WAN Domain Vulnerabilities * Router, firewall, and network OS software vulnerabilities Apply security fixes and software patches right away with a 0 day WoV * Unauthorized network probing Disable ping, probing, and port scanning on all external network enabled devices in the domain. WAN Domain Vulnerabilities * Easy to eavesdrop on Use VPN’s and encryption for all transmissions * DoS, DDoS attacks Enable filters to firewalls and router WAN interfaces to block TCP SYN and ping. Remote Access Domain Vulnerabilities * ID and password attacks (Brute Force) Set up password requirements (capitol, lowercase, #’s,......

Words: 283 - Pages: 2

Sec 402 Week 4 Assignment 1 - Developing the Corporate Strategy for Information Security

...SEC 402 WEEK 4 Assignment 1 - Developing the Corporate Strategy for Information Security To Purchase Click Link Below: http://strtutorials.com/SEC-402-WK-4-Assignment-1-Developing-the-Corporate-Strategy-fo-SEC4022.htm SEC 402 WK 4 Assignment 1 - Developing the Corporate Strategy for Information Security Imagine that you are working for a startup technology organization that has had overnight success. The organization’s immediate growth requires for it to formulate a corporate strategy for information security. You have been recruited to serve as part of a team that will develop this strategy. As part of the Information Security Strategy development, you are required to define specific Information Technology Security roles that will optimize and secure the organization’s data assets. Write a five to seven (5-7) page paper in which you: 1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization. a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization. b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.” 2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization: a.......

Words: 327 - Pages: 2

Sec 402 Wk 4 Assignment 1 – Developing the Corporate Strategy for Information Security

...402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Click Link Below To Buy: http://hwcampus.com/shop/sec-402-wk-4-assignment-1-developing-the-corporate-strategy-for-information-security/ Or Visit www.hwcampus.com SEC 402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Write a five to seven (5-7) page paper in which you: 1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization. a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization. b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.” 2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization: a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these functions within an organization. b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program. c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization......

Words: 253 - Pages: 2

Sec 402 Wk 4 Assignment 1 – Developing the Corporate Strategy for Information Security

...402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Click Link Below To Buy: http://hwcampus.com/shop/sec-402-wk-4-assignment-1-developing-the-corporate-strategy-for-information-security/ Or Visit www.hwcampus.com SEC 402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Write a five to seven (5-7) page paper in which you: 1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization. a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization. b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.” 2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization: a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these functions within an organization. b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program. c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization......

Words: 253 - Pages: 2

Cis 560-Security Access & Control Strategies

...CIS 560-Security Access & Control Strategies http://homeworklance.com/downloads/cis-560-security-access-control-strategies/ CIS 560-Security Access & Control Strategies CIS 560 Week 3 Assignment 1: Access Restrictions In a business environment, controlling who has access to business information and at what level is critical for facilitating day-to-day business operations. There are three levels of information access: no access, read access, and read-write access. Use a business of your choice to answer the criteria for this assignment. Write a four to five (4-5) page paper in which you: 1. Identify the business you have selected. 2. Create five (5) cases in which the no-access level should be applied within the selected business environment. Explain the reasons for no access. 3. Provide five (5) cases in which the read-access level should be applied within a business environment. Explain the reasons for read access. 4. Provide five (5) cases in which the read-write level should be applied within the selected business. Explain the reasons for read-write access. 5. Determine the type of access levels you would provide to a contractor or consultant. 6. Use at least three (3) quality resources in this assignment.Note:Wikipedia and similar Websites do not qualify as quality resources. CIS 560 Case Study 2: Cisco’s Remote Access Case Study 2: Cisco’s Remote Access Go to Cisco’s Website and read, “How Cisco IT Provides Remote Access for Small Offices and...

Words: 1408 - Pages: 6

Sec 402 Wk 4 Assignment 1 – Developing the Corporate Strategy for Information Security

...402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Click Link Below To Buy: http://hwcampus.com/shop/sec-402-wk-4-assignment-1-developing-the-corporate-strategy-for-information-security/ Or Visit www.hwcampus.com SEC 402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Write a five to seven (5-7) page paper in which you: 1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization. a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization. b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.” 2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization: a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these functions within an organization. b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program. c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization......

Words: 253 - Pages: 2

Sec 402 Wk 4 Assignment 1 – Developing the Corporate Strategy for Information Security

...402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Click Link Below To Buy: http://hwcampus.com/shop/sec-402-wk-4-assignment-1-developing-the-corporate-strategy-for-information-security/ Or Visit www.hwcampus.com SEC 402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Write a five to seven (5-7) page paper in which you: 1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization. a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization. b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.” 2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization: a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these functions within an organization. b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program. c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization......

Words: 253 - Pages: 2

Sec 402 Wk 4 Assignment 1 – Developing the Corporate Strategy for Information Security

...402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Click Link Below To Buy: http://hwcampus.com/shop/sec-402-wk-4-assignment-1-developing-the-corporate-strategy-for-information-security/ Or Visit www.hwcampus.com SEC 402 WK 4 Assignment 1 – Developing the Corporate Strategy for Information Security Write a five to seven (5-7) page paper in which you: 1. The Chief Information Security Officer (CISO) is responsible for several functions within an organization. a. Examine three (3) specific functions a CISO and provide examples of when a CISO would execute these functions within the organization. b. Specify at least three (3) competencies that the CISO could perform using the provided Website titled, “Information Technology (IT) Security Essential Body of Knowledge (EBK): A Competency and Functional Frame-work for IT Security Workforce Development.” 2. The Chief Information Officer (CIO) is responsible for several accountability functions within an organization: a. Identify at least four (4) functions of the CIO using the EBK as a guide. Provide examples of how the CIO would execute these functions within an organization. b. Classify at least two (2) security assurances that could be achieved by the CIO developing a formal security awareness, training, and educational program. c. Suggest methods, processes, or technologies that can be used by the CIO to certify the security functions and data assets of an organization......

Words: 253 - Pages: 2

BDRipVF Good Time | Asura Cryin Saison 2 | Eps13 Salvation - Season 1 (2017)