Placeholder

SEC 440 DeVry Entire Course Latest

$160.00

Quantity:

Product Description

SEC 440 DeVry Entire Course Latest

SEC 440 DeVry Entire Course Latest

SEC440

 

SEC 440 DeVry Week 1 Discussion 1 Latest

Good Components of a Security Policy (graded)

What are good components of an organizational information security policy? What are some areas that you think should be addressed?

This section lists options that can be used to view responses.

SEC 440 DeVry Week 1 Discussion 2 Latest

Obstacles to Implementing Security Policies (graded)

What are the main obstacles that keep organizations from having a well thought-out security policy? How can they be overcome?

SEC 440 DeVry Week 2 Discussion 1 Latest

Organizational Buy-In (graded)

What are some things that you might try doing to get everyone in an organization to support your policy suggestions? What do you think will be the motivations of people objecting to the changes? How might you try to overcome these objections?

This section lists options that can be used to view responses.

SEC 440 DeVry Week 2 Discussion 2 Latest

The Policy Document (graded)

What do you think the most important parts of an organization’s security policy are? Find a policy at your job, at school, or one used for any security purpose. How is the policy administered and enforced?

SEC 440 DeVry Week 3 Discussion 1 Latest

Identifying an Organization’s Assets (graded)

How do you go about identifying an organization’s assets? Where do you start? Who do you ask and what do you ask them?

SEC 440 DeVry Week 3 Discussion 2 Latest

Employee Screening (graded)

Do you think it is fair to check into a potential employee’s credit history before deciding to hire him or her? Why or why not?

This section lists options that can be used to view responses.

SEC 440 DeVry Week 4 Discussion 1 Latest

New Data Center (graded)

You’re a network engineer. Your boss comes in and asks for your opinion on the top three things to do concerning security. When designing a new data center, what would you recommend?

SEC 440 DeVry Week 4 Discussion 2 Latest

New Security Measures (graded)

Consider your home, school, or current place of employment. What would you do to increase your organization’s physical security? Try to think of the most cost-effective measures that would have the biggest impact.

This section lists options that can be used to view responses.

SEC 440 DeVry Week 5 Discussion 1 Latest

Operations Security Considerations (graded)

In an organization, there are many potential security threats from both inside and outside of the network. What are some operational security considerations that you, as a security professional, need to contend with? What security policies and procedures can help protect your business operations?

SEC 440 DeVry Week 5 Discussion 2 Latest

Authentication (graded)

Having security policies and procedures that document and manage access to critical data and technology is one thing, but actually controlling the access is another. Describe and evaluate how authentication controls can enforce security policies within an organization.

This section lists options that can be used to view responses.

SEC 440 DeVry Week 6 Discussion 1 Latest

Secure System Development Processes (graded)

New software systems are written by software developers. So let’s discuss at what points in a system development process it would make sense to have some information security checkpoints (i.e., points where the security of the code being developed could be checked).

This section lists options that can be used to view responses.

SEC 440 DeVry Week 6 Discussion 2 Latest

Federal Regulations and Security (graded)

Please discuss the pros and cons of improving information security with federal regulations. How well received are the regulations in the affected industries? Have they helped?

This section lists options that can be used to view responses.

SEC 440 DeVry Week 7 Discussion 1 Latest

Personal Data (graded)

Phishing attacks use both social engineering and technical deceptions to steal personal identity data and financial account identification. Social engineering schemes use “spoofed” e-mails to lead consumers to fake websites designed to trick the addressee into revealing financial data, such as credit card numbers, account usernames, passwords, and social security numbers. Hijacking the names of banks, e-tailers, and credit card companies, phishers often convince naive recipients to respond. Technical deception schemes plant worms and viruses onto PCs to steal identification directly, often using Trojan key logger spyware. Pharming crime ware diverts users to counterfeit sites or proxy servers, characteristically from DNS hijacking or poisoning.

Consider legitimate and illegitimate uses of a person’s confidential information. What are some of the uses that could make this information valuable to legitimate and illegitimate businesses?

SEC 440 DeVry Week 7 Discussion 2 Latest

Healthcare Information Risks (graded)

As hospitals get ready for comprehensive information automation, healthcare organizations consider how new systems and software can be protected from intrusions and illegal information access. Understanding these situations can help direct future IT spending decisions, as well as make certain that hospital organizations do not face expensive fines or lawsuits.

Think of how data are typically used in a hospital. Consider the number of employees and the uses of confidential information in a hospital. What are some of the ways that data could be compromised in such an environment?

SEC 440 DeVry Week 1 Homework Assignment Latest

Selling Security to the Organization

Please type a three- to five-page (800 to 1,200 words) paper. Using APA style, assess the importance of developing a comprehensive security policy within the organization. What you need to convey to your CEO is that network attacks are continuing to make the news and organizations have reacted by increasingly spending more of their overall IT budget on security. Business executives are starting to have questions about what they’re receiving for their increased IT security spending. Make the case to justify this spending by describing at least five main sections of an information security policy and the business benefits generated if a company’s employees comply with each section. Use transition words, a thesis statement, an introduction, a body, a conclusion, and a reference page with at least two references. Use double-spaced, 12-point Arial font.

Assignment Grading Rubric

Graded Element Percentage
Assignment Content

  • Importance of developing a comprehensive information security policy
  • Discuss network attacks and their impact on security spending
80%
Required Length 10%
Spelling and Grammar 5%
APA Style 5%

Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this Tutorial

.next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=232″>Dropbox Tutorial.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

SEC 440 DeVry Week 3 You Decide Latest

Scenario | Scenario | Your Role | Key Players

The infectious company, Grocery Stores, Inc. has just been breached by what was first thought to be a remote attacker who infected the supermarket chain with a server based malware program. However, after a security assessment was performed, it was confirmed that it was an inside job. Apparently, a new and sophisticated plan was developed by a disgruntled employee. The attacker slipped malware onto servers at all of the company’s 200 grocery stores. The malware appears to have snatched card data from customers as they swiped their credit cards through the checkout counter machine and transferred the card data overseas.

Scenario description

You’ve been hired as an information security administrator for Grocery Stores, Inc. Your duty is to assess the situation and determine the best course of action to take to ensure that the security breach is contained and eradicated. You will need to interview key staff members and decide how which member(s) can best assist you in eliminating this risk.

What is Your Role in this scenario?

The fact that the malware was not the ordinary kind of key logger program that might capture keyboard presses as a customer logs into their online bank account, but was instead software programmed to lift credit card data as it was being transmitted to the servers at Gregory Stores, Inc, suggests that the malware program had to be written specifically to target our stores and deployed from inside the company network. It seems almost too much of a coincidence to believe that remote hackers would have a chance to infect every server with the appropriate malware by using traditional security flaws such as a misconfigured firewall, or even an out-of-date antivirus application. We have over 20 network administrators throughout multiple branch offices and satellite locations. Security was set up so that each network administrator had the same security access and privileges to each location. In hindsight, I believe that while having redundant or equal security privileges for all network administrators can be a good thing; it can also be a major security hole. That is because the administrators have access to the entire system and not just their local area network. The possibility that the security breach of Grocery Stores, Inc. was performed by an employee is very disturbing. We must review our current employee hiring policies and procedures to insure that we are performing the appropriate background checks and monitoring our employees to make sure that valuable customer data is both secured and protected from external threats and internal employees. We can’t have our I.T. professional circumventing the system because they have elevated privileges that give them unfettered access to valuable company data. We must review the current job descriptions and duties of all personnel who have access to customer data and only give access where appropriate. Also, during the termination and/or transfer process, we need to be sure that we have done the steps necessary to disable security access so that we do not have any rogue accounts. The recent security breach at Grocery Stores, Inc. indicates to us that our security policies and procedures need serious scrutiny and oversight. However, even if we were found compliant with all security controls and financial protection measures, the fact remains that we were hacked. A major concern at many corporations is the potential for a man-in-the-middle attack, where an attacker can install a sniffer program and pull out the data as it flows through. You can reduce the risk of this type of attack by encrypting the data at the time it transverses the network. I also want to review the training policies and procedures of our personnel to make sure that everyone understands the rules, is complying, and that there are punitive measures in place to reduce the risk of incidents like these from happening again. The security breach at Grocery Stores, Inc. has caused major damage to the reputation and trust that our customers and stakeholders have in this organization. This cannot be tolerated; security of our valuable data is paramount. As CEO of this company, I am responsible for insuring security of our critical data and compliance. Security must be an important concept to every employee from top to bottom. We must demonstrate adequate internal controls of business records and information security. We need a layered security program so that if one defense is unsuccessful, the attacker must poke through other defenses. Even with a layered security program, there’s no guarantee that the company can prevent every attack from succeeding. Good security requires constant care and it doesn’t take much for a vulnerable opening to develop. We will do everything possible now and review for potential updates monthly in the future. Learn more about the Key Players in this scenario. Given the scenario, your role and the information provided by the key players involved, it is time for you to make a decision.

If you are finished reviewing this scenario, close this window and return to this Week’s You Decide tab, in your course, to complete the activity for this scenario.

You can return and review this scenario again at any time. What would you to resolve this scenario?

YOU DECIDE

Activity

Based on your assessment of the security breach and interviewing the staff in the scenario, develop a server malware protection policy that accounts for the concerns of the stakeholders involved in mitigating the risk of a malware attack; network security controls that prevent the infiltration of viruses, worms, and/or malware; and reducing the chances that the attack originates from an internal source. Please draft an 800–1,200 word paper and submit it to the Dropbox. Use transition words, a thesis statement, an introduction, a body, a conclusion, and a reference page with at least two references. Also, use double-spaced, 12-point Arial font.

Grading Rubric

Grading Element Percentage
Assignment Content

  • Assess what occurred during the security breach and the points made during the interview
  • Content of your proposed Server Malware Protection policy
80%
Required Length 10%
Spelling and Grammar 5%
APA Style 5%
Total 100%

Note! Submit your assignment to the Dropbox l

SEC 440 DeVry Week 5 Homework Assignment Latest

Security Measures Paper

You have just been hired as the security administrator of a major organization that was recently breached by a social engineer. After a thorough analysis of the network security, you have determined that there was no security plan in place and no standard operating procedures for e-mail, acceptable use, physical security, and incident response.

Please type a three to five page (800 to 1,200 word) paper using APA style, explaining your recommendations and why you think that they are necessary.

Use transition words, a thesis statement, an introduction, a body, a conclusion, and a reference page with at least two references. Use double-spaced, 12-point Arial font.

Assignment Grading Rubric

Graded Element Percentage
Assignment Content

Discuss a security plan and procedures for each of the following specific topics: e-mail, acceptable use, physical security and incident response

80%
Required Length 10%
Spelling and Grammar 5%
APA Style 5%

Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this Tutorial

.next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=232″>Dropbox Tutorial.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

SEC 440 DeVry Week 7 Homework Assignment Latest

HIPAA Compliance

You are a security engineer for a hospital group based in Cincinnati, OH. Your group has just acquired a small hospital in Alba, IA. Currently, everything except insurance billing is done on paper forms. The company CSO has asked you to draft a memo that gives an overview of what will be necessary to bring this small hospital into HIPAA security compliance. Please draft an 800- to 1,200-word paper and submit it to the Dropbox.

Please type a three- to five-page (800 to 1,200 word) paper using APA style, explaining your recommendations and why you think that they are necessary.

Assignment Grading Rubric

Graded Element Percentage
Assignment Content

  • Discuss the components of an overall compliance plan
  • Discuss specific Administrative, Physical and Technical safeguards that should be implemented
80%
Required Length 10%
Spelling and Grammar 5%
APA Style 5%

Submit your assignment to the Dropbox located on the silver tab at the top of this page. For instructions on how to use the Dropbox, read these .next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=184″>step-by-step instructions or watch this Tutorial

.next.ecollege.com/default/launch.ed?ssoType=DVUHubSSO2&node=232″>Dropbox Tutorial.

See the Syllabus section “Due Dates for Assignments & Exams” for due date information.

SEC 440 DeVry Week 2 Quiz Latest

Question 1. Question: (TCO 1) Why is it important to prepare written policies?

  • It lets the policies be communicated more easily.
  • This helps to ensure consistency.
  • A policy is part of the corporate culture.
  • It is required by law.

Question 2. Question: (TCO 2) Which of the following is NOT a threat to data confidentiality?

  • Hackers
  • Encryption
  • Improper access controls
  • IN Social engineering In

Question 3. Question : (TCO 1) Which of the following is MOST likely to reflect the policy audience for a corporate ethics policy at Acme Manufacturing?

  • All Acme Manufacturg employees and all vendors and service providers
  • All full- and part-time employees of Acme Manufacturg and its subsidiaries
  • The Acme Manufacturg board of directors
  • The fance, human resources, and marketg departments of Acme Manufacturg

Question 4. Question : (TCO 2) Which of the following are all federal regulations?

  • Sarbanes-Oxley, IEEE 802.11, and NIST 800-34
  • GLBA, HIPAA, and Sarbanes-Oxley
  • GLBA, HIPAA, and IEEE 802.11
  • GLBA, NIST 800-34, and Sarbanes-Oxley

Question 5. Question : (TCO 1) When should formation security policies, procedures, standards, and guideles be revisited?

  • As dicated the policy
  • Never; once they are written and published, they must be adhered to
  • Annually
  • When dictated by change drivers

Question 6. Question : (TCO 2) What is a valid defition of data tegrity?

  • Knowg that the data on the screen have not been tampered with
  • Data that are encrypted
  • Data that have not been accessed by unauthorized users
  • The knowledge that the data are transmitted cipher text only

Question 7. Question : (TCO 1) What should be the consequences of formation security policy violations?

  • Always up to, and cludg, termation
  • Immediate revocation of all user privileges
  • Commensurate with the criticality of formation the policy was written to protect
  • Violations cited the person’s annual performance review

Question 8. Question : (TCO 2) Match the followg terms to their meangs.

: Change driver » 2 : Any event that impacts culture, procedures, and activities with an organization

: Acceptable use agreement » 1 : List of actions that employees are not allowed to perform while usg company-provided equipment

: Statement of authority » 3 : introduction to the policy document

: Security policy document policy » 4 : Policy about a policy

Question 9. Question : (TCO 1) Which of the followg best describes how the penalties defed the Policy Enforcement Clause should relate to the fractions?

  • Any fraction should result suspension or termation.
  • The same penalty should apply each time an fraction occurs.
  • The penalty should be proportional to the level of risk curred as a result of the fraction.
  • Penalties should be at the discretion of management.

Question 10. Question : (TCO 2) Data tegrity is

  • protectg the data from tentional or accidental disclosure.
  • makg sure the data are always available when legitimately needed.
  • protectg the data from tentional or accidental modification.
  • makg sure the data are always transmitted encrypted format.

Question 11. Question : (TCO 1) Which is the worst that may happen if formation security policies are out of date or address technologies no longer used the organization?

  • People may take the policies less seriously or dismiss them entirely.
  • Executive management may become upset.
  • The company may cur unnecessary costs to change them.
  • People may not know which policy applies.

Question 12. Question : (TCO 2) Which of the followg federal regulations pertas to the medical field?

  • FERPA
  • GLBA
  • HIPAA
  • SOX

Question 13. Question : (TCO 1) which of the followg ways does understandg policy elements help you terpret your organization’s formation security policies?

  • Awareness of policy elements helps you determe the strength of the policy and whether you should take it seriously.
  • If you understand policy elements, you will be able to change the policies.
  • Knowg the purpose and goal of each section of the policy can help you better understand the tent of the policy, as well as how the policy applies to you.
  • You need to know the policy elements order to determe which parts of the policy apply to you.

Question 14. Question : (TCO 2) Which of the followg federal regulations pertas to the educational field?

  • FERPA
  • GLBA
  • HIPAA
  • SOX

Question 15. Question : (TCO 1) Which of the followg is an important function of the statement of authority?

  • It provides a bridge between an organization’s core values and security strategies.
  • It dicates who to talk to if you want to request a change the policy.
  • It describes the penalties for policy fractions.
  • It references standards, guideles, and procedures that the reader can consult for clarification of the policy.

SEC 440 DeVry Week 4 Quiz Latest

Question 1. Question : (TCO 3) Which section of the ISO 17799 deals with asset classification?

  • 2
  • 3
  • 4
  • 5

Question 2. Question : (TCO 4) The age group most inclined to use an online job search is

  • 30 to 49.
  • 18 to 29.
  • 50 to 64.
  • None of the above

Question 3. Question : (TCO 5) In ISO 17799, an area where assets are protected from man-made and natural harm is known as

  • secure area.
  • mantrap.
  • company property.
  • security perimeter.

Question 4. Question : (TCO 3) When it comes to information security, what is the purpose of labeling?

  • Communicating the sensitiity leel
  • Communicating the access controls
  • Enforcing the access controls
  • Auditing the access controls

Question 5. Question : (TCO 4) A security clearance inestigation does NOT inole research into a person’s

  • character.
  • reliability.
  • family connections.
  • trustworthiness.

Question 6. Question : (TCO 5) The clear desk and clear screen policy is the way to aoid which of the following kinds of physical attacks?

  • Shoulder surfing
  • Reprinting the last document from the fax machine
  • Looking at papers on desks
  • All of the above

Question 7. Question : (TCO 3) Information needs to be handled according to

  • its classification leel.
  • the statement of authority.
  • the access controls set forth in the asset management policy.
  • IN the access controls set forth in the affirmation agreement.

Question 8. Question : (TCO 4) Which of the following is a component of an affirmation agreement?

  • Statement of authority
  • Background check
  • Job description
  • Credit history

Question 9. Question : (TCO 5) What is the goal of the physical entry controls policy?

  • Restrict the knowledge of, access to, and actions within secure areas
  • Require authorized users to be authenticated and isitors to be identified and labeled
  • Require perimeter controls as appropriate
  • Make sure the organization pays attention to potential enironmental hazards and threats

Question 10. Question : (TCO 3) This is known as the process of downgrading the classification leel of an information asset.

  • Declassification
  • Classification review
  • Reclassification
  • Asset publication

Question 11. Question : (TCO 4) Match each of the following with its example.

: Security education » 3 : Recertification training for the network administrator

: Security training » : A presentation on creating good passwords

: Security awareness » 1: Posters reminding users to report security breaches

Question 12. Question : (TCO 5) Which of the following might the working in secure areas policy restrict from being brought into a facility?

  • Cameras
  • Recording devices
  • Laptop computers
  • All of the above

Question 13. Question : (TCO 3) When calculating the alue of an asset, which of the following is NOT a criterion?

  • Cost to acquire or develop asset
  • Cost to maintain and protect the asset
  • Cost to disclose the asset
  • Reputation

Question 14. Question : (TCO 5) According to the equipment siting and protection policy, smoking, eating, and drinking will not be permitted

  • except in designated areas.
  • inside the security perimeter.
  • under any circumstances.
  • in areas where equipment is located.

Question 15. Question : (TCO 3) A qualitative approach to an analysis uses

  • hard numbers.
  • statistics.
  • expert opinions.
  • general population surveys.

SEC 440 DeVry Week 6 Quiz Latest

Question 1. Question : (TCO 6) An employee who fails to report a suspected security weakness

  • is doing his or her job.
  • will not be punished.
  • will be treated the same as if he or she had initiated a malicious act against the company.
  • is making sure not to aggravate the situation by making a mistake.

Question 2. Question : (TCO 7) Which of the following is NOT an access control method?

  • MAC
  • RBAC
  • DAC
  • PAC

Question 3. Question : (TCO 8) When is the best time to think about security when writing a new piece of code?

  • IN At the end, once all the modules have been written
  • After the users have had a chance to review the application
  • At the beginning of the project
  • After the application has been approved and authorized by the ISO

Question 4. Question : (TCO 9) As it pertains to GLBA, what does NPI stand for?

  • Nonpublic information
  • Nonpublic personal information
  • Nonprivate information
  • Nonprivate personal information

Question 5. Question : (TCO 6) The primary antimalware control is

  • an updated antivirus solution.
  • a firewall.
  • a router.
  • an acceptable use policy.

Question 6. Question : (TCO 7) Which is the first target of a hacker who has gained access to an organization’s network?

  • Log files
  • Sensitive data
  • User accounts
  • Public data

Question 7. Question : (TCO 8) Which formal security-related process should take place at the beginning of the code creation project?

  • Risk assessment
  • Input validation
  • Output validation
  • SQL injection validation

Question 8. Question : (TCO 9) Who enforces the GLBA?

  • Eight different federal agencies and states
  • The FDIC
  • The FFIEC
  • The Secretary of the Treasury

Question 9. Question : (TCO 6) The part of the antivirus solution that needs to be updated daily is

  • the DAT files.
  • central command.
  • the control panel.
  • the engine.

Question 10. Question : (TCO 7) All users are expected to keep their password secret, unless

  • IN a member of the IT group asks for it.
  • another employee needs to log on as them.
  • d. someone identifying themselves as the ISO asks for it.
  • There is no “unless.”

Question 11. Question : (TCO 8) If an employee uses a company-provided application system and finds what he or she thinks is a loophole that allows access to confidential data, that employee should

  • alert his or her manager and the ISO immediately.
  • verify and test the alleged loophole before alerting anyone.
  • not say anything unless he or she is a member of the incident response team.
  • alert his or her manager whenever he or she happens to have a chance to do so.

Question 12. Question : (TCO 9) What do the Interagency Guidelines require every covered institution to implement?

  • Quarterly risk assessments
  • A biannual review of the disaster recovery plan
  • A comprehensive written information security program
  • A monthly inventory of all information assets

Question 13. Question : (TCO 6) Grandfather-father-son is a model used for

  • antivirus updates.
  • antispyware updates.
  • backup strategies.
  • change control management strategies.

Question 14. Question : (TCO 7) Which of the following is the most popular single factor authentication method?

  • Cameras
  • IN Biometric devices
  • Tokens
  • Passwords

Question 15. Question : (TCO 8) Input validation is

  • verifying that a piece of code does not have any inherent vulnerabilities.
  • making sure that employees know what information to enter in a new system.
  • testing an application system by entering all kinds of character strings in the provided fields.
  • testing what information an application system returns when information is entered.

SEC 440 DeVry Final Exam Latest

Page 1

Question 1.1. (TCO 1) A security policy must be accepted by (Points : 5)

  • management.
  • end-users.
  • customers.
  • all members of an organization.

Question 2.2. (TCO 2) What element of a security policy does the following phrase belong to? “This policy is established to achieve compliance with applicable statutes, regulations, and mandates regarding the management of information resources.” (Points : 5)

  • The statement of authority
  • The policy statement
  • The policy objectives
  • The policy audience

Question 3.3. (TCO 3) Which is the process of accumulating data regarding a specific logical or physical environment? (Points : 5)

  • Foot printing
  • Scanning
  • Enumeration
  • All of the above

Question 4.4. (TCO 4) Which of the following information about a person can be used to influence a hiring decision? (Points : 5)

  • Educational credentials
  • Negative credit history
  • Relevant certifications
  • All of the above

Question 5.5. (TCO 5) Why is it sometimes better to isolate critical equipment than it is to apply additional protective measures, in order to protect against exposure to greater hazards or risks from unauthorized access? (Points : 5)

  • Management requests it.
  • There is less risk involved.
  • It can be less costly.
  • Regulators prefer it.

Question 6.6. (TCO 5) A security perimeter is (Points : 5)

  • the widest imaginary circle around a facility.
  • a barrier of protection.
  • the field around which security alarms can monitor activity.
  • None of the above

Question 7.7. (TCO 6) Logging, as it pertains to media removal, is only needed when (Points : 5)

  • the media are paper based.
  • it is outsourced.
  • it is handled in-house.
  • It is always needed.

Question 8.8. (TCO 7) Prohibiting access to information not required for one’s work is the (Points : 5)

  • access need concept.
  • need-to-monitor concept.
  • need-to-know concept.
  • required information process concept.

Question 9.9. (TCO 8) Output validation is (Points : 5)

  • verifying that a piece of code does not have any inherent vulnerabilities.
  • making sure that employees know what information to enter in a new system.
  • testing an application system by entering all kinds of character strings in the provided fields.
  • testing what information an application system returns when information is entered.

Question 10.10. (TCO 9) This test subjects a system or device to real-world attacks. (Points : 5)

  • Audit
  • Penetration test
  • Assessment
  • Interview

Question 11.11. (TCO 10) As it pertains to HIPAA, which is a covered entity? (Points : 5)

  • A medical patient protected by HIPAA
  • A healthcare provider who must be compliant with HIPAA
  • A healthcare provider who does NOT have to be compliant with HIPAA
  • A medical patient NOT protected by HIPAA

Question 12.12. (TCO 10) Which of the following standards includes monitoring failed log-ons? (Points : 5)

  • Access Control
  • Audit Controls
  • Device and Media Controls
  • Integrity Controls

Question 13.13. (TCO 11) Which government agency is in charge of developing technical security standards and guidelines for unclassified federal systems, according to FISMA? (Points : 5)

  • The OMB
  • NIST
  • The OCS
  • The NSA

Question 14.14. (TCO 11) Transmitting ePHI in e-mail is not recommended because (Points : 5)

  • e-mail is usually in clear text.
  • e-mail can be forwarded.
  • Both A and B
  • Neither A nor B

Question 15.15. (TCO 12) Attaching an unauthorized wireless network to the corporate network is considered (Points : 5)

  • a major breach in network security and a violation of the security policy.
  • a major breach in network security but not a violation of the security policy.
  • a violation of the security policy but not a major breach in network security.
  • neither a major breach in network security nor a violation of the security policy.

Question 16.16. (TCO 12) A strong password is at least how many characters? (Points : 5)

  • 5
  • 6
  • 7
  • 8

Question 17.17. (TCO 1) A policy that secures and protects assets from foreseeable harm and provides flexibility for the unforeseen is (Points : 5)

  • accurately reflecting the current technology environment.
  • complying with applicable government policy.
  • the best goal for a new policy.
  • approved by management and understood by everyone.

Question 18.18. (TCO 2) Which of the following should you strive for in the policy statement, in order to have a well-written policy? (Points : 5)

  • Contain areas that address every aspect of operations and information and every area affecting the organization’s information assets.
  • Spell check the document to avoid typographical errors.
  • Include applicable standards, guidelines, and procedures within the policy document.
  • Describe everything in layman’s terms so that it is clear the policy is a statement of everyone’s intent.

Question 19.19. (TCO 3) When it comes to information security, what is labeling the primary vehicle for? (Points : 5)

  • Communicating the sensitivity level
  • Communicating the access controls
  • Enforcing the access controls
  • Auditing the access controls

Question 20.20. (TCO 5) In the context of information security, environmental security would refer to all of the following except (Points : 5)

  • design and construction of facilities.
  • configuration of wireless access points.
  • where equipment is stored.
  • how and where people move.

Page 2

Question 1. 1. (TCO 3) Explain and contrast the core information security concepts of confidentiality, integrity, and availability. (Points : 40)

Question 2. 2. (TCO 8) Describe the steps a system development team could take to make sure security features are designed into newly developed systems, and explain why this is important to an organization. (Points : 40)

Question 3. 3. (TCO 10) Describe and explain the HIPAA Security Rule. (Points : 40)

Question 4. 4. (TCO 12) What should every small business do to ensure that it is secure? (Points : 40)

 

SEC 440 DeVry Entire Course Latest

SEC 440 DeVry Entire Course Latest

ABS,AC,ACC,ACCT,ACT,ADJ,AH,AJS,AMP,ANT,ART,BA,BAM,BBA,BCOM,BIO,BIOS,BIS,BMGT,BPA,BSA,BSE,BSHS,BSOP,BUS,BUSN,CARD,CEIS,CHEM,CIS,CIT,CJA,CJS,CMC,CMGT,COLL,COM,COMM,COMP,CPN1,CRJ,CRMJ,CRT,CS,CWV,DBM,EBUS,ECE,ECET,ECN,ECO, ECOM,ECON,ECT,EDU,EED,EMM,ENG,ENGL,ENT,ENTR,ESE,ETH,ETHC,FIN,FIS,FP,GB,GBM,GED,GEN,GENERALQUESTIONS,GLG,GM,GSCM,HCA,HCS,HHS,HIS,HIST,HLT,HOSP,HPE,HRM,HSA,HSM,HTM,HTT,HUM,HUMN,IFSM,INFT,INT,IS,ISCOM,IT,ITB,JADM,JUS,JWI, LAS,LAW,LAWS,LDR,LEG,LIT,LTC,MA,MAT,MATH,MGMT,MGT,MIS,MKT,MKTG,MTH,NETW,NR,NRS,NSCI,NTC,NUR,NURS,OI,OMM,OPS,ORG,PA,PAD,PCN,PHI,PHL,PHYS,PM,POL,POLI,POS,PPA,PRG,PROJ,PSC,PSY,PSYC,PSYCH,QNT,QRB,RDG,REL,RELI,RES,SBE,SCI,SEC,SOC,SOCS,SPE,SRM,STAT,STR,SYM,TCH,UNV,WEB,XACC,XBIS,XCOM,XECO,XMGT

There are no reviews yet.

Add your review