Introduction

In this assignment, you will search the Web to identify incidents of current physical security breaches, analyze each incident, and identify best practices that could have been used to prevent the attacks.

The specific course learning outcome associated with this assignment is:

• Research examples of physical security breaches.

This course requires the use of Strayer Writing Standards (SWS). The library is your home for SWS assistance, including citations and formatting. Please refer to the Library site for all supports. Check with your professor for any additional instructions.

Instructions

Write a 3- to 5-page paper in which you analyze two physical security breaches.

Using either the Wall Street Journal or U.S. Newsstream, search for the term “physical security breach.” Select two news articles on the search topic that were posted within the last six months.

Article 1

• Summarize, concisely, the key details of the physical security breach described in Article 1.
  • Include the date of the attack, the type of attack, who or what was affected, and any reported loss of revenue or personally identifiable information (PII).
  • Provide a screenshot that includes the article’s name and the date it was published, along with a valid URL.
• Describe, clearly and accurately, the steps described in Article 1 that were taken, or are being taken, to alleviate the effects of the breach after the fact or to resolve the issue.
• Explain whether the physical security breach described in Article 1 was preventable, why or why not, and if preventable, what preventive steps could have been taken.
  • Note: These are steps that would have prevented the security breach from having occurred in the first place, not mitigation steps taken after the breach has already occurred.
• Describe the physical access security best practices that could have been used to prevent the breach described in Article 1, citing specific, credible sources of best practices.

Article 2

• Summarize, concisely, the key details of the physical security breach described in Article 2.
  • Include the date of the attack, the type of attack, who or what was affected, and any reported loss of revenue or personally identifiable information (PII).
  • Provide a screenshot that includes the article’s name and the date it was published, along with a valid URL.
• Describe, clearly and accurately, the steps described in Article 2 that were taken, or are being taken, to alleviate the effects of the breach after the fact or to resolve the issue.
• Explain whether the physical security breach described in Article 2 was preventable, why or why not, and if preventable, what preventive steps could have been taken.
  • Note: These are steps that would have prevented the security breach from having occurred in the first place, not mitigation steps taken after the breach has already occurred.
• Describe the physical access security best practices that could have been used to prevent the breach described in Article 2, citing specific, credible sources of best practices.

Source Citations and Writing

• Support your main points, assertions, arguments, or conclusions with at least three specific and credible academic references synthesized into a coherent analysis of the evidence.
  • Cite each source listed on your references page at least one time within your assignment.
  • For help with research, writing, and citation, access the library or review library guides.
• Write clearly and concisely in a manner that is well-organized; grammatically correct; and free of spelling, typographical, formatting, and/or punctuation errors.
  • Use section headers in your paper to clearly delineate your main topics.

View Rubric Attached as PDF
 

 Length 3-4 pgs – APA 7  – Only working on Section 2 for this assignment  (the first part up, including Section 1, has been completed). Add to the file attached. 

Throughout this course, you will be working with a scenario in which some basic background information is provided about a consulting firm. This scenario and information is typical in many companies today. You are tasked to select a company that you are familiar with that is facing a similar situation. The company can be real or fictitious, but the framework and problems that it faces should be similar. The assignments that you complete each week are based on the problems and potential solutions that similar companies may face. The end goal for these assignments is to analyze the problems that the company faces with respect to the upcoming audit and to provide guidance on how it can provide security for its infrastructure.

 Description

The case study company provided a situation in which threats pose a real risk to the infrastructure. The company assets are not well-protected, and they all share a common network. Little additional security mechanisms are in place other than the demilitarized zone (DMZ). What are typical information security (IS) assets that are used by such a company, and what risks exist in the current model? What will adding a flexible solution for the consultants to connect to the network do to this risk model? What are some safeguards that can be implemented to reduce the risk?

The tasks for this assignment are to identify the major applications and resources that are used by the company. Then, for each application, review the security threats that the company now faces and could face after the expansion. Describe how you can test for the presence of these (or new) risks. Provide a discussion about an approach that you will take after the risk assessment is complete to address the identified risks.

Create the following section for Week 2:

• Week 2: Security Assessment
  • A description of typical assets
  • A discussion about the current risks in the organization with no network segregation to each of the assets
  • A discussion about specific risks that the new consultant network will create
  • Details on how you will test for risk and conduct a security assessment
  • A discussion on risk mitigation
• Name the document “CS651_FirstnameLastname_IP2.doc.”

The template document should follow this format:

• Security Management Document shell
  • Use Word
  • Title page
    • Course number and name
    • Project name
    • Your name
    • Date
  • Table of Contents (TOC)
    • Use an autogenerated TOC.
    • This should be on a separate page.
    • This should be a maximum of 3 levels deep.
    • Be sure to update the fields of the TOC so that it is up-to-date before submitting your project.
  • Section headings (create each heading on a new page with “TBD” as content, except for Week 1)
    • Week 1: Introduction to Information Security
      • This section will describe the organization and establish the security model that it will use.
    • Week 2: Security Assessment
      • This section will focus on risks that are faced by organizations and how to deal with or safeguard against them.
    • Week 3: Access Controls and Security Mechanisms
      • This section examines how to control access and implement sound security controls to ensure restricted access to data.
    • Week 4: Security Policies, Procedures, and Regulatory Compliance
      • This section will focus on the protection of data and regulatory requirements that the company needs to implement.
    • Week 5: Network Security
      • This section combines all of the previous sections and gives the opportunity to examine the security mechanisms that are needed at the network level.

IT543-4: Design an implementation of cryptographic methods for an organization.

Assignment Instructions:

This assignment requires you to analyze a system, identify the cryptographic requirements, and then design a set of solutions to secure the data and the communication within the system. The system to be developed is based on the following scenario:

The ACME Yearbook Company has an existing desktop application that allows customers to create school yearbooks. The desktop application imports a portrait template containing a text document with student and faculty names, grades, and filenames. The filenames identify the yearbook photo for the respective individual. The application then allows the customer to edit the portrait database and design the school’s yearbook, including the ability to import additional photographs and lay out each yearbook page. When the yearbook is completed, the application uploads a data set to the portrait database “in the cloud” and all of the layout data for each yearbook page.

Note: Their previous product used CD ROMSs, and there was no Internet access for development, viewing, or purchase.

The company uses this data set to produce a high-resolution PDF of the yearbook, which is then used to produce the printed hardcopy yearbooks for the school. Additionally, the schools can request electronic copies of the yearbook on CDs for record-keeping or for direct sale to students to accompany their hard copies.

The ACME Yearbook Company has hired you to help them develop an Internet-based product to complement the existing desktop application. Write a report to the company explaining what features need to be added to their product to make it secure.

The Internet-based product should include the following additional features:

• Allow all yearbook data to be stored on ACME’s servers, rather than on the customer’s local computer.
• Allow the desktop product to be used to edit the yearbook and any new Internet version of the product.
• Allow multiple people to edit the yearbook at the same time (including any students who are working on the yearbook).
• Allow people to purchase copies of the completed yearbook using a credit card.
• Allow a low-resolution PDF of the completed yearbook to be available to the school for proofing. Also, make available a high-resolution PDF that can only be accessed by ACME’s printing facilities and partners.

Security concerns include:

• Licensing of the application client on school PCs.
• Security for the output designs on the cloud and on CDs.
• Secure storage of multiple yearbooks from multiple clients at ACME and in the cloud.
• Online purchasing of electronic copies of yearbooks.
• Communications security.

You must do the following:

1. Identify and list RISKS to be addressed.
2. Design a solution or a solution set.

   You do not have to address all of the items below, but here are some possible topics to consider:

   1. Email
   2. Remote access (VPN)
   3. Whole disk encryption
   4. Encrypted flash sticks
   5. E-commerce transactions
   6. Database encryption
   7. Use of hashes (e.g., for checksums, passwords, perhaps even credit card information)
   8. Cloud access security
   9. Digital certificates (at various levels)
   10. DRM for electronic copies of yearbooks
   11. Acceptable use policies regarding the use of company computers, personal computers, and perhaps even use of personal encryption
3. Identify potential vulnerabilities with your proposed solution. (Note: Not all vulnerabilities can be solved with encryption.)
4. Finally, in case the company cannot implement all of your suggestions at once, list the features that you recommend and rank order them by importance.

Your design should take into consideration the data storage, data processing, and data communication needs of the system.

It is anticipated that the length of the paper will be 10–12 pages.

When would you want to create an Azure VM for your company’s network?

• Tell how you might access the VM if you have one created on your subscription.
• When you create an Azure VM, is it easy to turn off or remove it from your subscription?