I need help answering Information Assurance and Security questions

User Generated

uryybxvggl100

Other

Description

Please provide long answers for each and if references are used please provide at the bottom of each question. Also attached in word.


Question 1 (25 points)

You have just been promoted to Corporate Information Security Officer (CISO) for a mid-level company that specializes in Point-of-Sale (PoS) technology.The primary responsibility of this role is to develop plans, policies, and physical control requirements and specifications for the company that specifically address the security posture facing this sector.With highly publicized breaches of clients using your PoS technologies, including Target, Delta, Best Buy, and many others, the company is looking to you to specifically do the following:

1)Develop policies, standards, guidelines and procedures to detail what users and administrators can do to maintain the security of the business systems and network.Write one example of each (policy, standard, guideline, procedure) that specifically protects a PoS network.This example should be written so that any client using your PoS technology can adapt the verbiage to their operations.

2)Explain how the growing use of wireless cellular technology has impacted data transmission and how factors, such as location, affect your company's ability to protect confidential data.Provide examples of how this technology can be used to jam and hack PoS technology.

Question 2 (25 points)

The United States Air Force (USAF) recently announced that it will outsource "low-hanging" IT operations so that airmen are focused on Cyber Mission Defense teams.(https://www.fedscoop.com/air-force-outsource-low-hanging-operations-freeing-airmen-cyber-mission-defense-teams/)

You work as a Security Analyst for IBM and have been asked to write a briefing on how your company can provide the IT products and services needed by the USAF that provide a layered, or Defense-in-depth, security architecture.Detail how your recommendations will meet the national strategy to deny, deter, deflect, delay and detect cyber-attacks.

Question 3 (25 points)

Examine the legal, ethical and privacy aspects associated with Artificial Intelligence (AI) and Information Systems.Specifically, describe how the field of AI is being used to enhance each of the following sectors, and what legal / ethical / privacy issues are associated with industry information systems and AI:

1)Healthcare

2)Military drones

3)Social media and online entertainment (e.g., Pandora)

4)Travel

Question 4 (25 points)

You have been asked to evaluate online data storage, including the Cloud, and enhanced productivity tools, including Virtual Machine software, as cost effective tools for your company, which is an international manufacturer of private label over-the-counter pharmaceuticals.

Prioritize often conflicting Information Security requirements; Confidentiality, Integrity, and Availability, and potential options for outsourcing data storage and virtualization.Recommend access control tools and techniques that enhance the CIA requirements for each technology.

Unformatted Attachment Preview

Question 1 (25 points) You have just been promoted to Corporate Information Security Officer (CISO) for a mid-level company that specializes in Point-of-Sale (PoS) technology. The primary responsibility of this role is to develop plans, policies, and physical control requirements and specifications for the company that specifically address the security posture facing this sector. With highly publicized breaches of clients using your PoS technologies, including Target, Delta, Best Buy, and many others, the company is looking to you to specifically do the following: 1) Develop policies, standards, guidelines and procedures to detail what users and administrators can do to maintain the security of the business systems and network. Write one example of each (policy, standard, guideline, procedure) that specifically protects a PoS network. This example should be written so that any client using your PoS technology can adapt the verbiage to their operations. 2) Explain how the growing use of wireless cellular technology has impacted data transmission and how factors, such as location, affect your company's ability to protect confidential data. Provide examples of how this technology can be used to jam and hack PoS technology. Question 2 (25 points) The United States Air Force (USAF) recently announced that it will outsource "low-hanging" IT operations so that airmen are focused on Cyber Mission Defense teams. (https://www.fedscoop.com/air-force-outsource-low-hanging-operations-freeing-airmencyber-mission-defense-teams/) You work as a Security Analyst for IBM and have been asked to write a briefing on how your company can provide the IT products and services needed by the USAF that provide a layered, or Defense-in-depth, security architecture. Detail how your recommendations will meet the national strategy to deny, deter, deflect, delay and detect cyber-attacks. Question 3 (25 points) Examine the legal, ethical and privacy aspects associated with Artificial Intelligence (AI) and Information Systems. Specifically, describe how the field of AI is being used to enhance each of the following sectors, and what legal / ethical / privacy issues are associated with industry information systems and AI: 1) Healthcare 2) Military drones 3) Social media and online entertainment (e.g., Pandora) 4) Travel Question 4 (25 points) You have been asked to evaluate online data storage, including the Cloud, and enhanced productivity tools, including Virtual Machine software, as cost effective tools for your company, which is an international manufacturer of private label over-the-counter pharmaceuticals. Prioritize often conflicting Information Security requirements; Confidentiality, Integrity, and Availability, and potential options for outsourcing data storage and virtualization. Recommend access control tools and techniques that enhance the CIA requirements for each technology.
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Running head: INFORMATION ASSURANCE AND SECURITY

Information Assurance and Security
Student Name
Institutional Affiliation

1

INFORMATION ASSURANCE AND SECURITY

2

Question one
Security policy
In order to ensure that there is guaranteed security to the system, customer information
and the organization as well; a policy that protects the right of both the customers and business
should be implemented. This policy should entail details like ensuring that the customer details
such as Name, Social security numbers, dates of birth and family should be protected in the
system so that no unauthorized person can access it.
On the other hand, the system design must ensure that the business information, trade
secrets, and other vital information is kept confidential and not to be licked to the outside world.
The personal information should also be kept private by the system and only the authorized
people should be able to access it. Such a system that implements such policies will be more
secure and will protect against breaches.
Standards
In order to reduce and mitigate security breaches, the businesses should have a high level
of security standards that will be competitive and will ensure that the security threats are
mitigated. Such standards include the use of proper authentication and authorization mechanisms
within the Point of sale systems. The use of user accounts that have different levels of access to
the system according to the duties and responsibilities will ensure that the system’s information
is only limited to those who should access it. Data-log systems that will ensure that any user
activities within the POS are well documented for future references will also be a proper
standard to ensure security (Hershey, Hartman, Zinser, and Ross 2017).

INFORMATION ASSURANCE AND SECURITY

3

Guideline
All the personnel that are responsible for accessing the point of sales system should be
well informed of the importance of keeping customer and business information confidential for
the prosperity of the business. The customers, on the other hand, should be given the proper
guidelines to ensure that they give genuine information to the business as well as suppliers and
other stakeholders of the business. Such information should be used to detect any malicious
activities in the system in case of a security breach.
Procedures
A well-planned procedure should be established within the users of the POS to ensure
that the proper channels are used for both documentation purposes and quality in the provision of
services. As such the business personnel s...

Similar Content

Related Tags