Professional Documents
Culture Documents
James Wyatt
Grantham University
Abstract
Security, Personnel, and IS Maintenance 2
Todays Cyber Security requirements have created a need to redesign the Station Automation
Architectures to provide secure access for Operations and Maintenance Systems and Personnel.
This paper will review several architectures being used and planned by utilities today
1. Search your librarys database and the Web for an article related to individuals
violating their organizations policy and being terminated. Did you find many? Why or why not?
I found a lot of this article and they all have the same outcome. It seems to me that everyone that
got fired had it coming for breaking the rules. The companies want the world to know about this
so people who work for the companies know what will happen to them.
2. Go to the (ISC)2 Web site at www.isc2.org. Research the knowledge areas included in
the tests for both the CISSP and the SSCP. What areas must you study that are not included in
this text? In order to sit for the CISSP exam, the candidate must possess at least three years of
direct full-time security professional work experience in one or more of the ten domains of
information security knowledge listed below. The CISSP exam itself, which covers all ten
domains, consists of 250 multiple-choice questions and must be completed within six hours.
Access Control, Application Security, Business Continuity and Disaster Recovery Planning
Cryptography, Information Security and Risk Management, Legal, Regulations, Compliance, and
Design, Telecommunications and Network Security. The SSCP exam consists of 125 multiple-
choice questions and must be completed within three hours. Instead of the ten domains of the
CISSP, the SSCP covers seven domains: Access Controls, Cryptography, Malicious Code and
Activity, Monitoring and Analysis, Networks and Communications, Risk, Response, and
3. Using the Web, identify some certifications with an information security component
that were not discussed in this chapter. NetScreen, Microsoft Certified Professional (MCP),
Site Building (MCP+SB), Microsoft Certified Solutions Developer (MCSD), Microsoft Certified
Microsoft Certified Trainer (MCT), Microsoft Office User Specialist (MOUS), and more.
4. Search the Web for at least five job postings for a security administrator. What
is preferred, Cisco Certified Security Professional (CCSP) is preferred, Cisco and Microsoft
1. Search the Web for the Forum of Incident Response and Security Teams (FIRST). In
your own words, what is the forums mission? FIRST are the Forum of Incident Response and
Security Teams. The idea of FIRST goes back until 1989, only one year after the CERT
Coordination Center was created after the infamous Internet worm. Back then incidents already
were impacting not only one closed user group or organization, but any number of networks
It was clear from then on that information exchange and cooperation on issues of mutual
interest like new vulnerabilities or wide ranging attacks - especially on core system like the DNS
servers or the Internet as a critical infrastructure itself - were the key issues for security and
Since 1990, when FIRST was founded, its members have resolved an almost continuous
vulnerabilities affecting nearly all of the millions of computer systems and networks throughout
the world connected by the ever growing Internet. FIRST brings together a wide variety of
Security, Personnel, and IS Maintenance 5
security and incident response teams including especially product security teams from the
3. This chapter lists five tools that can be used by security administrators, network
administrators, and attackers alike. Search the World Wide Web for three to five other tools that
fit this same description. Who do the sites promoting these tools claim to support? Metrics are
tools designed to improve performance and accountability through the collection, analysis, and
controls and the efficiency and effectiveness of the controls, by analyzing the adequacy of
tasks?, and What impact are those tasks having on the mission?
Automated tools known as log analyzers can consolidate systems logs, perform
comparative analysis, and detect common occurrences or behavior that is of interest. A risk
assessments identification of the systemic or latent vulnerabilities that introduce risk to the
organization can provide the opportunity to create a proposal for an information security project.
When used as part of a complete risk management maintenance process, the RA can be a
powerful and flexible tool that helps identify and document risk and remediate the underlying
vulnerabilities that expose the organization to risks of loss. The platform security validation
(PSV) process is designed to find and document the vulnerabilities that may be present because
there are misconfigured systems in use within the organization. The wireless vulnerability
assessment process is designed to find and document the vulnerabilities that may be present in
the wireless local area networks of the organization. The modem vulnerability assessment
Security, Personnel, and IS Maintenance 6
process is designed to find and document any vulnerability that is present on dial-up modems
In digital forensics, all investigations follow the same basic methodology: 1. Identify
relevant items of evidentiary value (EM), 2. Acquire (seize) the evidence without alteration or
damage, 3. Take steps to assure that the evidence is at every step verifiably authentic and is
unchanged from the time it was seized, 4. Analyze the data without risking modification or
4. Using the names of the tools you found in Exercise 3 and a browser on the World Wide
Web, find a site that claims to be dedicated to supporting hackers. Do you find any references to
any other hacker tools? If you do, create a list of the tools with their names and a short
description of what they do and how they work. CyberXtreme is an impressive forum with a
significant hacking section, but also entire sections on technology, graphics and even a tech
support area. Here youll find cracks, secret codes, free download packages (some containing
cracked software which may be illegal to download in your area, so be careful). The forum is
very protective of its content, so youll have to register with a valid email address before you can
even get a glimpse of the content thats on the forums. While I certainly dont want to offer a nod
to any blogs that may be considered competition, you really have to give credit where credit is
due when it comes to a particular niche like hacking and Hack a Day definitely offers an
amazing library of information for anyone looking for specific categories like cellphones, GPS or
digital cameras. Youll find all hacks organized by category in the right column. More than any
other site, this particular hacking site is very much hardware based, and they redefine the
meaning of the word hacking by literally hacking up electronic devices like a Gameboy or a
Security, Personnel, and IS Maintenance 7
digital camera and completely modifying it. Of course youll still find the occasional software
On all of the websites that I went to it wanted me to get an account or sign up. In the job I
have I cannot go to the sites and sign up. Security will have a day with me. From looking around
on their sites it really does not show what they use but you can sign up for the class.
5. Using the risk assessment documentation components presented in the chapter, draft a
tentative risk assessment of one area (a lab, department, or office) of your university. Outline the
critical risks you found and discuss these with your class. I am going to put a link in of what we
http://doni.daps.dla.mil/Directives/03000%20Naval%20Operations%20and
%20Readiness/03-500%20Training%20and%20Readiness%20Services/3500.39C.pdf
Security, Personnel, and IS Maintenance 8
References
http://www.etechsecurity.com/expertise/certifications/
http://www.first.org/
http://www.makeuseof.com/tag/top-5-websites-to-learn-how-to-hack-like-a-pro/