COM 590 Full Course Latest



Product Description

COM 590 Full Course Latest

COM 590 Full Course Latest


COM 590 Module 1 Discussion Latest

Module 1 Discussion

Select a topic covered in this module. Go to the SANS website (, locate the Reading Room, and find an article that relates to your selected topic. Write a brief report about the article, including the relevance of the article to the module, issues raised, your opinion of the issues (agree or disagree and why), and recommendation(s), if any.

COM 590 Module 2 Discussion Latest

Module 2 Discussion

Select a topic covered in this module. Go to the SANS website (, locate the Reading Room, and find an article that relates to your selected topic. Write a brief report about the article, including the relevance of the article to the module, issues raised, your opinion of the issues (agree or disagree and why), and recommendation(s), if any.

COM 590 Module 3 Discussion Latest

Module 3 Discussion

Select a topic covered in this module. Go to the SANS website (, locate the Reading Room, and find an article that relates to your selected topic. Write a brief report about the article, including the relevance of the article to the module, issues raised, your opinion of the issues (agree or disagree and why), and recommendation(s), if any.

COM 590 Module 5 Discussion Latest

Module 5 Discussion 4

Select a topic covered in this module. Go to the SANS website (, locate the Reading Room, and find an article that relates to your selected topic. Write a brief report about the article, including the relevance of the article to the module, issues raised, your opinion of the issues (agree or disagree and why), and recommendation(s), if any.

COM 590 Module 6 Discussion Latest

Module 6 Discussion 5

Actions for ‘Module 6 Discussion 5’


Hide Description

Access the website of the State of New Hampshire’s, Department of Justice and Office of the Attorney General ( Conduct a search for security breach notification.

Read three recent notification letters to the Attorney General as well as the corresponding notice that will be sent to the consumer. Write a summary of the timeline of each event.

Choose one incident to research further. Find corresponding news articles, press releases, and so on.

Compare the customer notification summary and timeline to your research. In your opinion, was the notification adequate? Did it include all pertinent details? What controls should the company put in place to prevent this from happening again?

COM 590 Module 7 Discussion Latest

Actions for ‘Module 7 Discussion’

Answer both of the following questions:

  1. Identify and discuss three principles that you believe should be included in an ethical computer use policy. Such principles should pertain to both employees and external customers. Justify your selection.
  2. Provide and describe an example organization (either from case study literature or your own professional work experience) that is known to embrace a corporate culture of information security. Why is this organization renowned for its cultural cybersecurity awareness?

In your responses, address and apply the Saint Leo core values of integrity and respect.

COM 590 Module 1 Assignment Latest

  1. Can Internet use and e-mail use policies be covered in an acceptable use policy?
  2. Why is an acceptable use policy not a fail-safe means of mitigating risks and threats within the user domain?
  3. Why does an organization want to align its policies with the existing compliance requirements?
  4. Why must an organization have an acceptable use policy (AUP) even for non-employees, such as contractors, consultants, and other third parties?
  5. Will the AUP apply to all levels of the organization? Why or why not?
  6. What security controls can be deployed to monitor users that are potentially in violation of an AUP?
  7. Should an organization terminate the employment of an employee if he/she violates an AUP? Why?
  8. Do compliance laws, such as HIPAA or GLBA, play a role in AUP definition?
  9. Why do organizations have acceptable use policies (AUPs)
  10. What are three risks and threats of the user domain?

COM 590 Module 2 Assignment Latest

  1. Do employees behave differently in a flat versus a hierarchical organizational structure? Explain your answer.
  2. Do employee personality types differ between hierarchical and flat organizations?
  3. What is difficult about policy implementation in a flat organization? What is difficult about policy implementation in a hierarchical organization?
  4. How do you overcome employee apathy toward policy compliance?
  5. Policy framework implementation plan

COM 590 Module 3 Assignment Latest

  1. What is the purpose of defining a framework for IT security policies?
  2. Why should an organization have a remote access policy even if it already has an acceptable use policy (AUP) for employees?
  3. What security controls can be implemented on your e-mail system to help prevent rogue or malicious software disguised as URL links or e-mail attachments from attacking the workstation domain? What kind of policy definition should you use?
  4. Why should an organization have annual security awareness training that includes an overview of the organization’s policies?
  5. Coast Guard boat data security?
  6. What is meant by Governance Framework? Why is ISO 27000 certification more attractive to companies than COSO or COBIT certification?
  7. Locate and read NIST SP 800-53 Revision 4. What are the key benefits of this standard?
  8. In your opinion, is the COBIT framework superior to the other standards and frameworks such as the ISO 27000 and NIST? Why or Why not?

COM 590 Module 4 Assignment Latest

  1. For each of the seven domains of a typical IT infrastructure, describe a policy you would write and implement for each domain.
  2. How does separation of duties throughout an IT infrastructure mitigate risk for an organization?
  3. When using a layered security approach to system administration, who would have the highest access privileges.
  4. Why do you only want to refer to technical standards in a policy definition document?
  5. Explain why the seven domains of a typical IT infrastructure help organizations align to separation of duties.
  6. Why is it important for an organization to have a policy definition for business continuity and disaster recovery?
  7. Security management policy

COM 590 Module 7 Assignment Latest

Choose “one” of the following topics:

  • Industrial Control Systems (ICS) /SCADA systems
  • Cloud Computing
  • Social Networks
  • Mobile Computing

For that topic, list significant cybersecurity vulnerabilities and associated threats that would have the highest impact on service or users. For each vulnerability/threat combination, discuss why the probability of an occurrence is either high-medium-or low. For each combination, describe the policies and procedures that can most effectively manage that estimated level of risk. How is customer satisfaction affected by implementing each policy and procedure? Provide supporting examples from outside articles and literature.

Prepare your paper to the following format:

  1. A single Word Document 5-7 pages (font size – Times New Roman 12)
  2. Single spaced with one-inch margins on all sides
  3. All citations and the reference list in the paper should be formatted in accordance with APA 6thedition (or later) guidelines
  4. References are NOT included in the page count

COM 590 Midterm Exam Latest

Question 1

The use of encryption and digital signatures helps ensure that what was transmitted is the same as what was received. Which of the following is assured?

  • Confidentiality
  • Availability
  • Integrity
  • Nonrepudiation

Question 2

The concept of “need to know” is most closely associated with which of the following?

  • Authentication
  • Availability
  • Confidentiality
  • Integrity

Question 3

What is the primary goal of business process reengineering?

  • To develop new security policies
  • To improve business processes
  • To implement an enterprise resource system
  • To determine management bonuses

Question 4

An unauthorized user accessed protected network storage and viewed personnel records. What has been lost?

  • Confidentiality
  • Nonrepudiation
  • Integrity
  • Availability

Question 5

What does COBIT stand for?

  • Control Objectives for Information and Related Technology
  • Common Objects for Information and Technology
  • Common Objectives for Information and Technology
  • Control Objects for Information Technology Subsection

Question 6

What does “tone at the top” refer to?

  • Policies, in relation to standards, procedures, and guidelines
  • Confidentiality in the C-I-A triad
  • Regulatory bodies, in relation to security policies and controls
  • Company leaders

Question 7

Which of the following types of security controls stops incidents or breaches immediately?

  • Preventive
  • Corrective
  • Detective
  • None of the above

Question 8

An encryption system is an example of which type of security control?

  • Technical
  • Corrective
  • Physical
  • Administrative

Question 9

Security controls fall into three design types: preventive, detective, and:

Question 10

Which of the following is not a generally accepted principle for implementing a security awareness program?

  • Competency should be measured.
  • Remind employees of risks.
  • None of the above.
  • Leaders should provide visible support.
  • Subsection

Question 11

Of the following compliance laws, which focuses most heavily on personal privacy?

  • GLBA
  • SOX

Question 12

To which sector does HIPAA apply primarily?

  • Financial
  • None of the above
  • Communications
  • Medical

Question 13

Which law was challenged by the American Library Association and the American Civil Liberties Union claiming it violated free speech rights of adults?

  • CIPA
  • GLBA

Question 14

To which sector does the Sarbanes-Oxley Act apply primarily?

  • Medical
  • Publically traded companies
  • Financial
  • Communications

Question 15

Which compliance law concept states that only the data needed for a transaction should be collected?

  • Public interest
  • Limited use of personal data
  • Full disclosure
  • Opt-in/opt-out
  • Subsection

Question 16

You are on the West Coast but want to connect to your company’s intranet on the East Coast. You use a program to “tunnel” through the Internet to reach the intranet. Which technology are you using?

  • Role-based access control
  • Elevated privileges
  • Virtual private networking
  • Software as a Service

Question 17

Which of the following is not true of segmented networks?

  • By limiting certain types of traffic to a group of computers, you are eliminating a number of threats.
  • Switches, routers, internal firewalls, and other devices restrict segmented network traffic.
  • A flat network has more controls than a segmented network for limiting traffic.
  • Network segmentation limits what and how computers are able to talk to each other.

Question 18

In which domain is virtual private networking a security control?

  • Neither A nor B
  • Remote Access Domain
  • Both A and B
  • WAN Domain

Question 19

A security policy that addresses data loss protection, or data leakage protection, is an issue primarily in which IT domain?

  • User
  • Workstation
  • WAN
  • System/Application

Question 20

A nurse uses a wireless computer from a patient’s room to access real-time patient information from the hospital server. Which domain does this wireless connection fall under?

  • System/Application
  • User
  • WAN
  • LAN
  • Subsection

Question 21

Regarding security policies, what is a stakeholder?

  • An individual who has an interest in the success of the security policies
  • A framework in which security policies are formed
  • A placeholder in the framework where new policies can be added
  • Another name for a change request

Question 22

Which personality type tends to be best suited for delivering security awareness training?

  • Pleaser
  • Performer
  • Analytical
  • Commander

Question 23

Which of the following is typically defined as the end user of an application?

  • Data owner
  • Data manager
  • Data custodian
  • Data user

Question 24

Which of the following is not true of auditors?

  • Report to the leaders they are auditing
  • Are accountable for assessing the design and effectiveness of security policies
  • Can be internal or external
  • Offer opinions on how well the policies are being followed and how effective they are

Question 25

In an organization, which of the following roles is responsible for the day-to-day maintenance of data?

  • Data owner
  • Information security office (ISO)
  • Compliance officer
  • Data custodian

Question 26

Which of the following include details of how an IT security program runs, who is responsible for day-to-day work, how training and awareness are conducted, and how compliance is handled?

  • Procedures
  • Guidelines
  • Standards
  • Policies

Question 27

Which of the following are used as benchmarks for audit purposes?

  • Policies
  • Guidelines
  • Standards
  • Procedures

Question 28

What does an IT security policy framework resemble?

  • Narrative document
  • Cycle diagram
  • List
  • Hierarchy or tree

Question 29

Which of the following is not a control area of ISO/IEC 27002, “Information Technology–Security Techniques–Code of Practice for Information Security Management”?

  • Security policy
  • Risk assessment and treatment
  • Asset management
  • Audit and accountability

Question 30

What is included in an IT policy framework?

  • Procedures
  • Guidelines
  • Standards
  • All of the above

Question 31

Which of the following is generally not an objective of a security policy change board?

  • Review requested changes to the policy framework
  • Coordinate requests for changes
  • Make and publish approved changes to policies
  • Assess policies and recommend changes

Question 32

When publishing an internal security policy or standard, which role or department usually gives final approval?

  • Audit and Compliance Manager
  • Senior Executive
  • Legal
  • Human Resources

Question 33

Virus removal and closing a firewall port are examples of which type of security control?

  • Corrective
  • Recovery
  • Detective or response
  • Preventive

Question 34

Fences, security guards, and locked doors are examples of which type of security control?

  • Technical security
  • None of the above
  • Administrative
  • Physical security

Question 35

Which principle for developing policies, standards, baselines, procedures, and guidelines discusses a series of overlapping layers of controls and countermeasures?

  • Multidisciplinary principle
  • Accountability principle
  • Proportionality principle
  • Defense-in-depth principle

Question 36

Who is responsible for data quality within an enterprise?

  • Data steward
  • Data custodian
  • CISA
  • CISO

Question 37

The core requirement of an automated IT security control library is that the information is:

  • in a numerical sequence.
  • in PDF format.

Question 38

Which security policy framework focuses on concepts, practices, and processes for managing and delivering IT services?

  • ITIL
  • COSO

Question 39

__________ refers to the degree of risk an organization is willing to accept.

  • Probability
  • Risk aversion
  • Risk tolerance
  • Risk appetite

Question 40

A fundamental component of internal control for high-risk transactions is:

  • a defense in depth.
  • a separation of duties.
  • data duplication.
  • following best practices.

COM 590 Term Project Latest

Term Project Guidelines and Rubric

For the term project, you will evaluate the cybersecurity policy of your, or another, organization in terms of completeness, compliance, organization and organization related interests, and other aspects, such as how to prevent its failure.

Select an organization you admire (e.g., public sector, private sector, professional association, limited liability corporation, entrepreneurial, or other) and solicit its cybersecurity policy.

  • Such document(s) may be available as a link on its homepage, part of the organization’s policies and procedures (P&P) manual, the subject or reference used in an academic or trade journal case study in information systems, or any other source – human or digital.
  • The cybersecurity policy may not necessarily reside as a single document and thus you may find it necessary to synthesize elements to have a resource that reasonably articulates the organization’s cybersecurity policy.

Take special note that there is a minimum of three critical aspects to this assignment:

  • As emphasized above, identify an organization whose cybersecurity policy is available. Federal civil sector organizations may be candidates or state governments. A company where you are currently or would like to be employed may be a candidate.
  • Start your search for a suitable organization early and anticipate that you may have to browse several before finding one suitable for this assignment.
  • A second critical aspect is to identify evaluation criteria or performance measures for the cybersecurity policy. Refer to applicable government, industry, and regulatory standards. In some cases, you may need to consider criminal or civil liability issues, and thus evaluation criteria may emanate from the judicial guidance.
  • A third critical aspect is application of your evaluation criteria to elements of the cybersecurity policy identified for analysis. Such analysis is likely to be qualitative for some aspects, quantitative for other aspects, and a hybrid for still other aspects of the policy. As such, your choice of measures and analytical techniques must be reasonable and justifiable.

Based on your accumulated reading and knowledge:

Evaluate the strengths and weaknesses of the organization’s cybersecurity policy along attributes to include the following:

  • Completeness/thoroughness
  • Compliance with recognized industry, government, and regulatory standards
  • The organization’s product/service and customers/clients/citizenry
  • System failure prevention and mitigation aspects

Recommend specific changes to the cybersecurity policy

Prepare your paper to the following format:

  1. A Word document 10 to 12 pages (Times New Roman 12).
  2. Single spaced with one-inch margins on all sides.
  3. All citations and the reference list in the paper should be formatted in APA.
  4. References are NOT included in the page count.

Submit the Term Project to the Dropbox no later than Sunday 11:59 PM EST/EDT of Module 7. (This Dropbox basket is linked to Turnitin.)