Assignment Overview As a professional in you need to understand the scholarly research in cybersecurity. It’s also important to know fundamental papers that core cybersecurity concepts are built on. For this assignment, you will submit a critical review of one academic paper (template provided). This assignment develops your ability to analyze scholarly research, evaluate methodological approaches, and connect theoretical knowledge to practical applications. Learning Objectives Upon completion of this assignment, you will be able to: Critically analyze academic research in cybersecurity Evaluate the validity and significance of research methodologies Assess the contribution of research to the cybersecurity knowledge base Identify strengths and limitations in academic papers Connect theoretical research to practical cybersecurity applications Paper Selection Guidelines Acceptable Sources: Peer-reviewed conference papers from reputable cybersecurity venues Academic journal articles in cybersecurity or related fields Seminal papers that have shaped information security (see UC Davis Seminal Papers list) Not Acceptable: Vendor white papers, SANS reports, industry publications, or non-peer-reviewed sources. Students are encouraged to select seminal papers in information security to understand foundational concepts. Papers do not need to be recent – historical significance often outweighs recency for learning purposes. Required Components Your review must address all of the following sections (use the provided template): 1. Paper Overview Summarize the main research question or problem addressed Identify the paper’s primary contribution or thesis Briefly describe the methodology used Present key findings or conclusions 2. Contribution and Research Validity Analyze what new knowledge this paper contributes to cybersecurity Evaluate the research methodology – is it appropriate and rigorous? Assess the validity of the findings – are conclusions supported by evidence? Consider the paper’s impact on the field (citations, influence on subsequent work) 3. Course Relevance Explain how this research connects to CYB 600 course content Provide specific examples linking the paper to course topics Discuss practical applications relevant to cybersecurity practice 4. Critical Analysis – Weak Areas Identify limitations in the research design or methodology Discuss any assumptions made by the authors and their validity Analyze what questions remain unanswered Consider scope limitations or generalizability issues Suggest areas for future research Formatting Requirements Format: Use the provided APA template Length: 2 full pages (body text only, excludes title page and references) Font: 12-point maximum Margins: 1 inch on all sides Spacing: Double-spaced Citations: APA format, properly cited and referenced Primary Source: Include hyperlink to the reviewed paper Student Name: Clearly designated on title page Audience and Purpose Write for your classmates and instructor. Your review should: Broaden understanding of cybersecurity research Provide insights for future research directions Demonstrate critical thinking about academic literature Connect theoretical knowledge to practical applications Assessment Criteria Your submission will be evaluated on: Content Analysis: Depth of critical thinking and analysis Research Understanding: Demonstration of comprehension of the paper’s methodology and findings Writing Quality: Clear, professional communication appropriate for graduate-level work Course Connection: Effective linking of the paper to course objectives Critical Evaluation: Balanced assessment of strengths and limitations Format and Citations: Proper APA formatting and academic writing conventions Grammar and Mechanics: Professional-level spelling, grammar, and syntax Submission Details Submission: Follow course submission guidelines Additional Resources UC Davis Seminal Papers Cybersecurity Library Guide University Academic Success Center writing resources APA Style guidelines Course readings and lecture materials Classroom discussions may be held on selected papers to enhance learning and provide additional perspectives on the research. Remember: This is not merely a summary exercise. You must critically analyze, evaluate, and synthesize the research within the context of cybersecurity knowledge and practice.

Module 8 Writing Assignment Due Mar 1 by 11:59pm Points 150 Submitting a file upload File Types doc and docx Attempts 0 Allowed Attempts 1 Research the tools used for Denial of Service attacks in this chapter Which do you prefer and which do you dislike? Support your positions with the research (compare and contrast): All weekly papers are to be at least 2 full pages in length, not including the course header This means that papers should either start on the second page or start on the first page under the header If starting on the second page, the text should take up the entirety of two full pages. If starting on the first page under the header, the text should take up the entirety of the first and second page with at least five lines on the third page. While there is not a maximum length, please try to keep your papers to around 3 pages maximum. Paragraphs should be around 5-8 sentences in length. Too short and the paper looks choppy with ideas that are not fleshed out Too long and the paper looks like a wall of text and becomes difficult to follow The works cited page should start on a new page To do this properly, add a “Page Break” at the end of your content. In Microsoft word, this is done by clicking “Insert” -> “Break” -> “Page Break” or pressing Alt + I and then B. All papers are to follow MLA formatting. For full information on MLA formatting, you can visit the Purdue OWL, but here are some highlights: Papers are to be double-spaced without additional space between paragraphs The first line of each paragraph should be indented by one-half inch (this is generally automatic in Word) Works cited pages are to use hanging or inverted indentation. Each body paragraph of your papers should have at least one in-text citation If the paragraph only uses one source, the in-text citation should be inside the final punctuation of the paragraph. If the paragraph uses multiple sources for information, the in-text citation should be placed after the information from that source. Remember to source and cite information, even if it’s not a direct quote; paraphrased information also need attribution. You should have an appropriate introduction and conclusion to your works These do not need to be cited, as you’re introducing a topic or providing your final thoughts.

Instructions

Policy Analysis Matrix:

• Research and explore cybersecurity regulatory policies in the regions where the acquired company has offices: Asia, Europe, South Africa, and the United Kingdom. Each student will select a different region or country to focus oni.e., you can select Asia, or just Japan.
• Create a matrix detailing the policies in each region, focusing on areas such as:
• Data protection and privacy regulations
• Supply chain and risk management requirements
• Vendor management guidelines
• Standards and frameworks for cybersecurity
• Incident response and reporting protocols
• Infrastructure and cloud security standards
• Training and awareness programs
• Relevant local laws and regulations
• Cross-border data transfer regulations
• Provide an explanation of each policy, highlighting any differences from US policy.
• Analyze how your company will need to adjust its cybersecurity practices and policies following the acquisition, considering the differences in regional regulations.

PART 1: You have been exposed to hardening security in many aspects of Windows systems. Pick any one aspect (e.g., password policy) and explain why you consider it important to harden it. Please include any realistic threats in that aspect and also possible remedies.

You may not duplicate someone else’s topic, so check before you research. PLEASE DONT DISCUSS ON THE FOLLOWING AS SOMEONE ELSE ALREADY DID IT. HARDERING PASSWORD POLICY, HARDERING WORKSTATIONS, ACCOUNT LOUCKOUT POLICY.

PART 2: Select a topic covered in this module. Go to the SANS website (www.sans.org), locate the Reading Room, and find an article that relates to your selected topic. Write a brief report about the article, including the relevance of the article to the module, issues raised, your opinion of the issues (agree or disagree and why), and recommendation(s), if any. ” FOOTPRINTING”

Overall Theme

This assignment is about:

• Real-world data security attacks
• Understanding security terminology
• Analyzing vulnerabilities and threats
• Identifying impacts and consequences
• Evaluating mitigation strategies

It is a research-based analytical report, not a technical lab.

Length: 25003000 words

Individual work

APA references required

Main Task

You must:

Identify three recent data security attacks

Then for EACH attack, you must fully analyze it using security concepts learned in class.

What You Must Explain for Each Attack

For every attack, you must clearly describe:

1. Type of attack

• Ransomware?
• Phishing?
• Data breach?
• DDoS?
• Insider attack?

1. Assets impacted

• Customer data?
• Financial data?
• Intellectual property?
• Servers?

1. Victim(s) and attackers target

• What company?
• What system was targeted?

1. Timestamp

• When and where it happened

1. Vulnerabilities

• Weak passwords?
• Unpatched software?
• Human error?
• Misconfiguration?

1. Threats imposed

• Confidentiality breach?
• Integrity damage?
• Availability disruption?

1. Security components compromised

• Authentication?
• Access control?
• Encryption?
• Network security?

1. Consequences

• Financial loss
• Legal penalties
• Reputation damage
• Data leaks

1. Mitigation or controls implemented

• Patch management
• Multi-factor authentication
• Firewalls
• Incident response plans

Required Report Structure

Your paper must include:

1? Introduction

Explain:

• Purpose of the assignment
• Why studying real attacks is important
• 35 key security concepts from the course

2? Background

Define important terminology:

• Asset
• Threat
• Vulnerability
• Target
• Breach
• Attack
• Risk

Explain why these terms matter in security analysis.

3? Methodology

Explain:

• How you found the attacks
• Why you chose those three
• What criteria you used

4? Description of Each Attack

Full detailed explanation using course terminology.

5? Analysis of Each Attack

Deep explanation:

• What was leaked?
• How did it happen?
• What weaknesses were exploited?
• What security principle failed? (CIA triad)

6? Conclusion

One strong paragraph summarizing:

• Lessons learned
• Recommendations
• Importance of security strategies

7? References

APA format

Proper citation required

Using the templates that are attached perform the steps and answer the questions while providing screenshots when requried. Use virtual box to create virtual machine with an Ubuntu OS system.

Submit a 4 – 6 page Report with a minimum of 3 credible sources. Your paper should comply with APA formatting guidelines

Develop a strong understanding of your selected countrys (Bahrain)cybersecurity and privacy laws before you compare them to the U.S.

1.Country Overview

o Basic context (region, economy, tech maturity)

2. Cybersecurity Laws

For each major law/framework, include:

o Name of law

o Year enacted

o Purpose and scope

o Key requirements

o Enforcement agencies

3. Data Privacy / Data Protection Laws Include:

o Data covered

o Consent rules

o Data subject rights

o Breach reporting requirements

o Penalties

o Cross- border data transfer rules

4. Real- World Case Example

Summarize one cybersecurity or privacy incident from your country.

Explain:

o What happened

o What law(s) applied

o Penalties or outcomes

o Why it matters

Unit 6 Assignment: Incident Response and Recovery

Outcomes addressed in this activity:

Unit Outcomes:

• Investigate cybersecurity policies relative to disaster recovery and incident response.
• Prepare a cybersecurity incident response policy.
• Analyze cybersecurity policies relative to digital forensic investigations.

Course Outcome:

IT484-4: Create an incident response plan, integrated with cybersecurity policy, which assists with organizational recovery.

Purpose

Having a sound plan ready in case an incident occurs that impacts an organizations systems is a crucial requirement for maintaining the integrity of any organizations systems. This assignment will reinforce the concepts you learned in this unit regarding the creation of an incident response plan.

Assignment Instructions

Part 1:

Using the internet and/or the library, research and complete the following:

In 5001,000 words, complete the following:

Develop an incident response plan that integrates with your cybersecurity policy, enabling effective organizational recovery. Include concepts such as maximum tolerable downtime (MTD) and recovery point objective (RPO) in your answer.

Part 2:

In 200 or more words for each answer, respond to the following:

• Investigate and identify a ranking of disaster types.
• What are some alternate site considerations?
• Analyze backup solutions and why they are important.

Assignment Requirements

Your assignment should meet the specifications listed. Be sure to use appropriate APA format and cite your textbook or other sources that you used in the assignment.

Answers should contain sufficient information to adequately answer the questions and contain no spelling, grammar, or APA errors. Points deducted from grade for each writing, spelling, or grammar error are at your instructors discretion.

For assistance with APA requirements, please go to Academic Writer. You will find the link in the Academic Tools section of the course.

Directions for Submitting Your Assignment

Compose your assignment in a Microsoft Word document and save it as IT484_YourName_Unit_6 and submit it to the Dropbox for Unit 6.

Review the before beginning this activity.

Proposal should be based on the following scenario.

Heavy Metal Engineering (HME), a manufacturing organization that creates metal shell casings for very high-end washer and dryer products has suppliers and customers world-wide, as well as world-wide offices. HME the US Corporate office in NY hires you as a professional Information Assurance consultant.

HME is looking to receive some significant third party funding for an international joint venture but was told they would be denied because they do not have any kind of Information Assurance plan to keep all data assets secure. You are required to create a comprehensive IA strategy that includes the following:

-A detailed overview of what Information Assurance entails covering all the basics for an IA strategy (what will be protected and from what)

-A plan or strategy for IA implementation including a framework

-A complete risk mitigation strategy that completely outlines your plans to mitigate risks associated with operating in the 21st century workplace.

-Select an accrediting body to ensure IA is not only a process but a part of organizational culture going forward

-An incident response and disaster recovery plan in the event of intrusion and disaster

All sections should be clearly labeled and a separate section in each area specifically for justifications of your selection/proposal.

-Your thoughts must be solidified with viable sources consistent with graduate level work. No more than 2 sources may be used with ND or no author. Scholarly and Peer reviewed sources are expected to be used throughout the bulk of this paper.

This assignment has two Parts:

PART 1: The research topic for your assignment is : Compare and contrast Operating Systems and Security. Write a minimum 2 pages (Follow Lynn

standards how to write research paper)

• Research at least two Operating Systems and compare differences, commonalities between each other with emphasis in Security.

Checklist:

Articulate the mechanisms necessary for the protection and security of operating and computer systems. Discuss the following areas:

Assess the techniques used in buffer overflow and buffer overrun.

Explain techniques of memory management.

Identify operating system and application weaknesses and vulnerabilities.

Describe the structure of operating system.

Hints for success:

These are merely pointers, you should explore other ones.

• Read Chapter 1 from your book.
• NIST.gov
• SANS.org
• Research keywords:
• Operating System Security Risk vulnerabilities
• Some commercial websites to use but do not limited to these ones
• Microsoft
• IBM
• Apple
• Some commercial operating systems
• Windows
• DOS
• OS2
• AS400
• BSD
• Open source
• Linux
• Unix
• chrome
• FreeBSD

PART 2: Kali Linux Operating System Installation and Documentation

• Investigate – Assess issues in the design of operating systems –
• operating system
• and write up (create) Kali Linux installation procedure for one of the following:
• Laptop (Windows)
• Laptop (Mac),
• USB,
• Raspberry Pi.
• (Hint: start from Kali Linux Documentation area at Kali
• )
• (Use screenshots for each step where appropriate and write up installation process)
• PART 1: Operating Systems and Security Research Paper (Total: 50 points)

1. Research and Comparison of Two Operating Systems (10 points)

• Depth and accuracy in comparing operating systems with an emphasis on security aspects.

1. Articulation of Security Mechanisms (10 points)

• Quality of discussion on security mechanisms, buffer overflow, buffer overrun, and memory management techniques.

1. Identification of Weaknesses and Vulnerabilities (10 points)

• Insight and thoroughness in identifying and explaining operating system and application vulnerabilities.

1. Description of Operating System Structure (10 points)

• Clarity in describing the structure of operating systems and its relevance to security.

1. Quality of Writing and Research (10 points)

• Adherence to APA standards, organization of the paper, and use of diverse, quality resources.
• PART 2: Kali Linux Operating System Installation and Documentation (Total: 50 points)

1. Research and Assessment of Kali Linux (10 points)

• Understanding of Kali Linux and its relevance in operating system design.

1. Detailed Installation Procedure (20 points)

• Accuracy and clarity in documenting the installation process, including appropriate choice of platform.

1. Use of Screenshots and Documentation Quality (10 points)

• Effectiveness and relevance of screenshots; quality of written documentation.

1. Presentation and Analysis (10 points)

• Overall presentation, organization, and reflection on the installation process and its implications.

_____________________________________________________

SEPERATE DOCUMENT FOR PART 2

Dear Students,

for this assignment the following files will need to be downloaded and installed on your laptop preferably on your C: drive

Please create a folder C:FW

Download the following files:

For the homework make sure you have the latest version of Java installed on your laptop.

Follow the instructions on the file below and answer the questions.

If you have any questions please let me know.

Best Regards,

Dr Antoniou

The document “Firewall Exercise ISM 311 V1” outlines a comprehensive exercise for students to understand and implement cybersecurity strategies using a firewall visualization tool. The exercise involves several key activities:

1. Understanding Firewall Basics: Students start with a basic setup and observe how traffic flows with and without a firewall.

2. Firewall Configuration: Students configure a firewall, experimenting with different rules to understand how they affect traffic flow and security.

3. Active Attack Simulation: The exercise includes simulating active attacks to test the effectiveness of the firewall configurations.

4. Rule Creation and Analysis: Students create a series of firewall rules aimed at protecting a network from various attacks, analyzing the effectiveness of these rules.

5. Scenario Implementation: Implementing a specific scenario provided in the exercise, where students write rules to protect a database from attacks.

6. Reflection and Understanding: Students reflect on the limitations of firewalls in preventing certain types of attacks and consider alternative strategies.

Total Points (0-100):

Understanding and Setup (15 points): Assessing the initial setup and understanding of the firewall tool.

Firewall Configuration (20 points): Grading the ability to configure and modify firewall settings effectively.

Active Attack Analysis (20 points): Evaluating how students handle simulated attacks and their analysis of the firewall’s effectiveness.

Rule Creation and Effectiveness (25 points): Judging the complexity and effectiveness of the firewall rules created by the students.

Scenario Application (10 points): Points for correctly applying the learned concepts to the provided scenario.

Critical Thinking and Reflection (10 points): Assessing the students’ understanding of the limitations of firewalls and alternative strategies.

This distribution ensures a balanced evaluation covering technical skills, analytical thinking, and practical application.