Is3230

In: Computers and Technology

Submitted By cosmoperson
Words 3818
Pages 16
Case 0:05-cv-00668-RHK-JSM

Document 61

Filed 02/07/2006

Page 1 of 14

UNITED STATES DISTRICT COURT DISTRICT OF MINNESOTA

Stacy Lawton Guin, Plaintiff, v. Brazos Higher Education Service Corporation, Inc., Defendant. Civ. No. 05-668 (RHK/JSM) MEMORANDUM OPINION AND ORDER

John H. Goolsby and Thomas J. Lyons Jr., Consumer Justice Center, Little Canada, Minnesota; Thomas J. Lyons, Lyons Law Firm, P.A., Little Canada, Minnesota, for Plaintiff. Courtney M. Rogers Reid and Matthew E. Johnson, Halleland Lewis Nilan & Johnson P.A., Minneapolis, Minnesota, for Defendant.

INTRODUCTION Plaintiff Stacy Guin alleges that Defendant Brazos Higher Education Service Corporation, Inc. (“Brazos”) negligently allowed an employee to keep unencrypted nonpublic customer data on a laptop computer that was stolen from the employee’s home during a burglary on September 24, 2004. This matter comes before the Court on Brazos’s Motion for Summary Judgment pursuant to Federal Rule of Civil Procedure 56. For the reasons set forth below, the Court will grant the Motion.

BACKGROUND

Case 0:05-cv-00668-RHK-JSM

Document 61

Filed 02/07/2006

Page 2 of 14

Brazos, a non-profit corporation with headquarters located in Waco, Texas, originates and services student loans. (Villarrial Aff. ¶ 2.) Brazos has approximately 365 employees, including John Wright, who has worked as a financial analyst for the company since November 2003. (Villarrial Aff. ¶ 2; Wright Aff. ¶ 1.) Wright works from an office in his home in Silver Spring, Maryland. (Wright Aff. ¶ 3.) As a financial analyst for Brazos, Wright analyses loan portfolios for a number of transactions, including purchasing portfolios from other lending organizations and selling bonds financed by student loan interest payments. (Wright Aff. ¶ 6.) Prior to performing each new financial analysis, Wright receives an electronic…...

Similar Documents

Access Control: Is3230

...Access Control Project Access Control: IS3230 By Andrew Reed November 20, 2012 TABLE OF CONTENTS 1 INTRODUCTION 1.1 Project Title 1.2 Project Schedule Summary 1.3 Project Deliverables 1.4 Project Guides 1.5 Project Team Members 1.6 Purpose 1.7 Goals and Objectives 2 Risks and Vulnerabilities 2.1 Overall 2.2 Billings, Montana 2.3 Warsaw, Poland 3 Proposed Budget 4 IDI Proposed Solution 4.1 Billings, Montana 4.2 Warsaw, Poland 5 Drawings 6 Conclusion 1 INTRODUCTION 1.1 Title of the project Access Control Proposal Project 1.2 Project schedule summary The project will be a multi-year phased approach to have all sites (except JV and SA) on the same hardware and software platforms. 1.3 Project deliverables • Solutions to the issues that the specifies location of IDI is facing • Plans to implement corporate-wide information access methods to ensure confidentiality, integrity, and availability • Assessment of strengths and weaknesses in current IDI systems • Address remote user and Web site user’s secure access requirements • Proposed budget for the project—Hardware only • Prepare detailed network and configuration diagrams outlining the proposed change • Prepare a 5 to 10 minute PowerPoint assisted presentation on important access control infrastructure, and management aspects from each location. 1.4 Project Guides Course Project Access Control Proposal Guide Juniper Networks......

Words: 1198 - Pages: 5

Is3230 Lab 1

...Felix Tamez IS3230 Lab 1 Assignment 1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. The controls are discretionary in the sense that a subject with certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject (unless restrained by mandatory access control)". 2. Why would you add permissions into a group instead of the individual? What policy definition do you think is required to support this type of access control implementation? Adding permissions in a group is a lot more resourceful and less time consuming via individually. Group Policies 3. List the 5 different access control permissions that can be enabled on user folders and data within a Microsoft Windows Server. Full Control, Modify, Execute, Read, Write 4. What is the lowest level of permission you can enable for a user who must view the contents of a folder and its files? Why is this type of permission necessary? Read, so the user has access to any file on the system that they are entitled to but not able to make any changes. 5. What are other available Password Policy options that could be enforced within a Microsoft Windows Server to improve security? Enforce password history,......

Words: 674 - Pages: 3

Is3230

...What are the three main categories of objects to be protected by Access Controls? | | Information – any type of data asset Technology – Applications, Systems, and networksPhysical Location – buildings and rooms | What are the three elements of an Access Control System? | | Policies – RulesProcedures – nontechnical methods used to enforce policies Tools – Technical methods used to enforce policies | What are the three types of subjects when it comes to access control for specific resources? | | Authorized – presented credentials and have been approved for access Unauthorized – Don’t process the proper credentials or do not have the appropriate privileges for accessUnknown – Don’t possess any credentials at all: Don’t know if they should be given access or not | What are the three steps to the access control process? | | Identification – process of Identifying itself Authentication – verification of the subjects identity Authorization – allow or deny access to an object. | What are the principal components of Access Controls? | | Policies – who gets access to whatSubjects – User, Network, process, or applications requesting access to resources Objects – The resource to which the subject desires access | What are the......

Words: 2070 - Pages: 9

Is3230

...Project Access Control Proposal Purpose This course project is intended to assess your ability to comprehend and apply the basic concepts related to information security management, such as the following:  The ability to discern when a risk assessment should be performed and carrying out the task  Understanding user or customer access requirements, whether remote or local  Using a layered security approach to establish and maintain access controls  Working with other departments, such as the human resources department, to identify and implement methods to prevent unwarranted exposure to information by inappropriate personnel Your ability to execute the tasks within these information security domains and others will be evaluated against the learning objectives as identified and described in previous units of instruction for this course. Learning Objectives and Outcomes Successful completion of this project will ensure that you are capable of supporting the implementation and management of an information systems security framework. To be able to do so, you need to be able to do the following:  Relate how an access-control policy framework is used to define authorization and access to an information technology (IT) infrastructure for compliance.  Mitigate risks to an IT infrastructure’s confidentiality, integrity, and availability with sound access controls.  Relate how a data classification standard influences an IT......

Words: 1016 - Pages: 5

Is3230

...Lab 3 Assessment Worksheet Data Gathering and Foot-printing a Target Website 1. Which reconnaissance tool comes with Microsoft Windows that can provide and can be initiated from the DOS command prompt? What useful information does this query provide? There are several reconnaissance tools that can come with Microsoft Windows that can provide and can be initiated from the DOS command prompt there are as followed Whois, ping, IP block whois, nslookup, Sam Spade, traceroute, finger, SMTP, dig, DNS zone transfer, VRFY, and Web browser. These queries provide a list of which a list of ip addresses or name resolutions and which ports are opens. 2. What is the difference between ARIN, RIPE, IANA? What regions of the world do these domain name registry organizations cover? The difference between ARIN, RIPE AND IANA is that of the area that they cover such as ARIN covers North America, several portions of the Caribbean and the part of Africa that is south of the equator. LACNIC covers Latin America and portions of the Caribbean and APNIC covers Asia and Pacific Region 3. What other functions can be completed using the Sam Spade Utility? Functions such as whois, traceroute, finiger, ping, and nslookup can be completed using the Sam Spade Utility. 4. What is the purpose of the traceroute command? What useful information does traceroute provide? How can this information be used to attack the targeted website? The purpose of the traceroute command is to trace packets......

Words: 599 - Pages: 3

Is3230

...Week 4 Lab Part 1: Design a Multi-factor Authentication Process Assessment Worksheet Design a Multi-factor Authentication Process Lab Assessment Questions & Answers 1. In an Internet Banking Financial Institution is Single Factor Authentication acceptable? Why or why not? Yes it can be acceptable because you can buff up security elsewhere. 2. Explain the difference between Positive Verification and Negative Verification? Negative verification is the opposite of positive verification. The customer must contact the bank to verify that the information is correct. 3. What vulnerabilities are introduced by implementing a Remote Access Server? Could Allow Remote Code Execution, two heap overflow, cross-site scripting (XSS) vulnerability that could allow elevation of privilege, enabling an attacker to execute arbitrary commands on the site in the context of the target user. 4. What is a recommended best practice when implementing a Remote Access Policy server user authentication service? Using multi-factor authentication. 5. Name at least 3 remote access protections or security controls that must be in place to provide secure remote access. Authorized secure remote access, Traffic inspection and Coordinated Threat Control, Centralized security management and enterprise-wide visibility and control. 6. When dealing with RADIUS and TACACS+ for authentication methods, what protocols are used...

Words: 1143 - Pages: 5

Is3230

...The staff at 9-Iron Country Club, commonly referred to as 9, is located in the suburbs of St. Georgie. It offers the amenities of a 9-hole golf course a swimming pool, the Clubhouse, and other recreational facilities to more than 1,200 member, it employees 75 staff members who cater to private functions such as wedding, meeting and banquets. The facilities management operations and the Catering Task are normally executed through the network of the 9. We are open eight months out of the year. So there are issues during the off season that need to be covered. Then you have staff that would like to access from home to the network. In order to meet the requirements the above then 9 needs to have a mesha network set up a wireless points thur out the Club and recreational areas so that the customer can always have access to the network. Each customer /member should have their own access/password /pin to the clubs wireless network. I think that the Club should create a Sharepoint website to share information with the Staff and very important customers for example when there are wedding, and major events that can affect the schedule of the club. I also believe that the club should have VPN access and Remote Access. So that the staff can finish their work and view the work schedules from home and state in contact with the venders doing the off season and continue to for new event during the off season. The VPN and Remote would be available......

Words: 517 - Pages: 3

Is3230

...Name: Date: Instructor: L. Chretien Subject: Aligning Account Types and Privileges How Grade: One hundred points total. See each section for specific points. Learning Objectives and Outcomes * Explore the concepts of access privileges to categorize the given access privileges based on the account types and the security requirements. Assignment Requirements * Review the nine following account types: 1. Network Administrator 2. System Owner 3. System Administrator 4. Application Administrator 5. Standard User Account 6. Security Manager/CSO/CISO 7. Not allowed by network accounts 8. Remote/Traveling 9. Member of Board of Directors * Review the 30 privileges, roles, rights, and actions identified in the table below; * Match the given account types with their corresponding privileges, roles, rights, and actions; and * Remember that a specific account type may have more than one privilege, role, right, or action. Part 1: Short Answer (10 points) Identify and briefly summarize two benefits of assigning privileges, roles, rights, and actions to types of accounts vice assigning them to specific individuals. Part 2: Matching (90 points) The left side of the table lists 30 privileges, roles, rights and actions. Identify account types that could fulfill them. # | Privileges, Roles, Rights, and Actions | Account Type From List Identified Above | 1. | Must authenticate when......

Words: 415 - Pages: 2

Is3230

...1. What does DACL stand for and what does it mean? Discretionary access control List (DACL) is a type of access control defined by the Trusted Computer System Evaluation Criteria "as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. 2. Why would you add permissions into a group instead of the individual? What policy definition do you think is required to support this type of access control implementation? Adding permissions in a group is a lot more resourceful and less time consuming via individually. Group Policies 3. List the 5 different access control permissions that can be enabled on user folders and data within a Microsoft Windows Server. Full Control, Modify, Execute, Read, Write 4. What is the lowest level of permission you can enable for a user who must view the contents of a folder and its files? Why is this type of permission necessary? Read, so the user has access to any file on the system that they are entitled to but not able to make any changes. 5. What are other available Password Policy options that could be enforced within a Microsoft Windows Server to improve security? Enforce password history, Maximum password age, Minimum password age, Minimum password length, Store passwords using reversible encryption 6. Using the option to “Store passwords using reversible encryption’ a good security practice? Why or why not? When should you enable the option to ‘Store passwords using......

Words: 571 - Pages: 3

Is3230

...Healthcare organizations are migrating from hard copy to electronic records to meet today’s demands. This increase in information storage, patient records and imaging data requires large amounts of bandwidth. Flexible network solutions between data centers, hospitals, clinics and doctors’ offices to access centralized medical records. Move electronic medical records from local to centralized storage. Backup and restore medical data between data centers for disaster recovery. -All mobile devices and USB drives should be encrypted if they will be used remotely. Healthcare organizations are now routinely installing full-disk encryption on their employee laptops. USB thumb drives are a convenient way to transport documents between offices or move data between work and home. But healthcare organization should take steps to minimize the security risks created by those portable drives. The health organization has to keep in mind the threats of USB drives. If the USB lost or stolen or lost which holding protected health information or other sensitive data. The other threat is USB malware USB drives often get passed around and are handed out for free at conferences and other events. That means many people use thumb drives without knowing where they’ve been before, making USB drives an effective way to spread computer viruses. Also Insider threat gives malicious insiders a convenient method for sneaking sensitive information off of a healthcare organization’s premises. -In......

Words: 362 - Pages: 2

Is3230 Final Project Outline

...ITT Technical institute – isc program | Project: Access Control Proposal Outline | IS3230 - Access Control | | Issues at the Data Center * Different versions of unix on servers * Outdated patching * Logisuite 4.2.2 is outdated by 10 years, the license has expired, and would be extremely cost-and-time prohibitive to upgrade to the latest version * Routsim is not integrated into Logisuite or Oracle financials to take advantage of the databases for –real-time currency valuation and profit or loss projections * Managers buy whatever PCs they like and nothing is standardized * Different types of Office Software * Telecoms has not been updated in 15 years and is not integrated with customer service database to improve call management efficiency * The Service Provider for the telecom system is out of business and parts are not available for maintenance * Executives are connecting non approved devices to the network * WAN is outdated and is insufficient for the organization * The PBX is limited that only provides voice mail and call forwarding Solutions * Follow the lead of Standardization from the Brazil Site * Upgrade all the Unix servers to 11x and install appropriate patches * Look into other shipping programs such as Infor ERP and see if it would be more cost effective. ERP allows for growth because it supports large businesses as well. However, if that is not an option, then upgrade Logicsuite but to a......

Words: 794 - Pages: 4

Is3230 Lab 1

...Student Lab Manual Student Lab Manual Access Control, Authentication, and Public Key Infrastructure IS3230 Copyright © 2013 Jones & Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All Rights Reserved. Current Version Date: 07/27/2011 -1- Student Lab Manual Laboratory #1 .............................................................................................................................................. 5 Lab #1: Configure Access Controls for User Accounts given a Regulatory Case Study ................ 5 Learning Objectives and Outcomes ...................................................................................................... 5 Required Setup and Tools ...................................................................................................................... 5 Recommended Procedures ..................................................................................................................... 6 Deliverables ........................................................................................................................................... 11 Evaluation Criteria and Rubrics ......................................................................................................... 11 Lab #1 – Group Policy Object Assessment Worksheet ..................................................................... 12 Lab #1 – Assessment Worksheet ....................................................................

Words: 18755 - Pages: 76

Is3230 Lab 1

...Carlos Batino IS3230 Lab 1 Annual audit Annual audit Senate Chairs MBR0011 Senate Chairs MBR0011 Limited Life Limited Life Senate Chairs Senate Chairs RXJ0123 RXJ0123 Everyone Everyone None None Awarded Contracts Awarded Contracts None None Federal Acquisition Regulation Federal Acquisition Regulation Everyone Everyone No Action Required No Action Required Everyone Everyone Closed Investigations Closed Investigations MBH1234 RJX-123 FAR MBH1234 RJX-123 FAR Inspector General Inspector General Lab Assessment Questions & Answers 1. What does DACL stands for and what does it mean? The primary means by which authorization is determined. An ACL is conceptually a list of (account, access-rights) pairs, although they are significantly richer than that. 2. Why would you add permissions to a group instead of the individual? What policy definition do you think is required to support this type of access control implementation? You can use groups to grant permissions to similar types of users and to simplify account administration. 3. List the 5 different access control permissions that can be enabled on user folders and data within a Microsoft Windows Server. Read, Write, Read and execute, List folder contents, and modify 4. What is the lowest level of permission you can enable for a user who must view the contents of a folder and its files? Why is this type of permission necessary? Read is the lowest level of permission.......

Words: 426 - Pages: 2

Is3230 Authorization

...Learning Objectives and Outcomes * Explore the concepts related to access control process—identification, authentication, and authorization. Assignment Requirements The scenario for this assignment is based on the Acme Distribution Center, a fictitious company. You need to play the role of Sam, the system administrator. Acme is responsible for completing a huge target of 180,000 orders. It holds the reputation of having an extremely low error rate for the central distribution per the industry standards. Therefore, Acme is viewed as a model of efficiency. Another good thing about Acme is that it operates 24X7 and even on holidays! At the Acme Distribution Center, your colleagues are the following employees: * Robert, the lead warehouse receiver * Jennifer, sales and accounts payable * Bradley, the warehouse general manager * LuEllen, the shipper * Buster, the shipper * Lloyd, the purchasing agent * Spare, for temporary help Jennifer works in the Sales Department by day and part-time as the evening accounts payable clerk with credit memo privileges to correct customer orders. Jennifer is a valuable asset for the organization. Since she joined the accounts payable department, the late payment rate has dropped by 20% while the warehouse-shipping rate increased by 10%, and the overall profit has increased by a modest amount of 0.005% for the first reporting period. Your General Manager, Bradley is concerned that there is a high-value......

Words: 618 - Pages: 3

Is3230

...A Remote Access Solution requires meeting the demands for mobility from sales or remote staff who frequently out of the office. The most important decisions in the design phase of Remote Access VPN solutions include outlining the key objectives of the design, understanding how the VPN management processes are implemented, planning the required security policies, and knowing how to create a robust and scalable environment (Informit). According to 9-Iron country club’s needs, they are able to remotely access resources as they normally do if they were in the office. The Remote Access VPN Solution should meet the resiliency and availability standards of other areas of your network (Informit). To manage and design a good connectivity to provide local and global redundancy, any organization must consider some service levels such as: * Flexible deployment * Client transparency * Service transparency The management of VPN solution is delicate not only to protect 9-Iron resources from unauthorized access, but also to enable a transparent and manageable solution for all categories of potential users (Informit). VPN Service will be deploy for 9-Iron; however, the solution deployed for each category must be evaluated according to the ability to deploy, change, and enforce policy. Configuration, Change, and Operations, are three relevant management features that can make a robust Remote Access Solution. After the management, place to the security part; the 9-Iron...

Words: 359 - Pages: 2