W9 Assessment It 255

In: Business and Management

Submitted By dallashowell89
Words 661
Pages 3
[pic]

Martin’s Inc. Ethics Policy

Created by or for the SANS Institute. Feel free to modify or use for your organization. If you have a policy to contribute, please send e-mail to stephen@sans.edu

1. Overview Martin’s Inc. purpose for this ethics policy is to establish a culture of openness, trust and integrity in business practices. Effective ethics is a team effort involving the participation and support of every Martin’s Inc. employee. All employees should familiarize themselves with the ethics guidelines that follow this introduction.

Martin’s Inc. is committed to protecting employees, partners, vendors and the company from illegal or damaging actions by individuals, either knowingly or unknowingly. When Martin’s Inc. addresses issues proactively and uses correct judgment, it will help set us apart from competitors.

Martin’s Inc. will not tolerate any wrongdoing or impropriety at anytime. Martin’s Inc. will take the appropriate measures act quickly in correcting the issue if the ethical code is broken. Any infractions of this code of ethics will not be tolerated.

2. Purpose Our purpose for authoring a publication on ethics is to emphasize the employee’s and consumer’s expectation to be treated to fair business practices. This policy will serve to guide business behavior to ensure ethical conduct.

3. Scope This policy applies to employees, contractors, consultants, temporaries, and other workers at Martin’s Inc., including all personnel affiliated with third parties.

4. Policy 1. Executive Commitment to Ethics 1. Top brass within Martin’s Inc. must set a prime example. In any business practice, honesty and integrity must be top priority for executives. 2. Executives must have an open door policy and welcome suggestions and concerns from employees. This will allow employees to feel…...

Similar Documents

It 255

...between risks, threats and vulnerabilities as it pertains to Information Systems Security throughout the seven domains of a typical IT infrastructure? / They all affect security and integrity of a network domain local. 3. Which application is used in step #2 in the hacking process to perform a vulnerability assessment scan? / Nessus 4. Before you conduct an ethical hacking process or penetration test in a live production network, what must you do prior to performing the reconnaissance and probing and scanning procedures? / Perform an IP host discovery and port intense scan 5. What is a CVE listing? Who hosts and who sponsors the CVE database listing website? / A system that provides a record for publicly know ISS vulnerability / The public 6. Can ZenMap GUI detect what operating systems are present on IP servers and Workstations? What would that option look like in the command line if running a scan on 172.30.0.10? / Yes / It would be the green text in the command line 7. If you have scanned a live host and detected that it is running Windows XP workstation OS, how would you use this information for performing a Nessus Vulnerability assessment scan? / You need to select Windows Credentials in the drop down menu next to credential type. 8. Once vulnerability is identified by Nessus, where can you check for more information regarding the identified vulnerability, exploits, and the risk mitigation solution? / By clicking the reports tab and......

Words: 395 - Pages: 2

Itt 255 Lab 6

...Lab 6 – Assessment Worksheet: 1. What is the difference between a risk analysis (RA) and a business impact analysis (BIA)? Ans: Risk analysis is often identifying the potential threats and the associated vulnerabilities to the organizations .Risk analysis doesn’t view the organization from the mission critical Business Process point of view. More over BIA perceives the organization from the impact that is going to occur for an organization if the critical business processes are interrupted or tampered 2. What is the difference between a Disaster Recovery Plan and a Business Continuity Plan? Ans: Disaster recovery is the older of the 2 functions. DR planning is an essential part of business planning that – too often – gets neglected. Part of this has to do with the fact that making a Disaster Recovery plan requires a lot of time and attention from busy managers and executives from every functional department within the company. Business continuity is a newer term which was first popularized as a response to the Y2K bug. In order to stop your company from bleeding money in these situations, you need a plan that will allow the organization to continue generating revenue and providing services – although possibly with lower quality – on a temporary basis until the company has regained its bearings. 3. Typically, a business continuity plan is also a compilation or collection of other plans. What other plans might a BCP and all supporting documents......

Words: 835 - Pages: 4

Itt 255

...... 18 Evaluation Criteria and Rubrics.............................................................................................................. 18 Lab #1 – Assessment Worksheet ............................................................................................................ 19 Laboratory #2 .............................................................................................................................................. 22 Lab #2: Perform a Vulnerability Assessment Scan Using Nessus® ....................................................... 22 Learning Objectives and Outcomes........................................................................................................ 22 Required Setup and Tools....................................................................................................................... 22 Recommended Procedures...................................................................................................................... 25 Deliverables ............................................................................................................................................ 38 Evaluation Criteria and Rubrics.............................................................................................................. 38 Lab #2 – Assessment Worksheet ............................................................................................................ 40 Laboratory #3 ............................

Words: 32796 - Pages: 132

Biostat 255 1

...subset of B and write A ⊂ B . Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 1 / 49 In what follows all sets will be subsets of a larger set Ω. The complement of A in Ω is denoted by Ac and represents elements of Ω which do not belong to A: Ac = { ω ∈ Ω : ω ∈ A} / The complement of the set Ω is given by the empty set ∅. Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 2 / 49 For any sets A ⊆ Ω, B ⊆ Ω, we denote by A ∪ B and A ∩ B their union and intersection. The union represents points which belong to A or B : A ∪ B = {ω ∈ Ω : ω ∈ A or ω ∈ B } while intersection corresponds to points which belong to both sets A ∩ B = {ω ∈ Ω : ω ∈ A and ω ∈ B } If A and B are disjoint sets, i.e. A ∩ B = ∅, then their union will be denoted by A + B . Finally, the difference and the symmetric difference are defined as B − A = B ∩ Ac = {ω : ω ∈ B and ω ∈ A} − difference / A∆B = (A − B ) ∪ (B − A) − symmetric difference Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 3 / 49 The operations of union and intersection are governed by certain laws. They are given by (i) identity laws: A∪∅ = A and A∩Ω = A (ii) domination laws: A∪Ω=Ω and A∩∅=∅ A∪A = A and A∩A=A A∪B =B∪A and A∩B =B∩A (iii) idempotent laws (iv) commutative laws: Dorota M. Dabrowska (UCLA) Biostatistics 255 September 21, 2011 4 / 49 (v) associative laws: A ∪ (B ∪ C ) = (A......

Words: 3741 - Pages: 15

It-255

...auditing, testing, and monitoring test results IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 3 EXPLORE: CONCEPTS IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 4 Purpose of an IT Security Assessment Check effectiveness of security measures. Verify access controls. Validate established mechanisms. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 5 IT Security Audit Terminology  Verification  Validation  Testing  Evaluation IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 6 Purpose of an IT Infrastructure Audit Verify that established controls perform as planned. Internal audits examine local security risks and countermeasures. External audits explore attacks from outside. IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 7 IT Security Assessment vs. Audit Security Assessment: Examines systems for established security policies and regulatory compliance Security Audit: Identifies what weaknesses exist despite established security controls IT255 Introduction to Information Systems Security © ITT Educational Services, Inc. All rights reserved. Page 8 Ethical Hacking  Seeks to identify......

Words: 799 - Pages: 4

It 255 Lab 3

...Shanda Dunlap April 8, 2013 IT-255 Lab 3 1. What are the three fundamental elements of an effective access control solution for information systems? Identification, Authentication, and Authorization 2. What two access controls can be setup for a Windows Server 2003 folders and authentication? Authentication and Access control 3. lf you can browse a file on a Windows network share but are not able to copy it or modify it what type of access controls and permissions are probably configured? What type of Access Control would best describe this access control situation? List Folder Contents – Security Policy based control. 4. What is mechanism on a Windows Server where you can administer granular policies and permission on a Windows network using role-based access? Group Policy Editor 5. What is two-factor authentication and why is it an effective access control technique? Two Factor uses two of the three characteristics in Authentication types (Knowledge, Ownership, Characteristics) 6. Relate how Windows Server 2008 R2 Active Directory and the configuration of access controls achieve C-I-A for departmental LANs, departmental folders, and data. Creates security principals in the Active Directory domain partition. 7. Is it good practice to include the account or user name in the password? Why or why not? It is not a good idea to have a user name in the password, because it easy for people can try to hack or decode the password. 8. Can a......

Words: 326 - Pages: 2

Iss 255 Final Exam

...ordinary IT security policy framework? 18. Which of the following helps you determine the appropriate access to classified data? 19. Which of the following refers to the management of baseline settings for a system device? 20. Identify a primary step of the SDLC. 21. Which of the following is a process to verify policy compliance? 22. When monitoring a system for anomalies, the system is measured against _. 23. Which of the following is not a type of penetration test? 24. Identify a drawback of log monitoring. 25. Which of the following is not a type of monitoring device? 26. Identify the primary components of risk management. 27. Which of the following is not a part of a quantitative risk assessment? 28. What are the primary components of business continuity management (BCM)? 29. Which of the following determines the extent of the impact that a particular incident would have on business operations over time? 30. What does risk management directly affect? 31. Which of the following is a cipher that shifts each letter in the English alphabet a fixed number of positions, with Z wrapping back to A? 32. Identify a security objective that adds value to a business. 33. Which of the following is an asymmetric encryption algorithm? 34. Identify a security principle that can be satisfied with an asymmetric digital signature and not by a symmetric signature. 35. Which of the following is a......

Words: 714 - Pages: 3

Itt 255 Lab 6

...org/ (accessed May 26, 2010).  US Computer Emergency Readiness Team http://www.us-cert.gov/ (accessed May 26, 2010).  US Department of Homeland Security http://www.dhs.gov/ (accessed May 26, 2010).  US National Institute of Standards & Technology http://www.nist.gov/ (accessed May 26, 2010). NOTE: All links are subject to change without prior notice. 12 Date: 2/12/2012 Introduction to Information Security Syllabus Keywords:                             Availability Business Continuity Business Impact Analysis Compliance Laws Confidentiality Cryptography Disaster Recovery Incident Response Information Security Information Systems Security Integrity IT Risks, Threats, Vulnerabilities IT Security Assessment IT Security Audit Malicious Code Malware Network Security Risk Management Security Breaches Security Controls Security Countermeasures Security Incidents Security Management Security Monitoring Security Operations Security Testing Telecommunications Security Unauthorized Access 13 Date: 2/12/2012 Introduction to Information Security Syllabus Course Plan Instructional Methods This course is designed to promote learner-centered activities and support the development of cognitive strategies and competencies necessary for effective task performance and critical problem solving. The course utilizes individual and group learning activities, performance-driven assignments, problem-based cases, projects, and discussions.......

Words: 3887 - Pages: 16

Assessment

...BUSINESS & CREATIVE SERVICES Deliver and Monitor a Service to Customers BSBCUS301A ASSESSMENT FOR WORKPLACE LEARNERS *NOTE: This assessment should be supported by a Supervisor’s Verification Report completed by an appropriate workplace supervisor. Please word process all responses. |Student Name: | | |Student Declaration: |I declare that the work submitted for this assessment is completely my own. | |Student Signature: | | |Date: | | | | | |Employer Name: (Organisation) | | |Supervisor Name: | | |Supervisor Signature: | | |Date: ...

Words: 684 - Pages: 3

Assessments

...Career Assessment One of the most popular personality tests in the world is the Myers-Briggs Type Indicator (MBTI), a psychological-assessment system based on the work of psychologist Carl Jung. The MBTI asks a person to answer a series of ‘forced-choice’ questions, where one choice identifies you as belonging to one of four paired traits. The basic test takes twenty minutes, and at the end you are presented with a precise, multi-dimensional summary of your personality. The MBTI test classifies people into types based on four opposing dimensions, Extraversion-Introversion (E-I), Sensing-Intuition (S-N), Thinking-Feeling (T-F) and Judging-Perceiving (J-P). Based on the answers to the questions on the inventory, people are identified as having one of 16 personality types. The goal of the MBTI is to allow someone the ability to further explore and understand their own personalities including their likes, dislikes, strengths, weaknesses, possible career predilections, and compatibility with other people. Taking the Myers-Briggs Type Indicator can provide a lot of insight into your personality, which is probably why the instrument has become so enormously popular. Each opposing aspect of the MBTI test helps to explore personality a little more. The Extraversion-Introversion (E-I) helps show a preference for focusing attention on, and drawing energy from, the outside world of people and things rather than the inner world of ideas and impressions. Sensing-Intuition......

Words: 909 - Pages: 4

Assessments

...CIPD Unit of Assessment – 09003 Unit title | Recording, analysing and using human resource information | Level | 3 | Credit value | 3 | Unit code | 09003 | Unit review date | Sep-11 | Qualifications link | Certificate in Human Resource Practice | Aim | To enable the learner to record, analyse and use accurate records relating to human resources and understand the legal implications of record keeping | Unit abstract The overall focus of this core unit is to develop the learner’s understanding of the important contribution which accurate data, whether stored manually or electronically, can make to the HR function. The legal implications of storing personnel data are also addressed. The unit will enable the learner to record data and interpret, analyse and present information clearly and accurately in an appropriate format to support the HR function in decision-making in order to meet organisation-wide objectives. The unit content is intended to span the remit of data management for all areas of the HR function including but not limited to human resource planning, performance management, absence management, recruitment and selection and disciplinary and grievance procedures. A separate unit is available for data management relating to learning and development. This unit is suitable for persons who: * are working in human resources in an administrative capacity * have responsibility for data management relating to individuals within an......

Words: 1070 - Pages: 5

Assessment

...Running head: ASSESSMENT AND TREATMENT 1 Assessment and Treatment of Suzie Haymaker Toni Hamm Liberty University ASSESSMENT AND TREATMENT 2 Substance Use Assessment The purpose of this assessment is to determine what issues Ms. Haymaker has and to provide a treatment plan that will lead to a successful life change. Demographic and Identifying Information Name: Suzie Haymaker DOB/Age: 06/09/1977 37-years-old Chief Complaint: Mental health and addiction problems Source of Information The following information was utilized in this report: Clinical Interview with Suzie Haymaker, Medical Records, Alcohol, Smoking and Substance Involvement Screening Test (ASSIST). Background Information Ms. Haymaker is a 37 y/o Caucasian female born June 9, 1977. She currently lives with her same sex spouse (m. 10/9/2014) and they own their home. She states she has three minor daughters from a previous marriage. She state she has an Associates Degree and is currently working on her Bachelors Degree. Ms. Haymaker has been unemployed since 2009 and is currently drawing Social Security Disability (SSDI). Ms. Haymaker has a medical history of hypertension, uncontrolled diabetes, peripheral neuropathy, morbid obesity, atrial fibrillation, anemia and blood clots. In 2013 she was hospitalized for......

Words: 735 - Pages: 3

Rst 255 Term Paper

...Blake Groesbeck RST 255-B Term Paper 5/4/15 grosbck2 Term Paper: Bigger Stronger Faster In our everyday lives every action has a positive and negative effect, where individuals are constantly using ethical lenses to judge their stance on a certain situation, whether they know it or not. After having the chance to watch the ESPN 30 for 30 Bigger Stronger Faster, it was an extremely eye opening experience. The documentary took an objective stance on the use of anabolic steroids where the National Institute on Drug Abuse defines anabolic-androgenic steroids as, “a synthetic variant of the male sex hormone testosterone and that “anabolic” refers to muscle-building and “androgenic” refers to increased male sexual characteristics.” The use of anabolic steroids for sports/recreation is illegal and is considered by the United States as a controlled substance, however the use of anabolic steroids for medical use is legal. The ethical question I am asking is, “how can the United States “claim” that the use of anabolic steroids for medical reasons be ethical and can “help” someone when they “claim” that the use of anabolic steroids for sports/recreation to be unethical and will “hurt” someone?” In order to take an objective stance I will use three of the five ethical lenses provided in class. The five ethical lenses that were provided in class are: the Utilitarian Approach, the Rights Approach, the Fairness or Justice Approach, the Common Good Approach, and the Virtue Approach. ...

Words: 1505 - Pages: 7

Adj 255 Slingshot Academy / Tutorialrank.Com

...ADJ 255 Entire Course For more course tutorials visit www.tutorialrank.com ADJ 255 Week 1 CheckPoint: Constitutionality of Free Speech vs. Threats to National Security ADJ 255 Week 1 Assignment: Privacy Rights and Press Freedoms ADJ 255 Week 1 CheckPoint: The Media, Crime, and Violence ADJ 255 Week 2 Discussion Question 1 ADJ 255 Week 2 Discussion Question 2 ADJ 255 Week 2 CheckPoint: Media-Based Anticrime Efforts ADJ 255 Week 3 CheckPoint: Excessive Use of Force ADJ 255 Week 3 Assignment: Senator’s Letter ADJ 255 Week 4 CheckPoint: Death Penalty Legislation ADJ 255 Week 4 Discussion Question 1 ADJ 255 Week 4 Discussion Question 2 ADJ 255 Week 5 CheckPoint: Women and the Criminal Justice System ADJ 255 Week 5 Assignment: Equality of Justice, Jury Nullification ADJ 255 Week 6 CheckPoint: Abolish Parole ADJ 255 Week 6 Discussion Question 1 ADJ 255 Week 6 Discussion Question 2 ADJ 255 Week 7 CheckPoint: The USA PATRIOT ACT- Appendix B ADJ 255 Week 7 Assignment: Government Expansion for National Security ADJ 255 Week 8 CheckPoint: Strategies for Law Enforcement- Appendix C ADJ 255 Week 8 Discussion Question 1 ADJ 255 Week 8 Discussion Question 2 ADJ 255 Capstone CheckPoint: An Informed Opinion ADJ 255 Final Project: Criminal Justice Opinion Portfolio ---------------------------------------------------------------------------------------------------------------------- ADJ 255 Capstone CheckPoint: An Informed Opinion(UOP) For more course......

Words: 729 - Pages: 3

It-255 Study Guide

...data. Configuration control - The management of the baseline settings for a system device. SDLC - Design is a primary step Security Auditing - to process to verify policy compliance. Baseline - In order to recognize something as abnormal, you first must know what normal looks like (when monitoring systems for anomalies. Monitoring Issues - many organizations turn off logs because they produce too much information. Verifying Security Controls - Controls that monitor activity include intrusion detection systems (IDS), intrusion prevention systems (IPSs), and firewalls. Testing Methods - Black-box testing, White-box testing, Grey-box testing Risk Management - Directly affects security controls BCP - Is not part of quantitative risk assessment Primary components of Risk Management - Reduction, Avoidance, Mitigation Planning for Disasters - part of business continuity management (BCM), which includes both: BCP and DRP Business Impact Analysis (BIA) - determines the extent of the impact that a particular incident would have on a business operations over time. Cryptography - Accomplishes Four Security Goals: Confidentiality, Integrity, Authentication, Nonrepudiation Authorization - Adds value to a business. Rivest-Shamir-Adelman RSA - An Asymmetric Encryption Algorithm. Nonrepudiation - Which security principle can you satisfy with an asymmetric digital signature but not a symmetric one? Application Layer - This is responsible for interacting with end......

Words: 619 - Pages: 3