Premium Essay

Compromised Business Analysis Impact Lab #1

In:

Submitted By magnum2
Words 605
Pages 3
Logan W. Burroughs
CIS542 – Winter 2014
1-16-2014

Describe the business threats posed by each of the following situations and explain what its effect may be if a Web application is compromised: 1. A publicly traded retailer with retail outlets and online shopping/shipping. a. Merging both in-store and online sales. In the event the web application is compromised anything from the inventory miscalculations to customer data being stolen could occur. 2. A small, private law firm’s website with forms for potential clients to complete, including name, address, contact number, and reason for scheduling an appointment. b. With including the reason for scheduling appointment, in the event of a web breach customers’ legal or other personal information could be leaked. 3. A real estate appraisal company that provides online appraisals for a publicly traded financial institution’s residential-loan applicants. The bank sends all applicant information to the appraisal company electronically. c. Again, information leaks could be a business threat. Since the company is publically traded, someone could gain insider-trading information on their stock through their financial records. 4. A Web-hosting company that provides leased servers for websites of clients ranging from small firms to large online retailers. d. Loss of intellectual property. Someone could read when popular or valuable websites’ hosting expires, then squat on it hoping to scoop up the domain/hosting then sell it back to the owner at a profit. 5. A city government that allows people with parking tickets to pay the fines online using a credit card or online check. e. Financial fraud or identity theft; customer information could be compromised including personal payment information. False payments could be made online. 6. A local residential-cleaning

Similar Documents

Premium Essay

Lab 1

...Laboratory #1 Lab #1: Evaluate Business World Transformation – Impact of the Internet and WWW Learning Objectives and Outcomes Upon completing this lab, students will be able to complete the following tasks: * Identify the security challenges on the web as they relate to various business models and the impact that is made in e-Commerce and Internet-based deployments * Extract various businesses’ personal identifiable information (PII) that is collected and stored from Internet users by a business in a web application * Distinguish among the different reasons for the attacks on web sites and determine exactly what the attackers are after when they target your WWW presence * Evaluate the current state of security on a LAMP server using Telnet, Skipfish and TCPdump to identify whether the proper tools are installed for a security evaluation of the server * Install and use Firefox Web Browser with the Live HTTP Headers plug-in Lab #1 – Compromised Business Application Impact Analysis Course Name & Number: ______________________________________________________________ Student Name: _______________________________________________________________________ Instructor Name: _____________________________________________________________________ Lab Due Date: _______________________________________________________________________ Overview The threats of the Internet go way beyond an attacker defacing your website. An attack can include the...

Words: 849 - Pages: 4

Premium Essay

Community Health and Population C229

...Application of Community Health & Population-Focused Nursing Western Governors University Measles 1. Describe the Chosen Outbreak Measles is virus with a single-stranded RNA and two membranes: a fusion protein that infuses into the host cell membrane and the hemagglutinin protein that absorbs the virus into the cells. The primary site for invasion is in the epithelium of the nares. Measles is highly contagious and very infectious because it is easily transmitted when an infected person coughs or sneezes. The virus can stay in the air or on surfaces for up to two hours and infect many people who inhale the infectious agent or touch a surface, then be introduced to a new host through touch to the eyes or nose. Once the measles virus (agent) enters a person, he is now a host and harbor the virus. The virus enters its incubation period that can last 10 to 12 days before any symptoms of sickness usually a fever of 103-105 degrees. This incubation period is a communicable stage because the virus can be spread to another before the original victim is even aware of being infected. A few days later the virus (infection) invades the lymph nodes, multiplies, and enters the blood stream. Five to seven days later, the virus is in the respiratory system and the pathological reaction to the infection is now a disease: a cough, runny nose, possible eye infection, followed by spots. These spots are in the mucous membranes and is the first...

Words: 2844 - Pages: 12

Premium Essay

Risk Management and Problem Management of a Compromised Unix Operating System

...Running head: RISK MANAGEMENT AND PROBLEM MANAGEMENT RELATION The effectiveness of the relationship between risk management and problem management of a compromised UNIX operating system CSMN 655 Computer Security, Software Assurance, Hardware Assurance, and Security Management Abstract Risk management is an ongoing, continuous process whose purpose is to identify and assess program risks and opportunities with sufficient lead-time to implement timely strategies to ensure program success. The entire risk management process balances the operational and economic costs of protective measures and contributes to mission capability by protecting the systems and the data that support the organizational mission from both deliberate and unintentional compromise. Computer security problem, or incident, management is an administrative function of managing and protecting computer assets, networks and information systems. These systems continue to become more critical to the personal and economic welfare of our society. Organizations must understand their responsibilities to the public good and to the welfare of their members. This responsibility extends to having a management program for reacting to system breaches, if and when they occur. Incident management is a program which defines and implements a process that an organization may adopt to promote its own welfare and the security of the public...

Words: 4103 - Pages: 17

Premium Essay

Company Security Policy

...------------------------------------------------- Rhombus, Inc. Company Security Policy Rev 1.1.15.12.4 Dec 2015 Editors: Rhombus, Inc. Policy Team 1 Rhombus, Inc. 14 1.1 About This Document 14 1.2 Company History 14 1.3 Company Structure and IT Assets 14 1.4 Industry Standards 15 1.5 Common Industry Threats 15 1.6 Policy Enforcement 16 2 Credit Card Security Policy 17 2.1 Introduction 17 2.2 Scope of Compliance 17 2.3 Requirement 1: Build and Maintain a Secure Network 17 2.4 Requirement 2: Do not use Vendor-Supplied Defaults for System Passwords and Other Security Parameters 18 2.5 Requirement 3: Protect Stored Cardholder Data 19 2.6 Requirement 4: Encrypt Transmission of Cardholder Data across Open and/or Public Networks 20 2.7 Requirement 5: use and Regularly Update Anti-Virus Software or Programs 20 2.8 Requirement 6: Develop and Maintain Secure Systems and Applications 21 2.9 Requirement 7: Restrict Access to Cardholder Data by Business Need to Know 21 2.10 Requirement 8: Assign a Unique ID to Each Person with Computer Access 22 2.11 Requirement 9: Restrict Physical Access to Cardholder Data 22 2.12 Requirement 10: Regularly Monitor and Test Networks 23 2.13 Requirement 11: Regularly Test Security Systems and Processes 25 2.14 Requirement 12: Maintain a Policy that Addresses Information Security for Employees and Contractors 26 2.15 Revision History 29 3 Acceptable Use Policy...

Words: 26545 - Pages: 107

Premium Essay

Vulnerability in Information

...CHAPTER 1 Vulnerabilities, Threats, and Attacks Upon completion of this chapter, you should be able to answer the following questions: ■ ■ What are the basics concepts of network security? What are some common network security vulnerabilities and threats? ■ ■ What are security attacks? What is the process of vulnerability analysis? Key Terms This chapter uses the following key terms. You can find the definitions in the glossary at the end of the book. Unstructured threats Structured threats External threats Internal threats Hacker Cracker Phreaker Spammer Phisher page 21 page 21 page 21 page 21 page 21 page 20 page 20 page 20 page 21 White hat Black hat page 21 page 21 page 28 page 28 Dictionary cracking Brute-force computation Trust exploitation Port redirection page 28 page 29 page 30 Man-in-the-middle attack Social engineering Phishing page 30 page 30 2 Network Security 1 and 2 Companion Guide The Internet continues to grow exponentially. Personal, government, and business applications continue to multiply on the Internet, with immediate benefits to end users. However, these network-based applications and services can pose security risks to individuals and to the information resources of companies and governments. Information is an asset that must be protected. Without adequate network security, many individuals, businesses, and governments risk losing that asset. Network security is the process by which digital information assets...

Words: 13317 - Pages: 54

Free Essay

Man 4320 Study Guide

...MAN 4320 Study Guide – Test #1 – Chapters 1-5 In fairness to all students I ask that you NOT send me individual inquiries related to specific topics addressed in this study guide for which you require further clarification. I have found in the past that by responding to one student’s inquiry this might be viewed as demonstrating preferential treatment. Therefore, should you require any further clarification I will defer to this disclaimer and not respond to your inquiry. There are a total of 80 questions @ 1.25 points and it will be available in the Testing Lab from 7:00 a.m. on September 29th to 11:59 p.m. on September 30th. Upon completion of the test you will be able to view your scores. Chapter 1 – 5 T/F and 11 M/C Should strategic staffing systems be aligned with a firm’s business strategy? In what ways does staffing influence organizational performance? Is reducing the turnover rate of high performers a staffing process goal? Define talent management. Is it more important to fill jobs quickly or is it better to fill jobs efficiently at minimum expense? Should firms select only those candidates who already possess the skills that are necessary to be quickly and cheaply trained by the firm? How does employer branding create a favorable image in desired applicants’ minds? Would you classify number of qualified applicants as a staffing process or outcome goal? Define recruiting, performance management and deployment. When a firm determines it will need to hire...

Words: 1528 - Pages: 7

Premium Essay

Itrust Database Software Security Assessment

...iTrust Database Software Security Assessment Security Champions Corporation (fictitious) Assessment for client Urgent Care Clinic (fictitious) Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root University of Maryland University College Author Note Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College. This research was not supported by any grants. Correspondence concerning this research paper should be sent to Amy Wees, Brooks Rogalski, Kevin Zhang, Stephen Scaramuzzino and Timothy Root, Department of Information and Technology Systems, University of Maryland University College, 3501 University Blvd. East, Adelphi, MD 20783. E-mail: acnwgirl@yahoo.com, rogalskibf@gmail.com, kzhang23@gmail.com, sscaramuzzino86@hotmail.com and Chad.Root@gmail.com Abstract The healthcare industry, taking in over $1.7 trillion dollars a year, has begun bringing itself into the technological era. Healthcare and the healthcare industry make up one of the most critical infrastructures in the world today and one of the most grandiose factors is the storage of information and data. Having to be the forerunner of technological advances, there are many changes taking place to streamline the copious amounts of information and data into something more manageable. One major change in the healthcare industry has been the implementation...

Words: 7637 - Pages: 31

Premium Essay

Informative

...4.5 Contact/Instructional hours: 60 (30 Theory, 30 Lab) Prerequisite: IS3110 Risk Management in Information Technology Security or equivalent Corequisite: None Table of Contents Course Overview 5 Course Summary 5 Critical Considerations 5 Instructional Resources 6 Required Resources 6 Additional Resources 6 Course Management 8 Technical Requirements 8 Test Administration and Processing 8 Replacement of Learning Assignments 9 Communication and Student Support 9 Academic Integrity 10 Grading 11 Course Delivery 13 Instructional Approach 13 Methodology 13 Facilitation Strategies 14 Unit Plans 15 Unit 1: Information Security Policy Management 15 Unit 2: Risk Mitigation and Business Support Processes 25 Unit 3: Policies, Standards, Procedures, and Guidelines 33 Unit 4: Information Systems Security Policy Framework 42 Unit 5: User Policies 50 Unit 6: IT Infrastructure Security Policies 58 Unit 7: Risk Management 66 Unit 8: Incident Response Team Policies 74 Unit 9: Implementing and Maintaining an IT Security Policy Framework 83 Unit 10: Automated Policy Compliance Systems 90 Unit 11: Course Review and Final Examination 97 Course Support Tools 101 Evaluation of Student Learning 102 STUDENT COPY 103 Graded Assignment Requirements 104 Unit 1 Discussion 1: Importance of Security Policies 105 Unit 1 Assignment 1: Security Policies Overcoming Business...

Words: 18421 - Pages: 74

Premium Essay

C156 Advanced Information Management

...C156 Advanced Information Management– Task 1 A2. Analysis of Technology Two organizations migrating to a common health information system would need a system that meets current regulatory requirements, meets the needs of the combined organization and their practice environment. The implementation of a common health information system would require an interdisciplinary group of forward thinking innovators, and an interoperable electronic medical record system that includes standard nursing terminology. The technology needed in this scenario that would make this combination successful consist of network security measures to ensure security of protected health information under the federal requirements of HIPPA and HITECH. The use of emerging technology such as cellphones, tablets and remote technology should also be included in the discussions of creating a telehealth system that would accommodate both of the combining organizations. Telehealth not only includes communication between patients and healthcare providers, but also communication between healthcare providers in both of the combining organizations. Video conferencing can save healthcare providers time and money by allowing them to collaborate with one another without being physically near one another. A3. Identification of Team The interdisciplinary team on the project committee will consist of four team members. Team member A would be the project team lead in which I would nominate myself...

Words: 3168 - Pages: 13

Premium Essay

Cyber Crime

...Table of Contents 1. Executive Summary ......................................................................................................................... 2 2. Introduction ...................................................................................................................................... 2 3. Theory and Concepts ...................................................................................................................... 2 3.1. Cyber Crime ................................................................................................................................. 2 3.2. Cyber security ............................................................................................................................... 3 4. Key Findings / Discussion of your research topic ............................................................................ 3 4.1. The major risks of cyber security ................................................................................................. 3 4.1.1. To consumers ........................................................................................................................ 3 4.1.2. To businesses........................................................................................................................ 4 4.1.3. IT organisations ..................................................................................................................... 4 4.1.4. Telecommunication companies...

Words: 3380 - Pages: 14

Premium Essay

Swot

...Situational Analysis Tools A thorough situational analysis will begin with an initial study of the business case in order to identify the current or implied mission, vision, strategic direction and strategic goals, as well as the preferences, needs, targets and constraints of significant stakeholders (e.g. shareholders, senior management, creditors, customers, suppliers, etc.). As well, the more obvious strengths and weaknesses, and a good cross-section of opportunities and threats (SWOT) can be identified and appropriately categorized. The initial scan should then be followed by a more careful study using some of the analytical tools mentioned below, in order to find the less obvious and often more pertinent strengths, weaknesses, opportunities and threats pertaining to the situation at hand. The final step will be to consider the comprehensive list of these factors that have been generated (reproduced in an exhibit to your report), and to focus on the most important and relevant items that a) have caused the current situation (weaknesses), or b) must be solved (weaknesses) or mitigated (threats) in order to rectify the current situation, or c) must be drawn upon in order to come to a viable resolution to the problem (opportunities and strengths). This final list will comprise the items that you will emphasize in the body of your report. SWOT Analysis A major starting point in solving a business problem is to take a close look at the environment within which an organization...

Words: 7525 - Pages: 31

Premium Essay

Lab 2 Ist

...Lab 2 - Align Risks, Threats, and Vulnerabilities to COBIT PO9 Risk Mgmt. Controls Part 1 4. Discuss the primary goal of the COBIT v4.1 framework. Provide a basic description of cobit. * The purpose of Control Objectives for Information and related Technology (COBIT) is to provide management and business process owners with an information technology (IT) governance model that helps in delivering value from IT and understanding and managing the risks associated with IT. COBIT helps bridge the gaps amongst business requirements, control needs and technical issues. It is a control model to meet the needs of IT governance and ensure the integrity of information and information systems. 5. Explain the major objective of the Control area (COBIT 4.1 Controls Collaboration link on the left side of the COBIT website) * “The COBIT Controls area within ISACA's Knowledge Center promotes collaboration and sharing of information, solutions and experience among COBIT users.” 6. From the COBIT Domains and Control Objectives section, list each of the types of control objectives and briefly describe them based on the descriptions on the website. * Plan and Organize – “This domain covers strategy and tactics, and concerns the identification of the way IT can best contribute to the achievement of the business objectives. The realization of the strategic vision needs to be planned, communicated and managed for different perspectives. A proper organization as well as technological...

Words: 4162 - Pages: 17

Free Essay

Is4550 Unit 3 Assignment 1

...The  Critical  Security  Controls   for   Effective  Cyber  Defense   Version  5.0                     1       Introduction   .....................................................................................................................................................................  3   CSC  1:    Inventory  of  Authorized  and  Unauthorized  Devices  ............................................................................  8   CSC  2:    Inventory  of  Authorized  and  Unauthorized  Software  .......................................................................  14   CSC  3:    Secure  Configurations  for  Hardware  and  Software  on  Mobile  Devices,  Laptops,   Workstations,  and  Servers  .......................................................................................................................................  19   CSC  4:    Continuous  Vulnerability  Assessment  and  Remediation  .................................................................  27   CSC  5:    Malware  Defenses  ..........................................................................................................................................  33   CSC  6:    Application  Software...

Words: 31673 - Pages: 127

Premium Essay

Mobile Computing

...Mobile Computing and Social Networking’s Influence on the Medical Services Beverley Stephens Dr. Robert E. Culver CIS 500- information Systems for Decision Making August 14, 2012 Introduction There have been a lot of changes in the health industry due to technological advancement in the areas of wireless networks. This advancement has allowed care givers to use devices such as personal cellular devices, pervasive sensing technologies, and social networks, to deliver health care from providers to clients. There are certain effects of using mobile technology blood pressure monitoring, checking glucose level, oxygen level and heart rate, etc. Monitoring Patient Vital Signs via Mobile Computing Versus In-Patient Visits Vital signs are key indicators of a patient overall health status.  We are at a point in time where temperature, heart rate, blood pressure, glucose levels, oxygen levels, and respiratory rates can now be taken via mobile technology. There was a time when patients had to travel to the doctor’s office or other health care facilities in order to have these vital tests done. It was also the norm to have a health care provider doing these tests in person and writing down the results. These results were input into a chart or a computer system by the provider who took them. Sometimes it was documented right away or hours later when time allow. Mistakes were also a factor because the health care provider input the wrong information and this sometimes impacted...

Words: 1567 - Pages: 7

Premium Essay

Financial Analysis

...Financial Analysis Name: Medtronic, Inc. (NYSE- MDT) Principal Office: 710 Medtronic Pkwy., N.E. Minneapolis, MN 55432, (763) 514-4000 Website: www.medtronic.com NAICS: 325412: Pharmaceutical Preparation Manufacturing Primary SIC: 3845- Electromedical and Electrotherapeutic Apparatus Manufacturing Secondary SIC: 339112- Surgical and Medical Instrument Manufacturing. Auditor: PricewaterhouseCoopers LLP, New York, NY Primary Bank: Wells Fargo Bank, N.A., Minneapolis, MN Company started: 1949 Number of Employees: 45,499 Table of Contents: Sl. | Topics | Page | 1 | General Description of Medtronic Inc. | 1 | 2 | Challenges 2.a. Medical Device Industry2.b. Medtronic Inc. | 3 | 3 | Ethical issues | 5 | 4 | Financial Analysis4.a. Financial Analysis of 10K 4.b.Cost and expenses analysis 4.c. Financial Ratios | 689 | 5 | Industry/Competitor Analysis | 11 | 6 | Conclusion | 13 | 7 | Bibliography | 14 | By Geethapriya Setty (100918266) Address: 1300 Hennepin Ave, Apt M101, Minneapolis, Minnesota-55403 Section 1: General Description of Medtronic Inc. Medtronic Inc., a medical technology company, was founded in 1949 by Earl Bakken and Palmer Hermundslie. It was incorporated in 1957 in Minneapolis, Minnesota. They were the first to create a wearable cardiac pacemaker in 1957. They have been able to expand their business from a small repair company, which serviced medical equipment...

Words: 6042 - Pages: 25