...Pete Lorincz University of Phoenix IT/244 Intro to IT Security Instructor’s Name: Tom Joseph Date: June 10, 2012 Introduction Due in Week One: Give an overview of the company and the security goals to be achieved. 1 Company overview As relates to your selected scenario, give a brief 100- to 200-word overview of the company. The Bloom Design Group which provides services throughout the globe and has two locations in the United States, located in Los Angeles, and New York. The corporate office is located in New York. The company offers customers a virtual decorating tool for their clients to create their specific designs. The website allows the interior designers to access the client files and company style guides along with the ability to electronically process orders for design materials and furniture. A secure login and password is required from the designers to access the website and its many features. The employees work remotely to access the corporate network use a VPN. 2 Security policy overview Of the different types of security policies—program-level, program-framework, Issue-specific, and system-specific—briefly cover which type is appropriate to your selected business scenario and why. The implementation of the system-specific policy would be the proper choice for Bloom Design Group. The system-specific policy is required because Bloom Design has customers and designers who access the website at all...
Words: 664 - Pages: 3
...values incorrectly leading to a massive failure of the entire system. NASA’s mars orbiter crashed into mars because the engineers failed to convert English to metric measurements during the exchange of vital data. The navigation team used meters and millimeters while astronautics responsible for the design of the spacecraft used inches, feets and pounds. This is a special example of an incomplete mediation. Q2 In the realization of the challenges and problems resulting from incomplete mediation, complete mediation...
Words: 743 - Pages: 3
...------------------------------------------------- Abstract This describes the need for and the challenges of building secure software, general principles of secure software development, and the key elements of a secure software life cycle process. Key Highlights of Term Paper * Software’s Vulnerability to Attack * The Challenge of Building Secure Software * Software Assurance * General Principles of Secure Software Development * What the Software Practitioner Needs to Know * Integrating Security into the Software Life Cycle ------------------------------------------------- Software’s Vulnerability to Attack What makes it so easy for attackers to target software is the virtually guaranteed presence of vulnerabilities, which can be exploited to violate one or more of the software’s security properties. According to CERT, most successful attacks result from targeting and exploiting known, non-patched software vulnerabilities and insecure software configurations, many of which are introduced during design and code. In their Report to the President titled Cyber Security: A Crisis of Prioritization, the President’s Information Technology Advisory Committee summed up the problem of non-secure software as follows: Software development is not yet a science or a rigorous discipline, and the development process by and large is not controlled to minimize the vulnerabilities that attackers exploit. Today, as with cancer, vulnerable software can be invaded...
Words: 2959 - Pages: 12
...Risk Management Principles CMGT/430 INTRODUCTION Riordan Manufacturing is a company that is commited to handling their business in an ethical and logical manner. In order to provide the proper risk management plan for the company there needs to be a conference with all of management and stakeholders to get an oversight on the company and what it needs for mitigation control and risk management. The company needs to reconsider getting input from internal auditors, external auditors and outsources. Management will also need to get all of the department heads and key people together to discuss all of the initial assessments of the risk management capabilities and how effective it can be on the network/system. This assessment will be able to decide rather to have or continue with a more in tune risk management plan. There is also the need to discuss how to make the plan stronger for the company and how the analysts should focus on the risk management mitigation for Riordan manufacturing. Risk Management Principles Riordan Manufacturing is a corporation that is consistent of many different businesses. This new plan that needs to be implemented will help each business to deal with and handle their everyday risks and teach them how to make the proper decisions on what can or could be done. In order for this new plan to be implemented, eack business will have to be able to weigh out the risks with the strategies and be able to know and choose the proper decision when responding...
Words: 1084 - Pages: 5
...Prepared for: University of Maryland University College Prepared by: Student Name I. Physical Network Design Network Topology Business Needs UOE is an institution that it is growing globally and diversifies its spears of academic excellence and markets itself. For the institution to achieve its goals and mission, use of computer systems and internet facilities installation should be prioritized. Today the world has become a global village and thus the need to put the infrastructure in place is essential. The institution looked at the need and considered it to be the priority. The organizations’ network has different users each with different privileges. The users are the administration, the staff and the students. My aim is to come up with an efficient, modular, resilient, structured and manageable network upon implementation with good structural and engineering principles. To meet the requirements of the organization, I propose a hierarchical network design needs to be implemented. This is because this design allows the use of the other topologies at different levels, growth and robustness. Hierarchical network design A hierarchical network is also called network backbone. The hierarchical system is divided into three tiers, namely core, distribution and access level, with the privileges reducing downwards. This design is most appropriate for the organization since it allows for network administrators to optimize and specify the correct hardware and software for the entire...
Words: 2532 - Pages: 11
...an interface which includes both software and hardware. Interface design impacts the software life-cycle in that it should occur early; the design and implementation of core functionality can influence the user interface – for better or worse. Because it deals with people as well as computers, as a knowledge area HCI draws on a variety of disciplinary traditions including psychology, computer science, product design, anthropology and engineering. HC: Human Computer Interaction (4 Core-Tier1 hours, 4 Core-Tier2 hours) Core-Tier1 hours HCI: Foundations HCI: Designing Interaction HCI: Programming Interactive Systems HCI: User-cantered design & testing HCI: Design for non-Mouse interfaces HCI: Collaboration & communication HCI: Statistical Methods for HCI HCI: Human factors & security HCI: Design-oriented HCI HCI: Mixed, Augmented and Virtual Reality 4 4 Core-Tier2 hours Includes Electives N N HC/Foundations [4 Core-Tier1 hours, 0 Core-Tier2 hours] Motivation: For end-users, the interface is the system. So design in this domain must be interaction-focussed and human-centred. Students need a different repertoire of techniques to address this than is provided elsewhere in the curriculum. Topics: • • • Contexts for HCI (anything with a user interface: webpage, business applications, mobile applications, games, etc.) Processes for user-centered development: early focus on users, empirical testing, iterative design. Different measures for evaluation: utility, efficiency, learnability...
Words: 1936 - Pages: 8
...Failures in Design and Security Principles Billy Jones has recently opened an optical business in a neighborhood shopping center. In the process of opening the business, Billy Jones ran into some financial issues, so he was forced to do a substantial amount of the work himself in order to get the business up and running. Amongst the tasks that Billy performed consisted of designing the the system that would strengthen his business. Billy has no previous IT experience. However, he is extremely intelligent and relied on the salesperson at the area’s major electronic store to let him know which specific equipment he needed to buy for his system. Included in the equipment Billy purchased was a used server that was running a “Windows 2003 operating system.” This particular server came pre-loaded with a “point-of-sale” (POS) programming that allows for the gathering and storage within the back-end database from the interchanges made by the electronic money register (Microsoft, 2014). Identify the Failures in Process Billy was able to make a strange arrangement on some form of POS programming through a type of wholesaler in the Philippines. Billy has spent a couple of...
Words: 793 - Pages: 4
...of Phoenix IT/244 Intro to IT Security Instructor’s Name: Scott Sabo Date: 4/27/14 Disaster Recovery Plan Due in Week Three: For your selected scenario, describe the key elements of the Disaster Recovery Plan to be used in case of a disaster and the plan for testing the DRP. 1 Risk Assessment 1 Critical business processes List the mission-critical business systems and services that must be protected by the DRP. The mission-critical business systems and services that must be protected by this DRP are: Payroll, Human Resource Data, POS backup media, and Web Servers and their services. 2 Internal, external, and environmental risks Briefly discuss the internal, external, and environmental risks, which might be likely to affect the business and result in loss of the facility, loss of life, or loss of assets. Threats could include weather, fire or chemical, earth movement, structural failure, energy, biological, or human. Examples of internal risks that may affect business are unauthorized access by individuals who are employed by the company, and those who aren’t employed by the company but still have access to individual store’s computer systems, applications, or areas where the servers and backup media are located. Other external and environmental risks include fire, floods, power outages, hardware failure, software glitches and failure, storms, and other acts of nature...
Words: 638 - Pages: 3
...control access to information and computing systems. For example: passwords, network and host based firewalls, network intrusion detection systems, access control lists, and data encryption are logical controls. An important logical control that is frequently overlooked is the principle of least privilege. The principle of least privilege requires that an individual, program or system process is not granted any more access privileges than are necessary to perform the task. A blatant example of the failure to adhere to the principle of least privilege is logging into Windows as user Administrator to read Email and surf the Web. Violations of this principle can also occur when an individual collects additional access privileges over time. This happens when employees' job duties change, or they are promoted to a new position, or they transfer to another department. The access privileges required by their new duties are frequently added onto their already existing access privileges which may no longer be necessary or appropriate. How could Administrative, Technical, and Physical Controls introduce a false sense of security? Administrative, Technical, and Physical controls introduce a false sense of security by the indication of what we use to safeguard delicate data and protect...
Words: 905 - Pages: 4
...Failures POS/355 August 26, 2013 UOPX Failures Distributed systems emerged recently in the world of computers. A distributed system is an application of independent computers that appear to work as a coherent system to its users. The advantages of distributed systems consist of developing the ability to continually to open interactions with other components to accommodate a number of computers and users. Thus, stating that a stand-alone system is not as powerful as a distributed system that has the combined capabilities of distributed components. This type of system does have its complications and is difficult to maintain complex interactions continual between running components. Problems do arise because distributed systems are not without its failures. Four types of failures will characterize and the solutions to two of these failures will address on how to fix such problems. Before constructing a distributed system reliable one must consider fault tolerance, availability, reliability, scalability, performance, and security. Fault tolerance means that the system continues to operate in the event of internal or external system failure to prevent data loss or other issues. Availability needed to restore operations to resume procedure with components has failed to perform. For the system to run over a long period without any errors is need and known as reliability. To remain scalable means to operate correctly on a large scale. Performance and security remains needed...
Words: 953 - Pages: 4
... COMPUTER SECURITY COURSE CODE: CSC3207 Instructions: Answer all questions. Duration: 1hour. Date sat. 15th April 2012 Test is out of 40marks. 1. Is magnetic media safe for data storage? Elaborate on your answer. 6mks NO. - It is volatile. - A lot of vigilance is required (no exposure to heat, sun light etc) - Forensics (data recovery tools undermine some operations like delete) YES, if care and precautions are adhered to. (state those precautions here) 2. State two technical challenges of the FLASH architecture 5mks -The number of read/write cycles -The power MUST-BE-ON requirement - Erasure failures Read page 414 of “Hardware Based Security” 3. A good security practice is to continuously review and appropriately modify misuse case presentations of a system. What approaches would you consider to maintain an up-to-date misuse case presentation for a given system? 6mks Consider using a team for periodical review and analysis and different design and implementation sections of the system. - Periodically review the existing use-case based on the pre-existing knowledge base. - Brainstorm on the basis of existing system resources and identify representative risks. - Redefining the use-cases and mis-use cases incase of new threats Sources of information here include - Audit logs and security checks ...
Words: 376 - Pages: 2
...under certain conditions, instabilities would arise that could cause the plane to crash. The software was patched to eliminate the specific problems uncovered by the tests. After these repairs, the software passed all the simulation tests. George is not convinced that the software is safe. He is worried that the problems uncovered by the simulation testing were symptomatic of a design flaw that could only be eliminated by an extensive redesign of the software. He is convinced that the patch that was applied to remedy the specific tests in the simulation did not address the underlying problem. But, when George brings his concerns to his superiors, they assure him that the problem has been resolved. They further inform George that any major redesign effort would introduce unacceptable delays, resulting in costly penalties to the company. There is a great deal of pressure on George to sign off on the system and to allow it to be flight tested. It has even been hinted that, if he persists in delaying the system, he will be fired. What should George do next? Case Study 1: Relevant Clauses Principle 1. PUBLIC Software engineers shall act consistently with the public interest. In particular, software engineers shall, as appropriate: ◦ 1.03. Approve software only if they have a well-founded belief that it is safe, meets specifications, passes appropriate tests, and does not diminish quality of life, diminish privacy or harm the environment. The ultimate effect of the work should...
Words: 1827 - Pages: 8
...Understanding Security Introduction . Security management and systems have often been perceived as a non –productive expensive capital overhead by the stakeholders of companies and a hindrance to employees. The purpose of this assignment is to, Identify what is seen as the main purpose of security management and discuss what is meant by the statement ‘security measures must be commensurate with the threat’. Discussion. Judgements on risk are made by almost all of us on a daily basis, this may be something as simple as crossing the road, subconsciously we adopt a thought process, how fast is the traffic moving? Is it wet? What is the distance needed to travel to safety? Once this thought process has been followed if there remains an element of doubt we then start to mitigate, the type of shoes we are wearing for example, trainers could get us from A to B quicker than if we were donning leather shoes, or if the vehicle in question was a bus pulling away from a stop we would have time to cross safely, on understanding this process we can begin to appreciate the fundamental building blocks of which security management is based. Security management’s primary concern is with the protection of a company or organisational assets. An essential part of security management is the preparation of contingency plans in a response to incidents that could occur and additional control measures implemented as a direct response to any increase in the level of threat, to explain further, security management...
Words: 1491 - Pages: 6
...It is targeted to be used by developers to understand and manage application security risks as they design and change an application, as well as by application security specialists doing a security risk assessment. The focus here is on protecting an application from external attack - it does not take into account attacks on the users or operators of the system (e.g. malware injection, social engineering attacks), and there is less focus on insider threats, although the principles remain the same. The internal attack surface is likely to be different to the external attack surface and some users may have a lot of access. The Attack Surface describes all of the different points where an attacker could get into a system, and where they could get data out. The Attack Surface of an application is:1.The sum of all paths for data/commands into and out of the application, and2.The code that protects these paths (including resource connection and authentication, authorization, activity logging, data validation and encoding), and3.All valuable data used in the application, including secrets and keys, intellectual property, critical business data, personal data and PII, and4.The code that protects these data (including encryption and checksums, access auditing, and data integrity and operational security controls).The security implications of having a variety of client platforms are: 1. Violation of a security policy by a user2. Disgruntled employee sabotage3. Download of non-business video...
Words: 442 - Pages: 2
...1. Principle roles for a system analyst a. Consultant i. Frequently acts as a systems consultant to humans and their businesses and may be hired specifically to address information systems issues within a business. This can be advantageous because an analyst can bring a a fresh perspective that people within the organization may not possess. One disadvantage is that an analyst may never know the organizations true culture. b. Supporting Expert ii. An analyst may play a supporting expert from within the business. These analysts are employed by the company and have at least some capacity in the systems of the organization. The analyst would draw on professional expertise concerning computer hardware and software and their principle uses within the business. c. Agent of Change iii. This is the most comprehensive and responsible role. This role can be filled internal or external to the business. An analyst is an agent of change whenever he performs any of the activities in the systems development life cycle. The agent of change is also present and interacting with users and the business for an extended period. An agent of change is a person who serves as a catalyst for change, develops a plan for change, and works with others in facilitating that change. 2. Involving individuals with various perspectives in system analysis and design activities d. Identifying Problems, Opportunities, and Objectives ...
Words: 2328 - Pages: 10
