SlideShare a Scribd company logo

CCI Assignment 4 Deadline 21/04/2018

Download as DOCX, PDF
Karthik Srinivasan
Karthik Srinivasan

This document provides instructions for Assignment 4 for the IT Security and Policies course. It states that the assignment is due on April 21, 2018 at 11:59 pm with a total of 4 marks. It provides instructions for submitting the assignment and warns that plagiarism will result in zero marks. The assignment contains 4 questions related to access control management, web application security flaws, cryptography, and security incident response times.

Education
1 of 5
College of Computing and Informatics Assignment 4 Deadline: Day 21/04/2018 @ 23:59 [Total Mark for this Assignment is 4] Student Details: Name:### CRN:### ID:### Instructions:  This Assignment must be submitted on Blackboard (WORD format only) via the allocated folder.  Email submission will not be accepted.  You are advised to make your work clear and well-presented, marks may be reduced for poor presentation. This includes filling your information on the cover page.  You MUST show all your work, and text must not be converted into an image, unless specified otherwise by the question.  Late submission will result in ZERO marks being awarded.  The work should be your own, copying from students or other resources will result in ZERO marks.  IT Security and Policies IT409
Pg. 01 Assignment 4 Access Control Management Q1- “Monitoring the employees in an organization is legal” Debate on this statement from the perspective of Employer and Employee.. (Marking criteria : debating from the perspective of employer 0.5 marks from the perspective of employee 0.5 marks.) Answer: Student’s answer will vary, they can give points for the concept or against the concept. But the answer may include the following concepts. Perspective of an employer: 1. Actions were taken at the employer’s place of work 2. Equipment used – including bandwidth – was company-provided 3. Monitoring the work also helps ensure the quality of work 4. The employer has the right to protect property from theft and/or fraud Perspective of the employee: 1. Employees cannot expect privacy in work place 2. He is not allowed to use his personal mails using office facilities Learning Outcome(s): Chapter 9 LO 2: Research and investigate problems related to the field of Security and Information Assurance 01Marks
Pg. 02 Assignment 4 Information systems Acquisition, development and maintenance Q2- The OSWAP ( Open Web Application Security Project) releases top 10 security flaws in most critical web applications. Find out the latest release and list down the top 10 flaws. Explain at-least 2 flaws in your own words (Marking criteria : Listing : 0.25 marks explaining the flaws 0.75 marks) Answer: 1. Injection 2. Broken authentication 3. Sensitive data exposure 4. Xml external entities 5. Broken access control 6. Security misconfiguration 7. Cross site scripting 8. Insecure deserialization 9. Using components of known vulnerability 10. Insufficient logging and monitoring Students can explain any two of the above flaws in their own words. Check the correctness and give marks Learning Outcome(s): Chapter 10 LO 5: Use effective, proper and state of the art security tools and technologies 01 Marks
Pg. 03 Assignment 4 Information systems Acquisition, development and maintenance Q3- What do you understand by Cryptography? Compare the two basic types of cryptography. (Marking criteria : 0.25 marks for defining cryptography. 0.75 marks for comparing the different categories) Answer : Cryptography is the art of secret writing. Symmetric key Cryptography Asymmetric key Cryptography 1. Uses a single secret key that must be shared in advance and kept private. 2. The same algorithm with the same key is user for encryption and decryption. 3. It may be impossible or at least impractical to decipher a message if no other information is available. 1. One of the two keys must be kept secret. 2. One algorithm is used for encryption and decryption with a pair of keys, one for encryption and one for decryption. 3. It may be impossible or at least impractical to decipher a message if no other information is available. Learning Outcome(s): Chapter 10 LO 1: Learn networking and security , security issues, trends and security resources 1 Marks
Pg. 04 Assignment 4 Information SecurityIncident Management Q4- Discuss about the required response time for each level of security incident with your own example. (Marking criteria : 0.25 for response time, 0.75 for examples) Answer : Response to a security incident should be done immediately or within hours , or within 24 hours, depending upon the criticality level of the security incident. (Examples may differ from student to student.) For example DoS attack – level 1 – needs immediate response, Malware detection – level 2 – within hours, Excessive bandwidth usage – within 24 hours. Learning Outcome(s): Chapter 11 LO 3:Analyze, implement, and select the most appropriate solutions to problems related to the field of Security and Information Assurance. 1 Marks

Recommended

Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.pptIbrahimAl22
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 

Recommended

Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
CRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYCRYPTOGRAPHY AND NETWORK SECURITY
CRYPTOGRAPHY AND NETWORK SECURITYKathirvel Ayyaswamy
 
ch02_2.ppt
ch02_2.pptch02_2.ppt
ch02_2.pptIbrahimAl22
 
Network security & cryptography full notes
Network security & cryptography full notesNetwork security & cryptography full notes
Network security & cryptography full notesgangadhar9989166446
 
Types of attacks
Types of attacksTypes of attacks
Types of attacksVivek Gandhi
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationAmandeep Kaur
 
Cryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownCryptography and Network Security William Stallings Lawrie Brown
Cryptography and Network Security William Stallings Lawrie BrownInformation Security Awareness Group
 
Software security
Software securitySoftware security
Software securityRoman Oliynykov
 
Introduction to fragments in android
Introduction to fragments in androidIntroduction to fragments in android
Introduction to fragments in androidPrawesh Shrestha
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherPolyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherSHUBHA CHATURVEDI
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Message passing ( in computer science)
Message passing ( in computer science)Message passing ( in computer science)
Message passing ( in computer science)Computer_ at_home
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and couplingAprajita (Abbey) Singh
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introductionsoftware-engineering-book
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1JeevananthamArumugam
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.pptkusum sharma
 
Threads (operating System)
Threads (operating System)Threads (operating System)
Threads (operating System)Prakhar Maurya
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modellingn|u - The Open Security Community
 
Information Security and Privacy
Information Security and PrivacyInformation Security and Privacy
Information Security and PrivacyAnika Tasnim Hafiz
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architectureuniversity of education,Lahore
 
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docxalinainglis
 
InFS6830 Secure Programming Questions Page 7 of 7Essay.docx
InFS6830 Secure Programming Questions Page 7 of 7Essay.docxInFS6830 Secure Programming Questions Page 7 of 7Essay.docx
InFS6830 Secure Programming Questions Page 7 of 7Essay.docxjaggernaoma
 

More Related Content

What's hot

Introduction to fragments in android
Introduction to fragments in androidIntroduction to fragments in android
Introduction to fragments in androidPrawesh Shrestha
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithmsRashmi Burugupalli
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesMaxime ALAY-EDDINE
 
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherPolyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherSHUBHA CHATURVEDI
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemesravik09783
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & CryptographyArun ACE
 
cyber security notes
cyber security notescyber security notes
cyber security notesSHIKHAJAIN163
 
Message passing ( in computer science)
Message passing ( in computer science)Message passing ( in computer science)
Message passing ( in computer science)Computer_ at_home
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication ProtocolsTrinity Dwarka
 
Threads (operating System)
Threads (operating System)Threads (operating System)
Threads (operating System)Prakhar Maurya
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniquesDr.Florence Dayana
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling EverythingAnne Oikarinen
 
Information Security and Privacy
Information Security and PrivacyInformation Security and Privacy
Information Security and PrivacyAnika Tasnim Hafiz
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information SecurityDr Naim R Kidwai
 

What's hot (20)

Introduction to fragments in android
Introduction to fragments in androidIntroduction to fragments in android
Introduction to fragments in android
 
symmetric key encryption algorithms
symmetric key encryption algorithms symmetric key encryption algorithms
symmetric key encryption algorithms
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Polyalphabetic Substitution Cipher
Polyalphabetic Substitution CipherPolyalphabetic Substitution Cipher
Polyalphabetic Substitution Cipher
 
Digital signature schemes
Digital signature schemesDigital signature schemes
Digital signature schemes
 
Information Security & Cryptography
Information Security & CryptographyInformation Security & Cryptography
Information Security & Cryptography
 
cyber security notes
cyber security notescyber security notes
cyber security notes
 
Message passing ( in computer science)
Message passing ( in computer science)Message passing ( in computer science)
Message passing ( in computer science)
 
Cohesion and coupling
Cohesion and couplingCohesion and coupling
Cohesion and coupling
 
Ch1 introduction
Ch1 introductionCh1 introduction
Ch1 introduction
 
Authentication Protocols
Authentication ProtocolsAuthentication Protocols
Authentication Protocols
 
CNS - Chapter1
CNS - Chapter1CNS - Chapter1
CNS - Chapter1
 
Cryptography.ppt
Cryptography.pptCryptography.ppt
Cryptography.ppt
 
Threads (operating System)
Threads (operating System)Threads (operating System)
Threads (operating System)
 
Classical encryption techniques
Classical encryption techniquesClassical encryption techniques
Classical encryption techniques
 
Threat Modeling Everything
Threat Modeling EverythingThreat Modeling Everything
Threat Modeling Everything
 
Threat Modelling
Threat ModellingThreat Modelling
Threat Modelling
 
Information Security and Privacy
Information Security and PrivacyInformation Security and Privacy
Information Security and Privacy
 
Cryptography and Information Security
Cryptography and Information SecurityCryptography and Information Security
Cryptography and Information Security
 
OSI Security Architecture
OSI Security ArchitectureOSI Security Architecture
OSI Security Architecture
 

Similar to CCI Assignment 4 Deadline 21/04/2018

4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docxalinainglis
 
InFS6830 Secure Programming Questions Page 7 of 7Essay.docx
InFS6830 Secure Programming Questions Page 7 of 7Essay.docxInFS6830 Secure Programming Questions Page 7 of 7Essay.docx
InFS6830 Secure Programming Questions Page 7 of 7Essay.docxjaggernaoma
 
Identity, Authentication, and Access Control
Identity, Authentication, and Access ControlIdentity, Authentication, and Access Control
Identity, Authentication, and Access ControlDamaineFranklinMScBE
 
University of maryland infa 620 homework help
University of maryland infa 620 homework helpUniversity of maryland infa 620 homework help
University of maryland infa 620 homework helpOlivia Fournier
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec
 
Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)randomP786
 
The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationJisc
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...robbiesamuel
 
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...CompTIA
 
COSC2536/2537 Security in Computing and Information Technology Assignments
COSC2536/2537 Security in Computing and Information Technology AssignmentsCOSC2536/2537 Security in Computing and Information Technology Assignments
COSC2536/2537 Security in Computing and Information Technology AssignmentsJohnsmith5188
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf
 
Cyber Security Pathway Brochure
Cyber Security Pathway BrochureCyber Security Pathway Brochure
Cyber Security Pathway BrochureBill Tomeo
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case StudyDigital Bond
 
Top Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxTop Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxInfosectrain3
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionBen Rothke
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This chedavieec5f
 
Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022SkillCertProExams
 
Job descriptionworking on all dotnet technologies included in.docx
Job descriptionworking on all dotnet technologies included in.docxJob descriptionworking on all dotnet technologies included in.docx
Job descriptionworking on all dotnet technologies included in.docxjesssueann
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxjenkinsmandie
 

Similar to CCI Assignment 4 Deadline 21/04/2018 (20)

4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
4MANUAL OVERVIEW5SECTION 1Introduction Welcome.docx
 
InFS6830 Secure Programming Questions Page 7 of 7Essay.docx
InFS6830 Secure Programming Questions Page 7 of 7Essay.docxInFS6830 Secure Programming Questions Page 7 of 7Essay.docx
InFS6830 Secure Programming Questions Page 7 of 7Essay.docx
 
Identity, Authentication, and Access Control
Identity, Authentication, and Access ControlIdentity, Authentication, and Access Control
Identity, Authentication, and Access Control
 
University of maryland infa 620 homework help
University of maryland infa 620 homework helpUniversity of maryland infa 620 homework help
University of maryland infa 620 homework help
 
Symantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security SimulationSymantec Cyber Security Services: Security Simulation
Symantec Cyber Security Services: Security Simulation
 
New Horizons SCYBER Presentation
New Horizons SCYBER PresentationNew Horizons SCYBER Presentation
New Horizons SCYBER Presentation
 
Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)Coursework2 2013 distributed systems(1)
Coursework2 2013 distributed systems(1)
 
The importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and educationThe importance of authenticity in cyber security training and education
The importance of authenticity in cyber security training and education
 
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
Boardroom to War Room: Practical Application of the NIST Cybersecurity Frame...
 
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Adv...
 
COSC2536/2537 Security in Computing and Information Technology Assignments
COSC2536/2537 Security in Computing and Information Technology AssignmentsCOSC2536/2537 Security in Computing and Information Technology Assignments
COSC2536/2537 Security in Computing and Information Technology Assignments
 
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
idsecconf2023 - Mangatas Tondang, Wahyu Nuryanto - Penerapan Model Detection ...
 
Cyber Security Pathway Brochure
Cyber Security Pathway BrochureCyber Security Pathway Brochure
Cyber Security Pathway Brochure
 
Accelerating OT - A Case Study
Accelerating OT - A Case StudyAccelerating OT - A Case Study
Accelerating OT - A Case Study
 
Top Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptxTop Network Security Interview Questions That You Should Know.pptx
Top Network Security Interview Questions That You Should Know.pptx
 
E5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryptionE5 rothke - deployment strategies for effective encryption
E5 rothke - deployment strategies for effective encryption
 
Project 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This cheProject 1CST630 Project ChecklistStudent Name DateNote This che
Project 1CST630 Project ChecklistStudent Name DateNote This che
 
Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022Certified ethical hacker (cehv11) exam dumps 2022
Certified ethical hacker (cehv11) exam dumps 2022
 
Job descriptionworking on all dotnet technologies included in.docx
Job descriptionworking on all dotnet technologies included in.docxJob descriptionworking on all dotnet technologies included in.docx
Job descriptionworking on all dotnet technologies included in.docx
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 

Recently uploaded

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17Celine George
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxOH TEIK BIN
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfakmcokerachita
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxmanuelaromero2013
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfUmakantAnnand
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Celine George
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxGaneshChakor2
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxRoyAbrique
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfSoniaTolstoy
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxpboyjonauth
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfSumit Tiwari
 

Recently uploaded (20)

How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17How to Configure Email Server in Odoo 17
How to Configure Email Server in Odoo 17
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Solving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptxSolving Puzzles Benefits Everyone (English).pptx
Solving Puzzles Benefits Everyone (English).pptx
 
Class 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdfClass 11 Legal Studies Ch-1 Concept of State .pdf
Class 11 Legal Studies Ch-1 Concept of State .pdf
 
How to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptxHow to Make a Pirate ship Primary Education.pptx
How to Make a Pirate ship Primary Education.pptx
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Concept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.CompdfConcept of Vouching. B.Com(Hons) /B.Compdf
Concept of Vouching. B.Com(Hons) /B.Compdf
 
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
Incoming and Outgoing Shipments in 1 STEP Using Odoo 17
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
CARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptxCARE OF CHILD IN INCUBATOR..........pptx
CARE OF CHILD IN INCUBATOR..........pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptxContemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
Contemporary philippine arts from the regions_PPT_Module_12 [Autosaved] (1).pptx
 
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdfBASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
BASLIQ CURRENT LOOKBOOK LOOKBOOK(1) (1).pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Introduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptxIntroduction to AI in Higher Education_draft.pptx
Introduction to AI in Higher Education_draft.pptx
 
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdfEnzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
Enzyme, Pharmaceutical Aids, Miscellaneous Last Part of Chapter no 5th.pdf
 

CCI Assignment 4 Deadline 21/04/2018

  • 1. College of Computing and Informatics Assignment 4 Deadline: Day 21/04/2018 @ 23:59 [Total Mark for this Assignment is 4] Student Details: Name:### CRN:### ID:### Instructions:  This Assignment must be submitted on Blackboard (WORD format only) via the allocated folder.  Email submission will not be accepted.  You are advised to make your work clear and well-presented, marks may be reduced for poor presentation. This includes filling your information on the cover page.  You MUST show all your work, and text must not be converted into an image, unless specified otherwise by the question.  Late submission will result in ZERO marks being awarded.  The work should be your own, copying from students or other resources will result in ZERO marks.  IT Security and Policies IT409
  • 2. Pg. 01 Assignment 4 Access Control Management Q1- “Monitoring the employees in an organization is legal” Debate on this statement from the perspective of Employer and Employee.. (Marking criteria : debating from the perspective of employer 0.5 marks from the perspective of employee 0.5 marks.) Answer: Student’s answer will vary, they can give points for the concept or against the concept. But the answer may include the following concepts. Perspective of an employer: 1. Actions were taken at the employer’s place of work 2. Equipment used – including bandwidth – was company-provided 3. Monitoring the work also helps ensure the quality of work 4. The employer has the right to protect property from theft and/or fraud Perspective of the employee: 1. Employees cannot expect privacy in work place 2. He is not allowed to use his personal mails using office facilities Learning Outcome(s): Chapter 9 LO 2: Research and investigate problems related to the field of Security and Information Assurance 01Marks
  • 3. Pg. 02 Assignment 4 Information systems Acquisition, development and maintenance Q2- The OSWAP ( Open Web Application Security Project) releases top 10 security flaws in most critical web applications. Find out the latest release and list down the top 10 flaws. Explain at-least 2 flaws in your own words (Marking criteria : Listing : 0.25 marks explaining the flaws 0.75 marks) Answer: 1. Injection 2. Broken authentication 3. Sensitive data exposure 4. Xml external entities 5. Broken access control 6. Security misconfiguration 7. Cross site scripting 8. Insecure deserialization 9. Using components of known vulnerability 10. Insufficient logging and monitoring Students can explain any two of the above flaws in their own words. Check the correctness and give marks Learning Outcome(s): Chapter 10 LO 5: Use effective, proper and state of the art security tools and technologies 01 Marks
  • 4. Pg. 03 Assignment 4 Information systems Acquisition, development and maintenance Q3- What do you understand by Cryptography? Compare the two basic types of cryptography. (Marking criteria : 0.25 marks for defining cryptography. 0.75 marks for comparing the different categories) Answer : Cryptography is the art of secret writing. Symmetric key Cryptography Asymmetric key Cryptography 1. Uses a single secret key that must be shared in advance and kept private. 2. The same algorithm with the same key is user for encryption and decryption. 3. It may be impossible or at least impractical to decipher a message if no other information is available. 1. One of the two keys must be kept secret. 2. One algorithm is used for encryption and decryption with a pair of keys, one for encryption and one for decryption. 3. It may be impossible or at least impractical to decipher a message if no other information is available. Learning Outcome(s): Chapter 10 LO 1: Learn networking and security , security issues, trends and security resources 1 Marks
  • 5. Pg. 04 Assignment 4 Information SecurityIncident Management Q4- Discuss about the required response time for each level of security incident with your own example. (Marking criteria : 0.25 for response time, 0.75 for examples) Answer : Response to a security incident should be done immediately or within hours , or within 24 hours, depending upon the criticality level of the security incident. (Examples may differ from student to student.) For example DoS attack – level 1 – needs immediate response, Malware detection – level 2 – within hours, Excessive bandwidth usage – within 24 hours. Learning Outcome(s): Chapter 11 LO 3:Analyze, implement, and select the most appropriate solutions to problems related to the field of Security and Information Assurance. 1 Marks