SlideShare a Scribd company logo
CIS502 discussion post responses.
Respond to the colleagues posts regarding:
Access Control Models
If you were going to design an access system that would control
people getting into your favorite or most valued items (e.g.,
financial records, health records, or other sensitive files), what
things would you consider based on your readings from Chapter
14? Make sure you address all the possible avenues of attack
that could be exploited. Remember, security measures are
designed to slow and draw attention to attackers. No system can
completely prevent a successful attack.
KF’s post states the following:Top of Form
Access Control Models
If you were going to design an access system that would control
people getting into your favorite or most valued items (e.g.,
financial records, health records, or other sensitive files), what
things would you consider based on your readings from Chapter
14? Make sure you address all the possible avenues of attack
that could be exploited. Remember, security measures are
designed to slow and draw attention to attackers. No system can
completely prevent a successful attack.
First of all we need to decide what exactly our defense
mechanism is going to protect. There are cloud defense
mechanisms, network defense, and application defenses to name
a few (I’m using all three for my MOST FAVORITE ITEM!).
As many students have discussed the defense in depth approach
is great. The layered security measures are an excellent way to
acknowledge security within an enterprise environment. I would
like to get more into that layered approach and the different
layers of the “castle” if you will. Regarding access systems and
the defense in depth approach, physical, technical, and
administrative controls need to be implemented.
Physical DiD: Locked doors, security cameras to organizational
assets, barriers to prevent collisions, proper lighting within
areas that should be lighted.
Hacking Physical DiD: Locked doors <brute force: through
wall> were breaking in so screw it! Security cameras can be
accessed remotely prior to hacking the system or accessed
within the LAN after jacking into the source. Barriers can be
bypassed with the right mapping, and lighting, again, if
connected on a server can be bypassed with jacking in and the
proper scripting.
Technical DiD: As we all have learned AV software, IDS, IPS,
SIEM’s, Logging and Monitoring would all be considered
Technical DiD aspects.
Hacking DiD: AV software can be manipulated with Advanced
Evasion Tactics (AET). IDS and IPS are useless once inside of
the LAN, were jacked in hard already so were fine there.
SIEM’s can be tricky, but the right script will erase all logs so
we were technically never even there (locally or remotely).
Administrative DiD: Administrative DiD would consist of
access controls for users, privilege settings,super
userconfigurations, what programs can be
executed/read/write/run. File access, server access, server
access locations, file access locations, posting, authorizing,
singular or dispersed shared controlling, and anything related to
admins of the service.
Hacking Administrative DiD: Admins are known to be attacked
because of their levels of privilege within a system. If the
admin is hacked then so is the 100k users of the system as well.
The admin also has full access controls to upload files, make
changes, and execute malicious code within a system. From an
attacker’s perspective, we need that! Makes everything so much
easier, let’s just social engineering, zero day an application, or
password re-use attacks from old leaks, take the account, and
secure remote connection.
My ITEM! At this point the item is irrelevant, it’s the means to
get to the item that is important. I would have a concrete steel
reinforced door barricaded by a structure, a safe…maybe? I’m
creative so I’m thinking more of a barrier inside of a barrier.
The first layer would be accessible through a network while the
second layer located inside the steel plating and concrete
structure would be a faraday cage. Within my safe would lie all
the servers that would be connected to the entire structure while
my security controls such as my safe lock would be located
inside of my faraday cage (closed loop circuit). My network
would be more of a counter attack setup opposed to a defense
mechanism. I say this because if I am being attacked, what’s
going to detour the attackers from my system? An attack on
theirs! Evolved AI would be utilized to do this. I would of
course have Advanced AV software capable of recognizing
source code modifications, IDS and IPS with real time
monitoring, logging, and reporting in real time. Snort and
WireShark monitoring any and all connection packets.
Advanced Encryption Standards would be implemented for any
traffic happening. All software being utilized would be fully
patched and up-to-date or removed, Z3r0d4ys will not be
tolerated and fully eliminated. Honeypots could also be utilized
to gain knowledge of exploits being utilized in the wild and not
disclosed. Regarding my administrative privileges any software
that can be exploited to gain privilege escalation will be
patched or removed. Passwords would be 64bit key generated
with random numbers and characters changing and only
accessible with the proper authorization through the proper
channels first.
JP’s post states the following:Top of Form
First, I would consider the benefits versus cost aspect of it. If
the security type costs more to maintain than the assets being
protected, the security option may need to be re-examined. For
physical items a safe with a lock or digital combination is quite
effective. Now to keep digital personal or business information
safe I would apply a Risk Management Framework (RMF). It
provides information on how risk is to be assessed, resolved,
and monitored. Because hackers and online security threats are
constantly evolving and improving, establishing and
maintaining security awareness is a behavior that needs to be
included in todays day to day practices. Acquiring the services
of a third party such as IDShield can also help in securing
identity theft, of course it isn't free however plans start at
$12.95 monthly depending on the level of protection needed to
secure sensitive information.
Reference
https://www.csoonline.com/article/2125140/metrics-budgets/it-
risk-assessment-frameworks–real-world-experience.html
https://www.idshield.com/?msclkid=f90683bf66f514cc7e0bde73
0ca84a92&utm_source=bing&utm_medium=cpc&utm_campaign
=B_IDS_US_Awareness&utm_term=%2Bprotect%20%2Bidentit
y%20%2Btheft&utm_content=Identity%20Theft%20Protection
CIS510 discussion post responses.
Respond to the colleagues posts regarding:
Object-Oriented Design versus Traditional Approach " Please
respond to the following:
Compare the object-oriented approach to design to the
traditional approach. Give your opinion on whether you believe
there are certain projects where one design approach might be
better that the other. If so, provide an example of one (1) such
project. If not, explain why not.
Give your opinion on which approach discussed in Part 1 of this
discussion you believe is easier for you to understand and
explain why.
SR’s post states the following:Top of Form
Compare the object-oriented approach to design to the
traditional approach. Give your opinion on whether you believe
there are certain projects where one design approach might be
better that the other. If so, provide an example of one (1) such
project. If not, explain why not.
In the object-oriented approach, the focus is on capturing the
structure and behavior of information systems into small
modules that combines both data and process. Whereas, the
traditional approach uses traditional projects this approach leads
software developers to focus on the breakdown of larger
algorithms into smaller ones.
In my opinion there are certain projects where one design
approach is better than the other because no project is the same.
However, the object- oriented approach offers the only realistic
solution to the promise of truly distributed client/server
applications. As organizations move to OOD, they are facing
and resolving problems. Nevertheless, if OOD is used properly,
the rewards and benefits can be greater than using traditional
approaches. Just like the adoption of any new technology, there
is a learning curve involved with the adoption of OOD. Instant
and complete submersion in OOD can be disastrous, whereas
carefully planned and scaled adoption of these new technologies
can bring out all the positive advantages that they have to offer.
Give your opinion on which approach discussed in Part 1 of this
discussion you believe is easier for you to understand and
explain why.
For many people, the OOD approach is one of the most poorly
understood things in computer programming. However, for me,
the traditional approach is easier for me to understand. The
traditional approach has a sequential pattern which makes it
easy to follow. Since the projects are easier to follow, it takes
less time in completion and in meeting the timeline
successfully.
GO’s post states the following:Top of Form
The concept behind the object-oriented design is that it
creates concepts as objects. In a sense, it gives physical form to
a concept or idea. The process allows for easier explanation of
design and also for the abstraction of the concept into smaller
parts that are easier to develop on a technical level.
(Wazlawick, 2014).
The traditional approach sees concepts as steps in a process.
Each item follows a sequence that flows from one point to the
next in a set way. Inputs, outputs, data storage, and flow, and
processes are the focus of this approach. (Satzinger,2016)
Each approach takes a different point of view when looking
at how to address a problem. It comes down to which approach
will help to give a clearer picture and generate a more useful
solution. When designing SQL databases, the object-oriented
approach would be better. SQL databases are relationship based
in design and require abstraction of data. An object-oriented
way of thinking helps to break down information stored to
manageable pieces and allows for polymorphism in the design.
Satzinger, J. (2016) Systems Analysis and Design in a Changing
World, 7e. [Strayer University Bookshelf]. Retrieved from
https://strayer.vitalsource.com/#/books/9781305465268/
Wazlawick, R. S. (2014). Object-Oriented Analysis and Design
for Information Systems : Modeling with UML, OCL, and
IFML. Amsterdam: Morgan Kaufmann. Retrieved from
https://search.ebscohost.com/login.aspx?direct=true&db=nlebk
&AN=601350&site=eds-live&scope=site
CIS502 discussion post responses.Respond to the colleagues posts.docx

More Related Content

Similar to CIS502 discussion post responses.Respond to the colleagues posts.docx

Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
annette228280
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
woodruffeloisa
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
ErnestStaats
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
ADGP, Public Grivences, Bangalore
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
Sean Whalen
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
IJNSA Journal
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
Anton Chuvakin
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
Jose R
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
jenkinsmandie
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
Anton Chuvakin
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
Tiffany Graham
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
devopsdaysaustin
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture
Asim Jahan
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
Kaspersky
 
Webinar Security: Apps of Steel transcription
Webinar Security:  Apps of Steel transcriptionWebinar Security:  Apps of Steel transcription
Webinar Security: Apps of Steel transcription
Service2Media
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
SeniorStoryteller
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
Octogence
 
Harry Davis just finished interviewing a candidate to fill another.docx
Harry Davis just finished interviewing a candidate to fill another.docxHarry Davis just finished interviewing a candidate to fill another.docx
Harry Davis just finished interviewing a candidate to fill another.docx
shericehewat
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
maribethy2y
 

Similar to CIS502 discussion post responses.Respond to the colleagues posts.docx (19)

Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docxCompensation Strategy for Knowledge WorkersTo prepare for this a.docx
Compensation Strategy for Knowledge WorkersTo prepare for this a.docx
 
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docxPROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
PROJECT DRAFTINTRODUCTIONINTRODUCE COMPANY – WHAT IS THE COM.docx
 
Cybersecurity…real world solutions
Cybersecurity…real world solutions Cybersecurity…real world solutions
Cybersecurity…real world solutions
 
Safeguarding the Enterprise
Safeguarding the EnterpriseSafeguarding the Enterprise
Safeguarding the Enterprise
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
Complete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resourcesComplete network security protection for sme's within limited resources
Complete network security protection for sme's within limited resources
 
Take back your security infrastructure
Take back your security infrastructureTake back your security infrastructure
Take back your security infrastructure
 
4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf4-lessons-of-security-leaders-for-2022.pdf
4-lessons-of-security-leaders-for-2022.pdf
 
Essay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docxEssay QuestionsAnswer all questions below in a single document, pr.docx
Essay QuestionsAnswer all questions below in a single document, pr.docx
 
Five Mistakes of Vulnerability Management
Five Mistakes of Vulnerability ManagementFive Mistakes of Vulnerability Management
Five Mistakes of Vulnerability Management
 
Risk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs ProvidedRisk Mitigation Plan Based On Inputs Provided
Risk Mitigation Plan Based On Inputs Provided
 
2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery2016 - Safely Removing the Last Roadblock to Continuous Delivery
2016 - Safely Removing the Last Roadblock to Continuous Delivery
 
Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture Open Security and Privacy Reference Architecture
Open Security and Privacy Reference Architecture
 
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
A Buyers Guide to Investing in Endpoint Detection and Response for Enterprise...
 
Webinar Security: Apps of Steel transcription
Webinar Security:  Apps of Steel transcriptionWebinar Security:  Apps of Steel transcription
Webinar Security: Apps of Steel transcription
 
Safely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous DeliverySafely Removing the Last Roadblock to Continuous Delivery
Safely Removing the Last Roadblock to Continuous Delivery
 
Elementary-Information-Security-Practices
Elementary-Information-Security-PracticesElementary-Information-Security-Practices
Elementary-Information-Security-Practices
 
Harry Davis just finished interviewing a candidate to fill another.docx
Harry Davis just finished interviewing a candidate to fill another.docxHarry Davis just finished interviewing a candidate to fill another.docx
Harry Davis just finished interviewing a candidate to fill another.docx
 
Include at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words inInclude at least 250 words in your posting and at least 250 words in
Include at least 250 words in your posting and at least 250 words in
 

More from mccormicknadine86

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
mccormicknadine86
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
mccormicknadine86
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
mccormicknadine86
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
mccormicknadine86
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
mccormicknadine86
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
mccormicknadine86
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
mccormicknadine86
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docx
mccormicknadine86
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
mccormicknadine86
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
mccormicknadine86
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
mccormicknadine86
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
mccormicknadine86
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docx
mccormicknadine86
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docx
mccormicknadine86
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
mccormicknadine86
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
mccormicknadine86
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
mccormicknadine86
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
mccormicknadine86
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
mccormicknadine86
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
mccormicknadine86
 

More from mccormicknadine86 (20)

Option #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docxOption #2Researching a Leader Complete preliminary rese.docx
Option #2Researching a Leader Complete preliminary rese.docx
 
Option 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docxOption 1 ImperialismThe exploitation of  colonial resources.docx
Option 1 ImperialismThe exploitation of  colonial resources.docx
 
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docxOption Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
Option Wireless LTD v. OpenPeak, Inc.Be sure to save an elec.docx
 
Option A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docxOption A Land SharkWhen is a shark just a shark Consider the.docx
Option A Land SharkWhen is a shark just a shark Consider the.docx
 
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docxOption 3 Discuss your thoughts on drugs and deviance. Do you think .docx
Option 3 Discuss your thoughts on drugs and deviance. Do you think .docx
 
OPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docxOPTION 2 Can we make the changes we need to make After the pandemi.docx
OPTION 2 Can we make the changes we need to make After the pandemi.docx
 
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docxOption 1 You will create a PowerPoint (or equivalent) of your p.docx
Option 1 You will create a PowerPoint (or equivalent) of your p.docx
 
Option A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docxOption A Description of Dance StylesSelect two styles of danc.docx
Option A Description of Dance StylesSelect two styles of danc.docx
 
Option #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docxOption #2Provide several slides that explain the key section.docx
Option #2Provide several slides that explain the key section.docx
 
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docxOption 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
Option 2 Slavery vs. Indentured ServitudeExplain how and wh.docx
 
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docxOption 2 ArtSelect any 2 of works of art about the Holocaus.docx
Option 2 ArtSelect any 2 of works of art about the Holocaus.docx
 
Option #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docxOption #1 Stanford University Prison Experiment Causality, C.docx
Option #1 Stanford University Prison Experiment Causality, C.docx
 
Option A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docxOption A  Gender CrimesCriminal acts occur against individu.docx
Option A  Gender CrimesCriminal acts occur against individu.docx
 
opic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docxopic 4 Discussion Question 1 May students express religious bel.docx
opic 4 Discussion Question 1 May students express religious bel.docx
 
Option 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docxOption 1Choose a philosopher who interests you. Research that p.docx
Option 1Choose a philosopher who interests you. Research that p.docx
 
Option #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docxOption #1The Stanford University Prison Experiment Structu.docx
Option #1The Stanford University Prison Experiment Structu.docx
 
Operationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docxOperationaland Organizational SecurityChapter 3Princ.docx
Operationaland Organizational SecurityChapter 3Princ.docx
 
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docxOpen the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
Open the file (Undergrad Reqt_Individual In-Depth Case Study) for in.docx
 
onsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docxonsider whether you think means-tested programs, such as the Tem.docx
onsider whether you think means-tested programs, such as the Tem.docx
 
Operations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docxOperations security - PPT should cover below questions (chapter 1 to.docx
Operations security - PPT should cover below questions (chapter 1 to.docx
 

Recently uploaded

LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
RAHUL
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
Academy of Science of South Africa
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
Celine George
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE”           .MARY JANE WILSON, A “BOA MÃE”           .
MARY JANE WILSON, A “BOA MÃE” .
Colégio Santa Teresinha
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
Dr. Shivangi Singh Parihar
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
adhitya5119
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
Nguyen Thanh Tu Collection
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
Dr. Mulla Adam Ali
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
History of Stoke Newington
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Dr. Vinod Kumar Kanvaria
 
BBR 2024 Summer Sessions Interview Training
BBR  2024 Summer Sessions Interview TrainingBBR  2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
Katrina Pritchard
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
Celine George
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
Celine George
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
adhitya5119
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
eBook.com.bd (প্রয়োজনীয় বাংলা বই)
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
Nguyen Thanh Tu Collection
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
TechSoup
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
siemaillard
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
AyyanKhan40
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
paigestewart1632
 

Recently uploaded (20)

LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPLAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UP
 
South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)South African Journal of Science: Writing with integrity workshop (2024)
South African Journal of Science: Writing with integrity workshop (2024)
 
How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17How to Make a Field Mandatory in Odoo 17
How to Make a Field Mandatory in Odoo 17
 
MARY JANE WILSON, A “BOA MÃE” .
MARY JANE WILSON, A “BOA MÃE”           .MARY JANE WILSON, A “BOA MÃE”           .
MARY JANE WILSON, A “BOA MÃE” .
 
PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.PCOS corelations and management through Ayurveda.
PCOS corelations and management through Ayurveda.
 
Advanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docxAdvanced Java[Extra Concepts, Not Difficult].docx
Advanced Java[Extra Concepts, Not Difficult].docx
 
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
BÀI TẬP BỔ TRỢ TIẾNG ANH LỚP 9 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2024-2025 - ...
 
Hindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdfHindi varnamala | hindi alphabet PPT.pdf
Hindi varnamala | hindi alphabet PPT.pdf
 
The History of Stoke Newington Street Names
The History of Stoke Newington Street NamesThe History of Stoke Newington Street Names
The History of Stoke Newington Street Names
 
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
Exploiting Artificial Intelligence for Empowering Researchers and Faculty, In...
 
BBR 2024 Summer Sessions Interview Training
BBR  2024 Summer Sessions Interview TrainingBBR  2024 Summer Sessions Interview Training
BBR 2024 Summer Sessions Interview Training
 
How to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRMHow to Manage Your Lost Opportunities in Odoo 17 CRM
How to Manage Your Lost Opportunities in Odoo 17 CRM
 
How to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 InventoryHow to Setup Warehouse & Location in Odoo 17 Inventory
How to Setup Warehouse & Location in Odoo 17 Inventory
 
Main Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docxMain Java[All of the Base Concepts}.docx
Main Java[All of the Base Concepts}.docx
 
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdfবাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
বাংলাদেশ অর্থনৈতিক সমীক্ষা (Economic Review) ২০২৪ UJS App.pdf
 
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
BÀI TẬP BỔ TRỢ TIẾNG ANH 8 CẢ NĂM - GLOBAL SUCCESS - NĂM HỌC 2023-2024 (CÓ FI...
 
Leveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit InnovationLeveraging Generative AI to Drive Nonprofit Innovation
Leveraging Generative AI to Drive Nonprofit Innovation
 
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptxPrésentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
Présentationvvvvvvvvvvvvvvvvvvvvvvvvvvvv2.pptx
 
PIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf IslamabadPIMS Job Advertisement 2024.pdf Islamabad
PIMS Job Advertisement 2024.pdf Islamabad
 
Cognitive Development Adolescence Psychology
Cognitive Development Adolescence PsychologyCognitive Development Adolescence Psychology
Cognitive Development Adolescence Psychology
 

CIS502 discussion post responses.Respond to the colleagues posts.docx

  • 1. CIS502 discussion post responses. Respond to the colleagues posts regarding: Access Control Models If you were going to design an access system that would control people getting into your favorite or most valued items (e.g., financial records, health records, or other sensitive files), what things would you consider based on your readings from Chapter 14? Make sure you address all the possible avenues of attack that could be exploited. Remember, security measures are designed to slow and draw attention to attackers. No system can completely prevent a successful attack. KF’s post states the following:Top of Form Access Control Models If you were going to design an access system that would control people getting into your favorite or most valued items (e.g., financial records, health records, or other sensitive files), what things would you consider based on your readings from Chapter 14? Make sure you address all the possible avenues of attack that could be exploited. Remember, security measures are designed to slow and draw attention to attackers. No system can completely prevent a successful attack. First of all we need to decide what exactly our defense mechanism is going to protect. There are cloud defense mechanisms, network defense, and application defenses to name a few (I’m using all three for my MOST FAVORITE ITEM!). As many students have discussed the defense in depth approach is great. The layered security measures are an excellent way to acknowledge security within an enterprise environment. I would like to get more into that layered approach and the different layers of the “castle” if you will. Regarding access systems and
  • 2. the defense in depth approach, physical, technical, and administrative controls need to be implemented. Physical DiD: Locked doors, security cameras to organizational assets, barriers to prevent collisions, proper lighting within areas that should be lighted. Hacking Physical DiD: Locked doors <brute force: through wall> were breaking in so screw it! Security cameras can be accessed remotely prior to hacking the system or accessed within the LAN after jacking into the source. Barriers can be bypassed with the right mapping, and lighting, again, if connected on a server can be bypassed with jacking in and the proper scripting. Technical DiD: As we all have learned AV software, IDS, IPS, SIEM’s, Logging and Monitoring would all be considered Technical DiD aspects. Hacking DiD: AV software can be manipulated with Advanced Evasion Tactics (AET). IDS and IPS are useless once inside of the LAN, were jacked in hard already so were fine there. SIEM’s can be tricky, but the right script will erase all logs so we were technically never even there (locally or remotely). Administrative DiD: Administrative DiD would consist of access controls for users, privilege settings,super userconfigurations, what programs can be executed/read/write/run. File access, server access, server access locations, file access locations, posting, authorizing, singular or dispersed shared controlling, and anything related to admins of the service. Hacking Administrative DiD: Admins are known to be attacked because of their levels of privilege within a system. If the admin is hacked then so is the 100k users of the system as well.
  • 3. The admin also has full access controls to upload files, make changes, and execute malicious code within a system. From an attacker’s perspective, we need that! Makes everything so much easier, let’s just social engineering, zero day an application, or password re-use attacks from old leaks, take the account, and secure remote connection. My ITEM! At this point the item is irrelevant, it’s the means to get to the item that is important. I would have a concrete steel reinforced door barricaded by a structure, a safe…maybe? I’m creative so I’m thinking more of a barrier inside of a barrier. The first layer would be accessible through a network while the second layer located inside the steel plating and concrete structure would be a faraday cage. Within my safe would lie all the servers that would be connected to the entire structure while my security controls such as my safe lock would be located inside of my faraday cage (closed loop circuit). My network would be more of a counter attack setup opposed to a defense mechanism. I say this because if I am being attacked, what’s going to detour the attackers from my system? An attack on theirs! Evolved AI would be utilized to do this. I would of course have Advanced AV software capable of recognizing source code modifications, IDS and IPS with real time monitoring, logging, and reporting in real time. Snort and WireShark monitoring any and all connection packets. Advanced Encryption Standards would be implemented for any traffic happening. All software being utilized would be fully patched and up-to-date or removed, Z3r0d4ys will not be tolerated and fully eliminated. Honeypots could also be utilized to gain knowledge of exploits being utilized in the wild and not disclosed. Regarding my administrative privileges any software that can be exploited to gain privilege escalation will be patched or removed. Passwords would be 64bit key generated with random numbers and characters changing and only accessible with the proper authorization through the proper channels first.
  • 4. JP’s post states the following:Top of Form First, I would consider the benefits versus cost aspect of it. If the security type costs more to maintain than the assets being protected, the security option may need to be re-examined. For physical items a safe with a lock or digital combination is quite effective. Now to keep digital personal or business information safe I would apply a Risk Management Framework (RMF). It provides information on how risk is to be assessed, resolved, and monitored. Because hackers and online security threats are constantly evolving and improving, establishing and maintaining security awareness is a behavior that needs to be included in todays day to day practices. Acquiring the services of a third party such as IDShield can also help in securing identity theft, of course it isn't free however plans start at $12.95 monthly depending on the level of protection needed to secure sensitive information. Reference https://www.csoonline.com/article/2125140/metrics-budgets/it- risk-assessment-frameworks–real-world-experience.html https://www.idshield.com/?msclkid=f90683bf66f514cc7e0bde73 0ca84a92&utm_source=bing&utm_medium=cpc&utm_campaign =B_IDS_US_Awareness&utm_term=%2Bprotect%20%2Bidentit y%20%2Btheft&utm_content=Identity%20Theft%20Protection CIS510 discussion post responses. Respond to the colleagues posts regarding: Object-Oriented Design versus Traditional Approach " Please respond to the following: Compare the object-oriented approach to design to the traditional approach. Give your opinion on whether you believe there are certain projects where one design approach might be better that the other. If so, provide an example of one (1) such project. If not, explain why not. Give your opinion on which approach discussed in Part 1 of this
  • 5. discussion you believe is easier for you to understand and explain why. SR’s post states the following:Top of Form Compare the object-oriented approach to design to the traditional approach. Give your opinion on whether you believe there are certain projects where one design approach might be better that the other. If so, provide an example of one (1) such project. If not, explain why not. In the object-oriented approach, the focus is on capturing the structure and behavior of information systems into small modules that combines both data and process. Whereas, the traditional approach uses traditional projects this approach leads software developers to focus on the breakdown of larger algorithms into smaller ones. In my opinion there are certain projects where one design approach is better than the other because no project is the same. However, the object- oriented approach offers the only realistic solution to the promise of truly distributed client/server applications. As organizations move to OOD, they are facing and resolving problems. Nevertheless, if OOD is used properly, the rewards and benefits can be greater than using traditional approaches. Just like the adoption of any new technology, there is a learning curve involved with the adoption of OOD. Instant and complete submersion in OOD can be disastrous, whereas carefully planned and scaled adoption of these new technologies can bring out all the positive advantages that they have to offer. Give your opinion on which approach discussed in Part 1 of this discussion you believe is easier for you to understand and explain why. For many people, the OOD approach is one of the most poorly understood things in computer programming. However, for me, the traditional approach is easier for me to understand. The traditional approach has a sequential pattern which makes it easy to follow. Since the projects are easier to follow, it takes less time in completion and in meeting the timeline
  • 6. successfully. GO’s post states the following:Top of Form The concept behind the object-oriented design is that it creates concepts as objects. In a sense, it gives physical form to a concept or idea. The process allows for easier explanation of design and also for the abstraction of the concept into smaller parts that are easier to develop on a technical level. (Wazlawick, 2014). The traditional approach sees concepts as steps in a process. Each item follows a sequence that flows from one point to the next in a set way. Inputs, outputs, data storage, and flow, and processes are the focus of this approach. (Satzinger,2016) Each approach takes a different point of view when looking at how to address a problem. It comes down to which approach will help to give a clearer picture and generate a more useful solution. When designing SQL databases, the object-oriented approach would be better. SQL databases are relationship based in design and require abstraction of data. An object-oriented way of thinking helps to break down information stored to manageable pieces and allows for polymorphism in the design. Satzinger, J. (2016) Systems Analysis and Design in a Changing World, 7e. [Strayer University Bookshelf]. Retrieved from https://strayer.vitalsource.com/#/books/9781305465268/ Wazlawick, R. S. (2014). Object-Oriented Analysis and Design for Information Systems : Modeling with UML, OCL, and IFML. Amsterdam: Morgan Kaufmann. Retrieved from https://search.ebscohost.com/login.aspx?direct=true&db=nlebk &AN=601350&site=eds-live&scope=site