Running head: Cryptography 1
Cryptography 16
Cryptography
Aisha Tate
UMUC
August 29, 2019
Hi Aisha
I am puzzled – didn’t we talk about a focused report for a particular organization? Did you review the table below. Please continue to work to improve your research skills and find peer-reviewed/scholarly resources to support your work.
Best wishes,
Dr K
Student Name: Aisha Tate
Date: 18-Sep-2019
This form provides the same classroom instructions in a checklist form to help students and professors quickly evaluate a submission
Project 5: Requires the Following TWO Pieces
Areas to Improve
1. Paper
2. Lab Experience Report with Screenshots
1. Paper
IT Systems Architecture
You will provide this information in tabular format and call it the Network Security and Vulnerability Threat Table
security architecture of the organization
the cryptographic means of protecting the assets of the organization
the types of known attacks against those types of protections
means to ward off the attacks
Include and define the following components of security in the architecture of your organization, and explain if threats to these components are likely, or unlikely:
LAN security
identity management
physical security
personal security
availability
privacy
Then list the security defenses you employ in your organization to mitigate these types of attacks.
Needs better research and writing skills
Plan of Protection
Learn more about the transmission of files that do not seem suspicious but that actually have embedded malicious payload, undetectable to human hearing or vision. This type of threat can enter your organization’s networks and databases undetected through the use of steganography or data hiding. You should include this type of threat vector to an organization in your report to leadership.
No details on organization or strategy?
Provide the leadership of your organization with your plan for protecting identity, access, authorization and nonrepudiation of information transmission, storage, and usage
Data Hiding Technologies
describe to your organization the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership
Basic elements explained
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
4. Block ciphers
5. triple DES
6. RSA
7. Advanced Encryption Standard (AES)
8. Symmetric encryption
9. Text block coding
Data Hiding Technologies
1. Information hiding and steganography
2. Digital watermarking
3. Masks and filtering
Network Security Vulnerability and Threat Table
Describe the various cryptographic means of protecting its assets. descriptions will be included in the network security vulnerability and threat table for leadership
Basic information provided
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic ...
This presentation focus on cybersecurity and mainly four parts 1) Introduction to cybersecurity tools and cyber attack 2) Cybersecurity roles, processes and operating system security 3) Cybersecurity compliance, Framework and system administration 4) Network security and Database
Discuss how a successful organization should have the followin.docxcuddietheresa
Discuss how a successful organization should have the following layers of security in place for the protection of its operations: information security management, data security, and network security.
Multiple Layers of Security
Marlowe Rooks posted Mar 13, 2020 9:54 AM
Looking at Vacca”s book chapter 1, “Information security management as a field is ever increasing in demand and responsibility because most organizations spend increasingly larger percentages of their IT budgets in attempting to manage risk and mitigate intrusions, not to mention the trend in many enterprises of moving all IT operations to an Internet-connected infrastructure, known as enterprise cloud computing (John R. Vacca, 2014)”. It is the organization responsibility to protect its business and its client information at all times. With that said I’m going to break down why companies need to have multiple layers of security and what types they should implement below.
The first layer is Information security management which can be from Physical Security, or Personnel Security. Physical Security can range from physical items, objects, or areas from unauthorized access and misuse. Personnel Security is to protect the individual or group of individuals who are authorized to access the organization and its operations. Some of the reason to implement Information Security is as follow:
· Decrease in downtime of IT systems
· Decrease in security related incidents
· Increase in meeting an organization's compliance requirements and standards
· Increase in customer satisfaction, demonstrating that security issues are tackled in the most appropriate manner
· Increase in quality of service
· Process approach adoption, which helps account for all legal and regulatory requirements
· More easily identifiable and managed risks
· Also covers information security (IS) (in addition to IT information security)
· Provides a competitive edge to an organization with the help of tackling risks and managing resources/processes
The second layer would be Data Security which can be refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Data security includes data encryption, tokenization, and key management practices that protect data across all applications and platforms. Some of the reason to implement Data Security is as follow:
· Cloud access security – Protection platform that allows you to move to the cloud securely while protecting data in cloud applications.
· Data encryption – Data-centric and tokenization security solutions that protect data across enterprise, cloud, mobile and big data environments.
· Web Browser Security - Protects sensitive data captured at the browser, from the point the customer enters cardholder or personal data, and keeps it protected through the ecosystem to the trusted host destination.
· Mobile App Security - Protecting sensitive data in native mobile apps while safeguarding the data end-to-end.
· eMai ...
Discuss how a successful organization should have the followin.docxsalmonpybus
Discuss how a successful organization should have the following layers of security in place for the protection of its operations: information security management, data security, and network security.
Multiple Layers of Security
Marlowe Rooks posted Mar 13, 2020 9:54 AM
Looking at Vacca”s book chapter 1, “Information security management as a field is ever increasing in demand and responsibility because most organizations spend increasingly larger percentages of their IT budgets in attempting to manage risk and mitigate intrusions, not to mention the trend in many enterprises of moving all IT operations to an Internet-connected infrastructure, known as enterprise cloud computing (John R. Vacca, 2014)”. It is the organization responsibility to protect its business and its client information at all times. With that said I’m going to break down why companies need to have multiple layers of security and what types they should implement below.
The first layer is Information security management which can be from Physical Security, or Personnel Security. Physical Security can range from physical items, objects, or areas from unauthorized access and misuse. Personnel Security is to protect the individual or group of individuals who are authorized to access the organization and its operations. Some of the reason to implement Information Security is as follow:
· Decrease in downtime of IT systems
· Decrease in security related incidents
· Increase in meeting an organization's compliance requirements and standards
· Increase in customer satisfaction, demonstrating that security issues are tackled in the most appropriate manner
· Increase in quality of service
· Process approach adoption, which helps account for all legal and regulatory requirements
· More easily identifiable and managed risks
· Also covers information security (IS) (in addition to IT information security)
· Provides a competitive edge to an organization with the help of tackling risks and managing resources/processes
The second layer would be Data Security which can be refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Data security includes data encryption, tokenization, and key management practices that protect data across all applications and platforms. Some of the reason to implement Data Security is as follow:
· Cloud access security – Protection platform that allows you to move to the cloud securely while protecting data in cloud applications.
· Data encryption – Data-centric and tokenization security solutions that protect data across enterprise, cloud, mobile and big data environments.
· Web Browser Security - Protects sensitive data captured at the browser, from the point the customer enters cardholder or personal data, and keeps it protected through the ecosystem to the trusted host destination.
· Mobile App Security - Protecting sensitive data in native mobile apps while safeguarding the data end-to-end.
· eMai.
best usage and for seminar purpose and best quality and every points included..best designed backgroud according to the subject and can use any higher classes like 11 and 12 and stricty not usage for any lower classes because it contains more detailed points and lower classes will cannot able to understand it very clearly...
This presentation focus on cybersecurity and mainly four parts 1) Introduction to cybersecurity tools and cyber attack 2) Cybersecurity roles, processes and operating system security 3) Cybersecurity compliance, Framework and system administration 4) Network security and Database
Discuss how a successful organization should have the followin.docxcuddietheresa
Discuss how a successful organization should have the following layers of security in place for the protection of its operations: information security management, data security, and network security.
Multiple Layers of Security
Marlowe Rooks posted Mar 13, 2020 9:54 AM
Looking at Vacca”s book chapter 1, “Information security management as a field is ever increasing in demand and responsibility because most organizations spend increasingly larger percentages of their IT budgets in attempting to manage risk and mitigate intrusions, not to mention the trend in many enterprises of moving all IT operations to an Internet-connected infrastructure, known as enterprise cloud computing (John R. Vacca, 2014)”. It is the organization responsibility to protect its business and its client information at all times. With that said I’m going to break down why companies need to have multiple layers of security and what types they should implement below.
The first layer is Information security management which can be from Physical Security, or Personnel Security. Physical Security can range from physical items, objects, or areas from unauthorized access and misuse. Personnel Security is to protect the individual or group of individuals who are authorized to access the organization and its operations. Some of the reason to implement Information Security is as follow:
· Decrease in downtime of IT systems
· Decrease in security related incidents
· Increase in meeting an organization's compliance requirements and standards
· Increase in customer satisfaction, demonstrating that security issues are tackled in the most appropriate manner
· Increase in quality of service
· Process approach adoption, which helps account for all legal and regulatory requirements
· More easily identifiable and managed risks
· Also covers information security (IS) (in addition to IT information security)
· Provides a competitive edge to an organization with the help of tackling risks and managing resources/processes
The second layer would be Data Security which can be refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Data security includes data encryption, tokenization, and key management practices that protect data across all applications and platforms. Some of the reason to implement Data Security is as follow:
· Cloud access security – Protection platform that allows you to move to the cloud securely while protecting data in cloud applications.
· Data encryption – Data-centric and tokenization security solutions that protect data across enterprise, cloud, mobile and big data environments.
· Web Browser Security - Protects sensitive data captured at the browser, from the point the customer enters cardholder or personal data, and keeps it protected through the ecosystem to the trusted host destination.
· Mobile App Security - Protecting sensitive data in native mobile apps while safeguarding the data end-to-end.
· eMai ...
Discuss how a successful organization should have the followin.docxsalmonpybus
Discuss how a successful organization should have the following layers of security in place for the protection of its operations: information security management, data security, and network security.
Multiple Layers of Security
Marlowe Rooks posted Mar 13, 2020 9:54 AM
Looking at Vacca”s book chapter 1, “Information security management as a field is ever increasing in demand and responsibility because most organizations spend increasingly larger percentages of their IT budgets in attempting to manage risk and mitigate intrusions, not to mention the trend in many enterprises of moving all IT operations to an Internet-connected infrastructure, known as enterprise cloud computing (John R. Vacca, 2014)”. It is the organization responsibility to protect its business and its client information at all times. With that said I’m going to break down why companies need to have multiple layers of security and what types they should implement below.
The first layer is Information security management which can be from Physical Security, or Personnel Security. Physical Security can range from physical items, objects, or areas from unauthorized access and misuse. Personnel Security is to protect the individual or group of individuals who are authorized to access the organization and its operations. Some of the reason to implement Information Security is as follow:
· Decrease in downtime of IT systems
· Decrease in security related incidents
· Increase in meeting an organization's compliance requirements and standards
· Increase in customer satisfaction, demonstrating that security issues are tackled in the most appropriate manner
· Increase in quality of service
· Process approach adoption, which helps account for all legal and regulatory requirements
· More easily identifiable and managed risks
· Also covers information security (IS) (in addition to IT information security)
· Provides a competitive edge to an organization with the help of tackling risks and managing resources/processes
The second layer would be Data Security which can be refers to the process of protecting data from unauthorized access and data corruption throughout its lifecycle. Data security includes data encryption, tokenization, and key management practices that protect data across all applications and platforms. Some of the reason to implement Data Security is as follow:
· Cloud access security – Protection platform that allows you to move to the cloud securely while protecting data in cloud applications.
· Data encryption – Data-centric and tokenization security solutions that protect data across enterprise, cloud, mobile and big data environments.
· Web Browser Security - Protects sensitive data captured at the browser, from the point the customer enters cardholder or personal data, and keeps it protected through the ecosystem to the trusted host destination.
· Mobile App Security - Protecting sensitive data in native mobile apps while safeguarding the data end-to-end.
· eMai.
best usage and for seminar purpose and best quality and every points included..best designed backgroud according to the subject and can use any higher classes like 11 and 12 and stricty not usage for any lower classes because it contains more detailed points and lower classes will cannot able to understand it very clearly...
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...VOROR
While your organisation may have a series of cybersecurity protocols already in place, a supply chain attack requires you to prepare for data compromises that occur through the vulnerabilities in your vendor’s security protocols.
As vendors exist in a vast user network, a single compromised vendor results in multiple corporations suffering a data breach. This makes threats to the supply chain one of the most effective forms of cyberattacks because they access multiple targets from a single entry point. Website : https://voror.io
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
Running head: Assignment 1: Identifying Potential Malicious Attacks, Threats and Vulnerabilities1
Identifying Potential Malicious Attacks, Threats and Vulnerabilities3
Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
LaRonda McKay
Strayer University
Professor Robert Whale
CIS333 Fundamentals of Networking Security Systems
January 28, 2017
Identifying Potential Malicious Attacks, Threats, and Vulnerabilities.
The company is not alone in its dependence upon networking technology, which is essential to remaining competitive in today's video game software marketplace. The connectivity introduced by networking and computer technologies also introduces an enormous number of vulnerabilities that can compromise the confidentiality, integrity, and availability of the company's information. However, for each vulnerability there are countermeasures that can be implemented to would be intruders. Following are a series of vulnerability examples and countermeasure solutions that should be implemented by the company to avoid data loss and an information security incident.Existing Network Vulnerabilities
Wireless WPS Vulnerabilities
WPA2 is the most current version of standard based wireless network security to protect data confidentiality as it is transported over the wireless network. WPA2 includes major changes that address the shortcomings of both WPA and WEP. WPA2 includes the use of mandatory AES encryption, no longer supporting RC4 and TKIP. WPA2 also addresses most of the security issues that have been uncovered in WPA so that wireless networks protected with WPA2 can be considered as much more secure. However, as with all security measures, flaws are usually found and WPA2 is no different. Like WPA, the WPA2 implementation provides support for a feature called WPS or Wi-Fi Protected Setup, which is included to ease the setup and configuration of wireless network devices by leveraging a device specific pin number for use in automatically configuring pass-phrases between the AP unit and wireless clients, (Fitzpatrick, 2013). Unfortunately, this feature has a critical flaw that, with time (up to 10 hours are required), using software such as the free for download “Reaver” tool, penetration of a WPA2 protected wireless network is trivial. Hence, if implementing a WPA2 protected wireless network, make sure that all wireless network AP units are capable of disabling the WPS feature prior to deployment, (Fitzpatrick, 2013).
Wireless Network Confidentiality Vulnerabilities
Wireless network hackers use sniffer programs that contain additional, special “hacking” features designed to simplify the process of wireless network penetration. For example, the Airsnort wireless network sniffer is used by wireless hackers to sniff (capture) wireless network packets, collect those packets used in authentication exchange between an AP and its client devices. And then crack the pass ...
Mill proposes his Art of Life, but he also insists that it is not ve.docxhealdkathaleen
Mill proposes his Art of Life, but he also insists that it is not very developed -- there is an immense amount of work to be done to get it in shape. We know relatively little about what will actually make our lives richly moral, useful, and beautiful. What sort of things might contribute to improving our understanding of how to enrich our lives in this way? That is, what could someone do to develop and extend the Art of Life?
DUE by wed @ 10am central time
somebody have something useful post it and i will look/buy
.
Milford Bank and Trust Company is revamping its credit management de.docxhealdkathaleen
Milford Bank and Trust Company is revamping its credit management department to more effectively manage credit analysis. As the credit manager for the bank, draft a 750-word report for the board of directors explaining the three C's of credit. Make sure to address the following:
Character
Capacity
Capital
Also, explain what the acronym CAMEL means, which is used with the third C (capital)?
.
milies (most with teenage children) and the Baby Boomers (teens and .docxhealdkathaleen
milies (most with teenage children) and the Baby Boomers (teens and college-age young people). The film industry and the changes to it are deeply divided in this schism. On the one hand, musicals (Sound of Music), World War II war films (The Great Escape) and historical epics (Dr. Zhivago) drove the adult market. Rebellion, sex and individual-minded heroes drove the youth market (Easy Rider, Bonnie and Clyde, The Graduate.) By the end of the decade, the tastes of the counter-culture youth had won. Anti-war film (Catch-22), flawed characters as heroes (The Good, the Bad, and the Ugly) and sexual issues (Midnight Cowboy, Butterfield 8, Valley of the Dolls) dominated the screen.
Question 1: What are some of the benefits of the Boomer generation's rebellion and changes to Hollywood in the 1960s?
Question 2: What are some of the drawbacks of having film dominated by the demands of an audience that was under the age of 25?
Directions:
Using word processing software to save and submit your work, please answer the following short answer questions. All responses to questions should be one to two paragraphs, composed of five to seven sentences, in length.
Your responses should include examples from the reading assignments.
1. Trace the development of the early documentary film career of Jean Rouch. What were his objectives as an ethnographic filmmaker during the 1950s? What formal techniques did he use to express these objectives?
2. How did Direct Cinema succeed in transforming documentary filmmaking during the late 1950s and early 1960s? Why did American documentary makers adopt this style, and in what ways did this choice influence their films? In what ways were their films also influenced by technological developments?
3. Compare and contrast two of the most prominent trends in avant-garde filmmaking from the 1940s to the 1960s: the experimental narrative and the lyrical film. How did both trends make use of abstract imagery and structure, and for what purposes?
4. What were the notable (and notorious) qualities that characterized the American underground film of the 1960s?
5. Analyze the important social, economic, and industrial factors leading up to the emergence of the New Hollywood in the early 1970s. What were the causes of the industry-wide recession of 1969 to 1970? What new audiences did the Majors subsequently attempt to target?
6. How did European art cinema conventions influence the filmmakers of the New Hollywood? In what ways did art cinema narrational and stylistic techniques infuse new life into standard Hollywood genres?
7. Trace the evolution of the Hollywood studio system's economic recovery in the middle and late 1970s. What were the important blockbusters of the period?
8. Compare and contrast the approaches of Steven Spielberg and Martin Scorsese to studio filmmaking. In what ways did each director "revise" genres from the classical Hollywood era? How did t.
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxhealdkathaleen
Midterm Paper - Recombinant DNA Technology
Some scientists are concerned that genetic engineering allows humans to tamper with evolution. Argue either for or against this position.
This is a written paper to upload. The paper should be 2 to 3 pages in length with 1.5 line spacing, font size 12, and should be APA formatted. The readings for weeks 1 through 4, assignments and discussion activities in the same weeks prepare students to complete this assignment.
.
Midterm Study GuideAnswers need to be based on the files i will em.docxhealdkathaleen
Midterm Study Guide
Answers need to be based on the files i will email you
Identify
Liberation theology
Mujerista
theology
Popular religiosity
Mestizaje
James Cone
Gustavo Gutiérrez
‘adamah
‘adam
‘ish
ishsha
ex nihilio
‘ezer
Neged
tardemah
Beersheba
covenant
Moriah
‘hesed
Long Essay
Using
at least
three (3) course readings, be prepared to discuss the theological perspectives, controversies and/or issues on the following subjects:
The Book of Genesis’ two creation stories and their depictions of God, humanity, and the created world.
Hermeneutical process for interpreting biblical texts and the issues taken into consideration
Equality between man and woman, biblical and cultural perspectives.
How did sin enter the world, God’s role, humanity’s role, consequences.
.
Michelle Carroll is a coworker of yours and she overheard a conversa.docxhealdkathaleen
Michelle Carroll is a coworker of yours and she overheard a conversation at work about changes that her boss wants to make in accounting for uncollectible accounts receivable. She does not know a lot about accounting and wants to understand about what she overheard.
In an email, she asks you to explain the following:
The three different methods that can be used to account for uncollectible accounts receivable, specifically:
percentage of receivables
percentage of sales
the direct write-off methods
Reply to her email about these differences.
.
Michelle is attending college and has a part-time job. Once she fini.docxhealdkathaleen
Michelle is attending college and has a part-time job. Once she finishes college, Michelle would like to relocate to a metropolitan area. She wants to build her savings so that she will have a "nest egg" to start her off. Michelle works out her budget and decides she can afford to set aside $160 per month for savings. Her bank will pay her 12% annually on her savings account. What will Michelle's balance be in 2 years?
.
Midterm Assignment Instructions (due 31 August)
The mid-term essay will be the development of a general threat analysis of the US using the perspective of a foreign intelligence entity or service.
Foreign Intelligence Entity (FIE) Threat Analysis
The CIA's Counterintelligence Center Analysis Group (CIC/AG) identifies, monitors, and analyzes the efforts of FIEs against US persons, activities, and interests. CIC/AG analysts focus on two specific types of counterintelligence threats to US national security:
1. Transnational threats, such as the counterintelligence aspect of terrorism or the threats posed by emerging or changing technologies to the US Government, intelligence operations, and US Government information systems; and
2. Threats posed by FIEs and their activities.
Value:
This Assignment counts for 40% of your Final Course Grade for this course.
Objective:
This assignment, in accordance with undergraduate academic endeavors, provides an opportunity to evaluate assimilation of course topics, and sharpen and evaluate students' research & critical thinking skills. The assignment is driven & tested by a combination of course materials and external self-led research (depending upon essay[s] selected); analyzed and presented in essay(s) form.
Type:
This assignment consists of a research analysis paper approximately
six to eight pages in length, double-spaced
(This page count does not include a title page, abstract (optional), table of contents (optional), Reference/Bibliography page(s), or Endnotes page(s) (if used)). The source material should result primarily from self-led external research of scholarly articles. In addition, the course required reading materials may be used. The paper should have six to eight pages of content which are the written results of your research efforts.
Topic:
Develop a general threat analysis of a Foreign Intelligence Entity (FIE) of your choosing that is targeting the US. Examples include Russia's SVR, Iran's MOIS, Al Qaeda (or any of its 'subsidiaries'), North Korea's Reconnaissance Bureau, or Venezuela's Bolivarian National Intelligence Service, etc.
A FIE is any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence U.S. policy, or disrupt U.S. systems and programs. This term includes a foreign intelligence and security service [FISS] and international terrorist organizations. (JP 1-02; JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011; and DoDD 5240.06, CIAR, 17 May 2011)
The components of your FIE threat analysis should include a full overview of the FIE (strength, location, organizational structures (if known), whether they operate under official cover or operate under unofficial cover--inside corporations, etc.). Detail the FIE's mission, and specific known and suspected US targets.
[Do not select the .
More Related Content
Similar to Running head Cryptography1Cryptography16.docx
Designing Security Assessment of Client Server System using Attack Tree Modelingijtsrd
Information security has grown as a prominent issue in our digital life. The network security is becoming more significant as the volume of data being exchanged over net increases day by day. Attack trees AT technique play an important role to investigate the threat analysis problem to known cyber attacks for risk assessment. The technique is especially effective in assessing and managing the risks from hostile, intelligent adversaries. It is useful for analyzing threats against assets ranging from information systems to physical infrastructure. By using attack tree modeling analysis an organization can understand the ways in which they will be attacked, determine the likelihood and impact damage of these attacks and decide what action to take where the risks are unacceptable. This paper describes the attack tree model for organization based on Client Server Network. It provides the ways for defending and preventing sensitive information from attackers. Attack tree modeling provides for effective security solutions, cost effective security solutions and defensible risk mitigation decisions. Sandar Pa Pa Thein | Phyu Phyu | Thin Thin Swe "Designing Security Assessment of Client- Server System using Attack Tree Modeling" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-5 , August 2019, URL: https://www.ijtsrd.com/papers/ijtsrd26727.pdf Paper URL: https://www.ijtsrd.com/engineering/computer-engineering/26727/designing-security-assessment-of-client--server-system-using-attack-tree-modeling/sandar-pa-pa-thein
How To Learn The Network Security
Slide berikut merupakan slide yang berisikan dasar-dasar bagi kita dalam memahami konsep keamanan jaringan komputer, baik dari sisi inftrastruktur, teknologi dan paradigma bagi pengguna.
Materi yang diberikan sudah disusun oleh Pakar yang merupakan Trainer CEH dan memang berkompeten dibidang keamanan jaringan.
Slide ini saya dapatkan dari beliau saat mengikut training Certified Computer Security Officer (CCSO) dan Certified Computer Security Analyst (CCSA) dari beliau.
Semoga bermanfaat sebagai acuan bagi kita untuk belajar tentang keamanan jaringan komputer.
Terimakasih
Looking to understand how hackers and other attackers use cyber technology to attack your network and your executives? This slide set provides an overview and details the anatomy of a cyber attack, and the strategies you can use to manage and mitigate risk.
SECURITY TOOLS AND PRACTICES THAT ARE MINIMISING THE SURGE IN SUPPLY CHAIN AT...VOROR
While your organisation may have a series of cybersecurity protocols already in place, a supply chain attack requires you to prepare for data compromises that occur through the vulnerabilities in your vendor’s security protocols.
As vendors exist in a vast user network, a single compromised vendor results in multiple corporations suffering a data breach. This makes threats to the supply chain one of the most effective forms of cyberattacks because they access multiple targets from a single entry point. Website : https://voror.io
Top Cyber Security Interview Questions and Answers 2022.pdfCareerera
Cyber security positions have considerably taken the top list in the job market. Candidates vying for elite positions in the field of cyber security certainly need a clear-cut and detailed guide to channeling their preparation for smooth career growth, beginning with getting a job. We have curated the top cyber security interview questions that will help candidates focus on the key areas. We have classified the regularly asked cyber security interview questions here, in this article into different levels starting from basic general questions to advanced technical ones.
Before we move on to the top cyber security interview questions, it is critical to reflect on the vitality of cyber security in our modern times and how cyber security professionals are catering to the needs of securing a safe cyber ecosystem.
The times we live in is defined by the digital transition, in which the internet, electronic devices, and computers have become an integral part of our daily life. Institutions that serve our daily needs, such as banks and hospitals, now rely on internet-connected equipment to give the best possible service. A portion of their data, such as financial and personal information, has become vulnerable to illegal access, posing serious risks. Intruders utilize this information to carry out immoral and criminal goals.
Cyber-attacks have jeopardized the computer system and its arrangements, which has now become a global concern. To safeguard data from security breaches, a comprehensive cyber security policy is needed now more than ever. The rising frequency of cyber-attacks has compelled corporations and organizations working with national security and sensitive data to implement stringent security procedures and restrictions.
Computers, mobile devices, servers, data, electronic systems, networks, and other systems connected to the internet must be protected from harmful attacks. Cybersecurity, which is a combination of the words "cyber" and "security," provides this protection. 'Cyber' imbibes the vast-ranging technology with systems, networks, programs, and data in the aforementioned procedure. The phrase "security" refers to the process of protecting data, networks, applications, and systems. In a nutshell,
cyber security is a combination of principles and approaches that assist prevent unwanted access to data, networks, programs, and devices by meeting the security needs of technological resources (computer-based) and online databases.
Running head Assignment 1 Identifying Potential Malicious Attack.docxsusanschei
Running head: Assignment 1: Identifying Potential Malicious Attacks, Threats and Vulnerabilities1
Identifying Potential Malicious Attacks, Threats and Vulnerabilities3
Assignment 1: Identifying Potential Malicious Attacks, Threats, and Vulnerabilities
LaRonda McKay
Strayer University
Professor Robert Whale
CIS333 Fundamentals of Networking Security Systems
January 28, 2017
Identifying Potential Malicious Attacks, Threats, and Vulnerabilities.
The company is not alone in its dependence upon networking technology, which is essential to remaining competitive in today's video game software marketplace. The connectivity introduced by networking and computer technologies also introduces an enormous number of vulnerabilities that can compromise the confidentiality, integrity, and availability of the company's information. However, for each vulnerability there are countermeasures that can be implemented to would be intruders. Following are a series of vulnerability examples and countermeasure solutions that should be implemented by the company to avoid data loss and an information security incident.Existing Network Vulnerabilities
Wireless WPS Vulnerabilities
WPA2 is the most current version of standard based wireless network security to protect data confidentiality as it is transported over the wireless network. WPA2 includes major changes that address the shortcomings of both WPA and WEP. WPA2 includes the use of mandatory AES encryption, no longer supporting RC4 and TKIP. WPA2 also addresses most of the security issues that have been uncovered in WPA so that wireless networks protected with WPA2 can be considered as much more secure. However, as with all security measures, flaws are usually found and WPA2 is no different. Like WPA, the WPA2 implementation provides support for a feature called WPS or Wi-Fi Protected Setup, which is included to ease the setup and configuration of wireless network devices by leveraging a device specific pin number for use in automatically configuring pass-phrases between the AP unit and wireless clients, (Fitzpatrick, 2013). Unfortunately, this feature has a critical flaw that, with time (up to 10 hours are required), using software such as the free for download “Reaver” tool, penetration of a WPA2 protected wireless network is trivial. Hence, if implementing a WPA2 protected wireless network, make sure that all wireless network AP units are capable of disabling the WPS feature prior to deployment, (Fitzpatrick, 2013).
Wireless Network Confidentiality Vulnerabilities
Wireless network hackers use sniffer programs that contain additional, special “hacking” features designed to simplify the process of wireless network penetration. For example, the Airsnort wireless network sniffer is used by wireless hackers to sniff (capture) wireless network packets, collect those packets used in authentication exchange between an AP and its client devices. And then crack the pass ...
Similar to Running head Cryptography1Cryptography16.docx (14)
Mill proposes his Art of Life, but he also insists that it is not ve.docxhealdkathaleen
Mill proposes his Art of Life, but he also insists that it is not very developed -- there is an immense amount of work to be done to get it in shape. We know relatively little about what will actually make our lives richly moral, useful, and beautiful. What sort of things might contribute to improving our understanding of how to enrich our lives in this way? That is, what could someone do to develop and extend the Art of Life?
DUE by wed @ 10am central time
somebody have something useful post it and i will look/buy
.
Milford Bank and Trust Company is revamping its credit management de.docxhealdkathaleen
Milford Bank and Trust Company is revamping its credit management department to more effectively manage credit analysis. As the credit manager for the bank, draft a 750-word report for the board of directors explaining the three C's of credit. Make sure to address the following:
Character
Capacity
Capital
Also, explain what the acronym CAMEL means, which is used with the third C (capital)?
.
milies (most with teenage children) and the Baby Boomers (teens and .docxhealdkathaleen
milies (most with teenage children) and the Baby Boomers (teens and college-age young people). The film industry and the changes to it are deeply divided in this schism. On the one hand, musicals (Sound of Music), World War II war films (The Great Escape) and historical epics (Dr. Zhivago) drove the adult market. Rebellion, sex and individual-minded heroes drove the youth market (Easy Rider, Bonnie and Clyde, The Graduate.) By the end of the decade, the tastes of the counter-culture youth had won. Anti-war film (Catch-22), flawed characters as heroes (The Good, the Bad, and the Ugly) and sexual issues (Midnight Cowboy, Butterfield 8, Valley of the Dolls) dominated the screen.
Question 1: What are some of the benefits of the Boomer generation's rebellion and changes to Hollywood in the 1960s?
Question 2: What are some of the drawbacks of having film dominated by the demands of an audience that was under the age of 25?
Directions:
Using word processing software to save and submit your work, please answer the following short answer questions. All responses to questions should be one to two paragraphs, composed of five to seven sentences, in length.
Your responses should include examples from the reading assignments.
1. Trace the development of the early documentary film career of Jean Rouch. What were his objectives as an ethnographic filmmaker during the 1950s? What formal techniques did he use to express these objectives?
2. How did Direct Cinema succeed in transforming documentary filmmaking during the late 1950s and early 1960s? Why did American documentary makers adopt this style, and in what ways did this choice influence their films? In what ways were their films also influenced by technological developments?
3. Compare and contrast two of the most prominent trends in avant-garde filmmaking from the 1940s to the 1960s: the experimental narrative and the lyrical film. How did both trends make use of abstract imagery and structure, and for what purposes?
4. What were the notable (and notorious) qualities that characterized the American underground film of the 1960s?
5. Analyze the important social, economic, and industrial factors leading up to the emergence of the New Hollywood in the early 1970s. What were the causes of the industry-wide recession of 1969 to 1970? What new audiences did the Majors subsequently attempt to target?
6. How did European art cinema conventions influence the filmmakers of the New Hollywood? In what ways did art cinema narrational and stylistic techniques infuse new life into standard Hollywood genres?
7. Trace the evolution of the Hollywood studio system's economic recovery in the middle and late 1970s. What were the important blockbusters of the period?
8. Compare and contrast the approaches of Steven Spielberg and Martin Scorsese to studio filmmaking. In what ways did each director "revise" genres from the classical Hollywood era? How did t.
Midterm Paper - Recombinant DNA TechnologySome scientists are conc.docxhealdkathaleen
Midterm Paper - Recombinant DNA Technology
Some scientists are concerned that genetic engineering allows humans to tamper with evolution. Argue either for or against this position.
This is a written paper to upload. The paper should be 2 to 3 pages in length with 1.5 line spacing, font size 12, and should be APA formatted. The readings for weeks 1 through 4, assignments and discussion activities in the same weeks prepare students to complete this assignment.
.
Midterm Study GuideAnswers need to be based on the files i will em.docxhealdkathaleen
Midterm Study Guide
Answers need to be based on the files i will email you
Identify
Liberation theology
Mujerista
theology
Popular religiosity
Mestizaje
James Cone
Gustavo Gutiérrez
‘adamah
‘adam
‘ish
ishsha
ex nihilio
‘ezer
Neged
tardemah
Beersheba
covenant
Moriah
‘hesed
Long Essay
Using
at least
three (3) course readings, be prepared to discuss the theological perspectives, controversies and/or issues on the following subjects:
The Book of Genesis’ two creation stories and their depictions of God, humanity, and the created world.
Hermeneutical process for interpreting biblical texts and the issues taken into consideration
Equality between man and woman, biblical and cultural perspectives.
How did sin enter the world, God’s role, humanity’s role, consequences.
.
Michelle Carroll is a coworker of yours and she overheard a conversa.docxhealdkathaleen
Michelle Carroll is a coworker of yours and she overheard a conversation at work about changes that her boss wants to make in accounting for uncollectible accounts receivable. She does not know a lot about accounting and wants to understand about what she overheard.
In an email, she asks you to explain the following:
The three different methods that can be used to account for uncollectible accounts receivable, specifically:
percentage of receivables
percentage of sales
the direct write-off methods
Reply to her email about these differences.
.
Michelle is attending college and has a part-time job. Once she fini.docxhealdkathaleen
Michelle is attending college and has a part-time job. Once she finishes college, Michelle would like to relocate to a metropolitan area. She wants to build her savings so that she will have a "nest egg" to start her off. Michelle works out her budget and decides she can afford to set aside $160 per month for savings. Her bank will pay her 12% annually on her savings account. What will Michelle's balance be in 2 years?
.
Midterm Assignment Instructions (due 31 August)
The mid-term essay will be the development of a general threat analysis of the US using the perspective of a foreign intelligence entity or service.
Foreign Intelligence Entity (FIE) Threat Analysis
The CIA's Counterintelligence Center Analysis Group (CIC/AG) identifies, monitors, and analyzes the efforts of FIEs against US persons, activities, and interests. CIC/AG analysts focus on two specific types of counterintelligence threats to US national security:
1. Transnational threats, such as the counterintelligence aspect of terrorism or the threats posed by emerging or changing technologies to the US Government, intelligence operations, and US Government information systems; and
2. Threats posed by FIEs and their activities.
Value:
This Assignment counts for 40% of your Final Course Grade for this course.
Objective:
This assignment, in accordance with undergraduate academic endeavors, provides an opportunity to evaluate assimilation of course topics, and sharpen and evaluate students' research & critical thinking skills. The assignment is driven & tested by a combination of course materials and external self-led research (depending upon essay[s] selected); analyzed and presented in essay(s) form.
Type:
This assignment consists of a research analysis paper approximately
six to eight pages in length, double-spaced
(This page count does not include a title page, abstract (optional), table of contents (optional), Reference/Bibliography page(s), or Endnotes page(s) (if used)). The source material should result primarily from self-led external research of scholarly articles. In addition, the course required reading materials may be used. The paper should have six to eight pages of content which are the written results of your research efforts.
Topic:
Develop a general threat analysis of a Foreign Intelligence Entity (FIE) of your choosing that is targeting the US. Examples include Russia's SVR, Iran's MOIS, Al Qaeda (or any of its 'subsidiaries'), North Korea's Reconnaissance Bureau, or Venezuela's Bolivarian National Intelligence Service, etc.
A FIE is any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence U.S. policy, or disrupt U.S. systems and programs. This term includes a foreign intelligence and security service [FISS] and international terrorist organizations. (JP 1-02; JP 2-01.2, CI & HUMINT in Joint Operations, 16 Mar 2011; and DoDD 5240.06, CIAR, 17 May 2011)
The components of your FIE threat analysis should include a full overview of the FIE (strength, location, organizational structures (if known), whether they operate under official cover or operate under unofficial cover--inside corporations, etc.). Detail the FIE's mission, and specific known and suspected US targets.
[Do not select the .
Milestone 2Outline of Final PaperYou will create a robust.docxhealdkathaleen
Milestone 2:
Outline of Final Paper
You will create a robust and comprehensive outline of your research paper. The outline should include:
Title of paper
Abstract
Introduction
Major points/arguments
At least three solutions
List scholarly resources to support your major points/arguments and solutions. At least six scholarly references are required.
.
MigrationThe human population has lived a rural lifestyle thro.docxhealdkathaleen
Migration
The human population has lived a rural lifestyle through most of history. The world’s population, however, is quickly becoming urbanized as people migrate to the cities. Developed nations have a higher percentage of urban residents than less developed countries. However, urbanization is occurring rapidly in many less developed countries, and it is expected that most urban growth will occur in less developed countries during the next decades.
In this Case, you are to select a country (not Nigeria and Canada) which is experiencing rural-urban migration and answer the following questions.
1. Identify the Country you have selected and briefly describe its demographics.
2. Discuss the factors that are driving rural-urban migration in your selected country? (Hint: Migration is often explained in terms of either “push factors” – conditions in the place of origin which are perceived by migrants as detrimental to their well-being or economic security, and “pull factors” – the circumstances in new places that attract individuals to move there).
3. Describe the impact of rural-urban migration in your selected country? Consider health, environmental, economic and social implications.
.
Mid-TermDismiss Mid-Term1) As you consider the challenges fa.docxhealdkathaleen
Mid-Term
Dismiss Mid-Term
1) As you consider the challenges facing Non-for Profit (NFP’s) in this economic environment: what are some of the factors that could promote sustainability for an organization?
2) How can an organization’s mission get compromised?
I’m interested in clear ideas and thoughts that are drawn from the class conversations, speakers, class excursions and readings for this assignment. The paper should be three pages and submitted on D2L
.
MicroeconomicsUse what you have learned about economic indicators .docxhealdkathaleen
Microeconomics
Use what you have learned about economic indicators to assess 10 different indicators. To add some more clarity to this, do the following:
1. Define 10 economic indicators.
2. For each, show how the US has performed, you can do this either by providing the numbers or by showing them graphically.
3. For each, in 100-150 words, give a brief interpretation of the numbers, in your opinion.
Cite the source of your data.
.
Michael Dell began building and selling computers from his dorm room.docxhealdkathaleen
Michael Dell began building and selling computers from his dorm room at age 19. He dropped out of the University of Texas when his sales hit $60 million and has never looked back. Dell is said to be the fifteenth richest man in America, and the youngest CEO to make the Fortune 500. Intensely private and notoriously shy, Dell is hailed as a corporate wonder-kid. He climbed to the top by exploiting tax loopholes, outsourcing the competition, and inventing a term called “leveraged recapitalization.”
First, review the following case study:
Michael Dell—The man behind Dell: Leading Dell into the future
Then, address the following tasks:
Analyze Dell’s philosophy as it relates to the role of change in organizational success.
Determine how Dell’s philosophy would be perceived in a low performing culture.
Identify which performing culture best suits your philosophy regarding change management and provide your rationale.
Consider the way Dell started his company; determine what market conditions made the business possible.
Discuss Dell’s approach to building his brand.
Develop a 4–6-slide presentation in PowerPoint format, utilizing at least two scholarly sources (in addition to your textbook) to complete your research, ensuring you cite references within the text and at the end in a reference list. Apply APA standards to the citation of sources. Use the following file naming convention: LastnameFirstInitial_M2_A2.ppt.
Make sure you write in a clear, concise, and organized manner; demonstrate ethical scholarship through accurate representation and attribution of sources; and display accurate spelling, grammar, and punctuation.
.
Michael is a three-year-old boy with severe seizure activity. He h.docxhealdkathaleen
Michael is a three-year-old boy with severe seizure activity. He has made friends in his inclusive preschool classroom and is usually very happy there. He has limited receptive communication skills, and when there are unexpected changes in the routine, he often reacts with disruptive or aggressive behavior. Through careful planning and the use of a picture schedule, Michael is learning to react more appropriately to schedule changes.
1.
What is meant by "limited receptive communication skills"?
2. What can be done to improve the situation for Michael?
3. What can be done to resolve disruptive behavior issues in classroom environments?
.
Michael graduates from New York University and on February 1st of th.docxhealdkathaleen
Michael graduates from New York University and on February 1st of the current year, accepts a position with a public accounting firm in Chicago. Michael is a resident of New York. In March, Michael travels to Chicago to locate a house and starts to work in June. He incurs the following expenses, none of which are reimbursed by the public accounting firm.
Item
Amount
Automobile expense en route (1,000 miles at 16.5 cents per mile - standard mileage rate)
$
165
Cost of meals en route
100
Househunting trip travel expenses
1,400
Moving van expenses
3,970
Commission on the sale of Michael's New York condominium
3,500
Points paid to acquire a mortgage on Michael's new residence in Chicago
1,000
Temporary living expenses for on week in Chicago (hotel and $100 in meals)
400
Expenses incurred in decorating the new residence
500
Total expenses
$ 11,035
Required:
a. What is Michael's moving expense deduction?
b. How are the deductible expenses classified on Michael's tax return?
c. How would your answer to Part a change if all of Michael's expenses were reimbursed by his employer and he received a check for $11,035
.
Message Using Multisim 11, please help me build a home security sys.docxhealdkathaleen
Message: Using Multisim 11, please help me build a home security system circuit using this program. The system must include a door sensor and a window sensor. There also must be a keypad included into the schematic. A code (for example, 5411) must first be entered into the key pad in order to be able to arm the sensors throughout the home (and disarm as well). Once the command is made to arm the sensors, there will be a period of 15 seconds until the sensors are active. Please .ms11 (multisim 11) files ONLY! Thanks!
.
Methodology of H&M internationalization Research purposeRe.docxhealdkathaleen
Methodology of H&M internationalization
Research purpose
Research approach
Research strategy
Case study design
Data collection method
Sample selection
Data analysis
ANALYSIS
Internalization of H&M
Choice of International markets
International entry market strategy: Brazil and China
Expansion strategy
Why do clothing retail companies enter international markets?
How do clothing retail companies select their foreign market?
How H&M choose its entry into foreign market?
How can the expansion strategies of clothing retailers companies in foreign market can be described?
Implications for management
.
Mental Disability DiscussionConsider the typification of these c.docxhealdkathaleen
Mental Disability Discussion
Consider the typification of these conditions as you respond to the questions.
Compare the American mindsets about mental illness, mental retardation, and addiction.
Explain the intentions of social work to ameliorate social problems involving these conditions.
.
Meningitis Analyze the assigned neurological disorder and prepar.docxhealdkathaleen
Meningitis
Analyze the assigned neurological disorder and prepare a report in a two- to three-page document.
Why is it important to determine whether a patient is suffering from viral or bacterial meningitis? Explain the cause, pathophysiology, manifestations, laboratory investigations, and treatment of bacterial meningitis.
Please follow the directions and use intext citation along with referances please.
Due Sat March 8, 2014
.
Memoir Format(chart this)Introduction (that captures the r.docxhealdkathaleen
Memoir Format
(chart this)
Introduction (that captures the reader’s attention)
Description of the complication
Evaluation of the complication
Resolution of the complication
Conclusion (A new revelation, insight, or question to ponder)
4 pages minimum
.
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
Model Attribute Check Company Auto PropertyCeline George
In Odoo, the multi-company feature allows you to manage multiple companies within a single Odoo database instance. Each company can have its own configurations while still sharing common resources such as products, customers, and suppliers.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Instructions for Submissions thorugh G- Classroom.pptxJheel Barad
This presentation provides a briefing on how to upload submissions and documents in Google Classroom. It was prepared as part of an orientation for new Sainik School in-service teacher trainees. As a training officer, my goal is to ensure that you are comfortable and proficient with this essential tool for managing assignments and fostering student engagement.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
1. Running head: Cryptography 1
Cryptography
16
Cryptography
Aisha Tate
UMUC
August 29, 2019
Hi Aisha
I am puzzled – didn’t we talk about a focused report for a
particular organization? Did you review the table below. Please
continue to work to improve your research skills and find peer-
reviewed/scholarly resources to support your work.
Best wishes,
Dr K
Student Name: Aisha Tate
Date: 18-Sep-2019
This form provides the same classroom instructions in a
checklist form to help students and professors quickly evaluate
a submission
2. Project 5: Requires the Following TWO Pieces
Areas to Improve
1. Paper
2. Lab Experience Report with Screenshots
1. Paper
IT Systems Architecture
You will provide this information in tabular format and call it
the Network Security and Vulnerability Threat Table
security architecture of the organization
the cryptographic means of protecting the assets of the
organization
the types of known attacks against those types of protections
means to ward off the attacks
Include and define the following components of security in the
architecture of your organization, and explain if threats to these
components are likely, or unlikely:
LAN security
identity management
physical security
personal security
availability
3. privacy
Then list the security defenses you employ in your organization
to mitigate these types of attacks.
Needs better research and writing skills
Plan of Protection
Learn more about the transmission of files that do not seem
suspicious but that actually have embedded malicious payload,
undetectable to human hearing or vision. This type of threat can
enter your organization’s networks and databases undetected
through the use of steganography or data hiding. You should
include this type of threat vector to an organization in your
report to leadership.
No details on organization or strategy?
Provide the leadership of your organization with your plan for
protecting identity, access, authorization and nonrepudiation of
information transmission, storage, and usage
Data Hiding Technologies
describe to your organization the various cryptographic means
of protecting its assets. descriptions will be included in the
network security vulnerability and threat table for leadership
Basic elements explained
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
4. Block ciphers
5. triple DES
4. 6. RSA
7. Advanced Encryption Standard (AES)
8. Symmetric encryption
9. Text block coding
Data Hiding Technologies
1. Information hiding and steganography
2. Digital watermarking
3. Masks and filtering
Network Security Vulnerability and Threat Table
Describe the various cryptographic means of protecting its
assets. descriptions will be included in the network security
vulnerability and threat table for leadership
Basic information provided
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
Access Control Based on Smart Card Strategies
Describe how identity management would be a part of your
overall security program and your CAC deployment plan:
5. 2. Lab Experience Report
Summarizes the Lab Experience and Findings
See note below*
Responds to the Questions
Provides Screenshots of Key Results
Yes
Lab Experience Report Feedback
Cryptography
Introduction
This is a security assessment report on cyber security threats
against varying cryptographic mechanisms, and sets out control
access programs to try to stop/inhibit such security threats for a
property management firm. Within the report, there will be an
overview of the property management firm’s network.
Moreover, I will try to establish the different potential threats
that the company faces. This report will also feature suggestions
for improvement such as the property management company
needs to consider the installation of stored information
protection features, as well as controlling the access of its
employees. Perhaps, the report will also explain the enrollment
of CAC (Control Access Cards) for authentication purposes????.
Then lastly, the report will cover email security and encryption
types that can be used to aid in email security.
IT System Architecture
A distributed system is the network system used within our
company’s offices. The constituents of this system includes
6. WLAN, LAN and a WAN. The office’s LAN is made up of a
computer network across a small office area. LAN is mainly
used for one purpose within the office: sharing of resources,
which includes printers and data storage infrastructures. These
connections are wired due to physical connections being fast,
they are also characterized for security enhancement. The
purpose of the WAN network is to function as an
interconnection of the office’s LAN for the entire firm. The
primary advantage of this system is that the firm’s agents and
employees can work from different workstations yet have the
access to shared company’s resources (Pirandola, 2015). The
LAN also is also connected to the internet through a firewall to
further, protect the integrity of the firm’s network. All of the
firm’s offices are connected to WLAN, this allows the firm’s
agents to connect there devices (i.e. phones and laptops) to
access to important company resources via the LAN.
LAN security
This is a wireless transmission network that covers a small
network area via private VLANs
Identity management
This is a discipline in it system management that ensure only
the allowed people have access to specific resources and their
intentions are not malicious.
Physical security
It is the installation of policies to physical threats that could
lead to destruction of the organization’s hardware and software
like theft.
Personal security
This involves the personal responsibility of the employees of
the organization to safeguard the systems data and information.
Availability
It’s the state of the organization being readily accessed when
needed.
Privacy
Is the quality of being reclusive in regard to keeping your or the
company’s information confidential
7. Table 1: components of security system architecture
Types of attacks
A cyber-attack is a deliberate use of codes to manipulate
computer systems and networks in an attempt to manipulate and
compromise the confidentially of certain information (Bennett,
201). Perhaps there are different motivations behind every
cyber-attack, such as political or social motivations. The targets
can also vary, places such as a corporate organization, the
government or an individual might be targeted by malevolent
entities. The important factor is the internet is the main channel
through which this happens. Cybersecurity attacks are carried
out by use of malicious programs like fake websites, viruses,
and unauthorized web access among many other means. The
intention can be either for financial gain or for boosting the ego
of the perpetrator through causing harm to a victim.
From the article, “Types of attacks”, we learn of the examples
and definition of the different types of cyberattacks.
1. Back door attack – this is a type attack where an attacker
takes advantage of the vulnerabilities and flaws of a system
though use of viruses, worms and Trojan horses to gain access
into system after which he sets up a backdoor (Bennett, 2014).
This allows him access to important information without the
administrator realizing.
2. Denial of service. This can be abbreviated as DDoS. Denial
of service attack is carried out by numerous systems relaying
ICMP packets to a server. The objective of this attack is
preventing access to a certain site to due to an overload of
traffic. This type of attack is one most problematic for us, as
agents of a property management firm. The main source of leads
and traffic is the website, where clients get to know our services
and can thereafter reach out. Therefore, sometimes competitors
might want to employ this ill-natured strategy to deter clients
from having the ability to reach out to us.
3. Phishing – This is an attack where something malicious is
sent through the email. At most times, they will send out a link
8. and request you to click on it (Peikert, 2016). Most times, a link
will be sent in an email requesting that a user click on it these
emails will try to eliminate all sources of suspicion by making
it look as genuine as possible. There are circumstances in which
you might be directed to download something; this could be as
innocuous as antivirus software or downloading a movie. Just as
the other types of security attacks, phishing is another attack a
property management firm can be exposed to if not careful. Our
workstations would be the primary targets of this attack, in the
hopes of deteriorating our network safeguards. Since most of
our server, information contains details on our clients; such
events might lead to the tarnishing of the name of the firm
leading to reduced client flow.
4. Use of SQL – This is a programming language, which
facilitates communication with the database. When an attacker
uses SQL, he or she will send out malicious codes, which will
lead to your database giving out more information than what it
is usually meant to share (Van Tilborg, 2014). The attacker will
do this by taking advantage of the commonly identifies SQL
vulnerabilities.
5. Cross-site scripting. This is abbreviated as XXS. This kind
of attack is targeted at vulnerable websites with weak security
systems for attaining user credentials or other classified
information. Just as the SQL, XXS is also carried out by use of
malicious codes. In XXS, the site is not the primary target but
rather its visitors (Van Tilborg, 2014). As a property
management firm, our clients who have accounts/portals on our
website are the ones who could fall prey of such as attack. This
is because on registration with the firm, a client is required to
submit confidential information about one’s property and
oneself, which is meant to be confidential between the firm and
the client.
Security mechanisms
A security mechanism consists of policies and that are meant to
detect, inhibit or recover from a security threat posed by an
attacker. Example of security mechanism include:
9. 1. Physical security – This is a mechanism that requires
installation of physical barriers to restrict access to crucial
network resources. This can include the installation of RFID
doors and the policy of who is granted access and who is not.
The advantage of this is to prevent mishandling of equipment by
new unskilled agents and to prevent criminal access.
2. Authentication – Authentication means that the information
given by a person on his or her identity is true (Katz, 2014).
These guidelines can be as deep as a three-tiered identification
process requiring a valid password, an active key, and approved
fingerprints before being authenticated. It is widely accepted
that a strong authentication process is one that involves the
incorporation of two or more of the prior mentioned three
authentication procedures. The last means of authentication is
assessment of a certain physical character trait (Katz, 2014)
3. Authorization mechanism – This involves giving the user
access to the network and whichever resource they might want
to retrieve. The administrator of the network is the person
sanctioned with the power to grant access to the network to
approved employees and contractors for the property
management firm. The managing broker of the firm will be
given access to all information on the network. On the other
hand, the agents of the firm will only have access to shared data
and data/information that they themselves have uploaded on
their personal portals in the network.
4. Data encryption – This is the formatting of information in a
way that only the intended person can decode it. This is done to
protect information from being intercepted and read by third
parties who might use the same information for hostile reasons.
This mechanism may come in handy in future efforts to strive
towards an absolute safeguard of customer data.
5. Firewalls – Firewalls enhances security policies by acting as
a boundary of two communicating networks. Use of various sets
of instructions is what is used by firewalls in deciding which of
the incoming traffic will be granted access and which are not.
6. Intrusion detection system and intrusion prevention system –
10. These security mechanisms are used to inhibit security risks and
prevent occurrence of new ones. An IDS makes use of intrusion
alerts to sense and analyse outbound and inbound network
traffic for suspicious undertakings (Rouse, 2017). In case of an
event of suspicious activity, the IDS kicks the users out of the
network accompanied by a notification to the security personnel
of the potential threat. The IDS works by examining incoming
traffic to reject harmful requests, doing this in tandem with the
IPS as a complimentary. The IPS averts threats by uncovering
malicious packets and blocking these packet carrying IPs and
notifying the security personnel of the incidence. The property
management firm needs to continue utilising both IPS and IDS
in its 24/7 operations to ensure enhanced security of the
network, below is a table showing access points and how they
can be secured.
Protection Plan
Security and protection of client’s information and assets is one
of our top priorities. So far, we have looked at the system
architecture of the property management firm, and the potential
types of cybersecurity needed by the firm, along with the
various types of mechanisms that can be deployed. The next
important step is the formulation of a protection plan, a multi-
tier system that will aid in the firm’s identification process. The
firm’s agents will be provided with personnel security cards, as
well as the installation of retina identification systems at major
access points to the company’s network. Along with the
distribution of the personnel security cards, agents will be
required to devise a PIN, which will be used complimentary to
the cards. These PINS created by the agents will be classified as
sensitive information, as such it will be expected that no one is
to share them with third parties. Moreover, the passwords/PINs
will comprise of numbers, letters, and special characters in
alphanumeric to ensure the stability of the network. A system
administrator will assign a network password to the WLAN and
only a select few of agents with valid credentials will be able to
11. access it. He will be responsible for making any future changes
when updates to the parameters for protecting the WLAN have
changed. A strong protection plan will ensure that our clients
and agents information and files is protected.
Issuance of CAC will be used to control access to the firm’s
buildings. Besides a strong six-character digit pin, the
company’s agents will have a badge with their picture,
fingerprint, name and the name of the firm on it. Outside the
building, there will be a door system which will require a
person to provide his/her fingerprint or/and the scanning of a
badge. A green light will be accompanied by an “access
granted” feedback while a red light will display “access denied”
based on assessment of a persons’ credentials. All agents will
submit their schedules to the security specialists to be
programmed in the system to ensure security. For example, any
person who randomly shows up on days in which they are not
supposed to be on duty will not be allowed entry into the firm’s
premises. So all the agents will be required to submit their
schedules so that necessary adjustment can be done to the
system to grant you access into the premises. This will be done
within 48hrs. The policy will help deny access to people who
are not supposed to be there. Perhaps, this will not only help
ensure the general security of the firm but also the company’s
personal information. Each team or group of agents will only
have access to files, which they themselves uploaded or has
been granted access to be shared as a part of company
resources. The only person supposed to have access to all files
is the managing broker only. This plan of protection will be set
in place to make sure confidential information of our clients and
agents does not land in the hands of a third party.
Nonrepudiation protections will be ensured by a digital
signature present on the CAC issued to all agents. CAC readers
will be installed on all desks besides the workstations. This will
make sure the information sent and deleted from the network
can be traced to the originator (Lord, 2017). This will help
increase accountability, as no one will be able deny their
12. culpability if found have done something which has
compromised the security of the network and its information.
Each employee and contractor will be responsible for anything
that happens while logged in through his or her card, PIN or
retina recognition system.???
Cryptography Protection
One of the several ways of encrypting data is called triple DES;
this method involves the application of a block cipher algorithm
to every data block thrice ensuring each block is always
characterized by 64 bits worth of data. As the word ‘triple’
suggests, in triple DES, data is encrypted three time, they major
downside of this process is its lagging speed. However, this
method is considered harder to break than most, making it the
most secure of the methods.
RSA is a public key encryption algorithm. It uses both the
public key and private key in its encryption process. One thing
to note is that both keys are paired, so while the public key is
distributed, the private key is not. The process starts with two
prime numbers, then the multiplication products of those
numbers and finally their exponents. Besides RSA being secure,
it is hard to crack though the encryption process lacks in pace
when encrypting large amounts of data.
Blowfish is another symmetric block cipher, this one makes use
of an adjustable key whose length can range from 32 - 448 bits,
and it can be used for foreign or domestic uses. No patent was
ever made for this cipher and so the licence for the use of this
cipher is free. Of all the bock ciphers, the blowfish is relatively
fast, however, its’ use does requires a key and the management
of said key is not easy.
Twofish, just as the Blowfish, is another type of block cipher
algorithm encryption, the difference being the length of the key
for this method only goes to 256 bits. Additionally, just as
Blowfish, it is not patented hence the availability to all users
for no profit. The advantage of using this type of encryption is
its’ considered swift as block ciphers go and can be used by
bigger CPUs as well as smartcards but because of its huge size,
13. slowdowns on the system are frequent.
Advanced Encryption Standard (AES) is another symmetrical
encryption algorithm. It constitutes AES 256, AES 192 and AES
128. Because of its symmetrical nature, the key used in its
encryption is supposed to be shared in order to decrypt.
Advanced encryption standard is usually recommended because
it is secure and the fact that it uses varying key lengths in its
encryption (Lord, 2017). One drawback is that the algebraic
structure used for decryption is generally simple and the form
used is uniform across all the blocks.
Use of AES for data encryption in our offices is highly
recommended, considering it is overall a more secure method
compared to other models of date encryption. This is promising
in terms of ensuring security for our clients as well as the firm,
more importantly, clients can securely entrust us with their most
confidential information.
Data Hiding Technologies
1. Text block coding- This technology involves the coding of
data into bits by use of collective data correcting codes
2. Digital watermarking- This is the concealment of information
within a carrier signal
3. Masks and filtering – This process is used in identification of
which section of the message has been exposed.
Network Security Vulnerability and Threat Table
DESCRIPTION
The organization’s security architecture
The system comprises of wireless switches, client devices and
Aps, which adds to the network security advantage by acting as
the basis for providing recommendations and improving the
client’s devices.
The organization’s architecture needs to be standardised in
order to it’s through this one can identify the possible
vulnerabilities and the damages the attacks can cause. WLAN
consists of independence, microcells, roaming and
infrastructure
14. Cryptographic means of protection
Cryptographic is the use of secret codes in writing. The
following requirements are necessary: non-repudiation, privacy,
authentication and integrity.
They include ECC cypher suites, CNG provider model, default
cipher suites and EAS cipher suites. Encryption and decryption
are the primary ways that ensures that there is free data flow
within the organization.
Potential attacks against the protection mechanisms
1. Malware –this is are codes intended to disorient the security
system of the organization with the aim of stealing or
destruction of data
2. Dos attacks- its main intend is disruption of the network but
with the right security measures, it can be prevented.
3. Password attacks- this is are attempts made to crack set
password with the aim of gaining access to a certain
information resource.
Measures to ward of the threats
· Malware attacks can be prevented by installation of strong and
reliable anti-malware software.
· DoS attacks can be prevented by regular update of security
software
· Setting up of hard to crack passwords is the reliable way of
curbing this type of challenge.
Data hiding and encryption technologies
· Shift cipher- it’s a technique where a letter is substituted by
another which is one more according to the alphabets.
· Polyalphabetic cipher- unlike the shift cipher, Polyalphabetic
cipher requires substitution by use of the multiple substitution
alphabets.
· Block cipher- involve an installation of algorithmic functions
which operates within a given intervals.
· Triple des- applies the DES functions of the algorithm 3 times
to the bits of the data within the infrastructure
· RSA is an encryption process meant to ensure secure
15. transmission of data
· Use of data hiding technologies such as digital watermarking,
masks and filtering and text blocks.
· Use of advanced encryption standard
· Use of symmetric encryption
CAC Deployment Strategy
CAC is a user identification method, which is a card implanted
with a chip containing information relative to the cards
owner???. It has a digital signature that allows the user/owner
to decrypt and encrypt using the card keys. The CAC
deployment plan is meant to give the agents of the firm a
common network access. During the beginning of the day,
agents will use their PINs and cards for access into the firm’s
premises. In the midst of the workday the CAC will only be
necessary when agents want to delete or upload to the network
or if they want to maintain access to the office after normal
working hours. The CAC will not be necessary whenever they
want to use the WLAN, the only necessity in this instance will
be a password. The aim of these measures is to ensure the
security of our clients, as well as the security of our employees
from cyberattacks.
Email Security Strategy
Emails and internal messaging services are the main
communication channels of the property management firm. The
agents update the clients’ information and keep track of the
clients through emails as well. Considering the number of
emails flowing through the network in a day, daytime
cyberattacks makes it easier for an attacker to find a
vulnerability within the network and gain access to important
data. In an attempt to prevent this risk, the firm has put in place
policies to ensure email security. Varying encryption
technologies can be made of use in this process, but the most
efficient method would be to use digital certificates. The
advantage of having digital certificates is that they are hard to
16. bypass, though access to data cannot be granted in the event a
key is lost. As a measure to ensure higher standards of security,
the digital certificates can be incorporated into all emails
originating for our firm, which will bring about an automatic
encryption of all the emails flowing through the network. (Any
references?)
Conclusion
We have explored the explanation and organization of the
property management firm and looked at the potential
cyberattack threats facing the firm. Moreover, I have also
looked at the various security mechanisms and policies that can
be implemented to prevent and neutralize the attacks. Given the
fact that our firm is a service delivery company, we need to
have all the security systems intact, it would behove the firm to
invest more on security in order to secure the firm’s future
clientele and their investments. As this would lead to an
increased trust between the clients, and us. This will increase
traffic to our website and our firm, and more traffic paves to
way to more profits. To ensure the security of future emails, the
company should use CAC’s steeped with digital certificates.
More attention to our email security is deserved, as this is the
firm’s main channel of communication internally and externally.
In short, strong security features will help our clients have
confidence in our company that we are handling their property
and their security with the respect they deserve.
17. References
Bennett, C. H., & Brassard, G. (2014). Quantum cryptography:
public key distribution and coin tossing. Theor. Comput.
Sci., 560(12), 7-11.
Cisco Press. (2016, February 09). Retrieved September 9, 2018,
from
http://www.ciscopress.com/articles/article.asp?p=1626588&seq
Num=2
Ledford, Jerri (2018) What is a cyber attack and how to prevent
one? Retrieved from https://www.lifewire.com/cyber-attacks-
4147067
Peikert, C. (2014, October). Lattice cryptography for the
internet. In international workshop on post-quantum
cryptography (pp. 197-219). Springer, Cham.
Peikert, C. (2016). A decade of lattice
cryptography. Foundations and Trends® in Theoretical
Computer Science, 10(4), 283-424.
Lord, Nate (2017) What is a phishing attack? Defining and
identifying different types of phishing attacks. Retrieved from
https://digitalguardian.com/blog/what-phishing-attack-defining-
and-identifying-different-types-phishing-attacks
Pirandola, S., Ottaviani, C., Spedalieri, G., Weedbrook, C.,
Braunstein, S. L., Lloyd, S., ... & Andersen, U. L. (2015). High-
rate measurement-device-independent quantum
cryptography. Nature Photonics, 9(6), 397.
Van Tilborg, H. C., & Jajodia, S. (Eds.). (2014). Encyclopedia
of cryptography and security. Springer Science & Business
Media.
Menegaz, Gery (2012) SQL Injection Attack: What is it, and
how to prevent it. Retrieved from
https://www.zdnet.com/article/sql-injection-attack-what-is-it-
and-how-to-prevent-it/
Merriam-Webster Dictionary. (n.d.). Retrieved September 19,
2018, from https://www.merriam-
18. webster.com/dictionary/cyberattack
Oppenheimer, Priscilla (2010) Developing Network Security
Strategies. Retrieved from
http://www.ciscopress.com/articles/article.asp?p=1626588&seq
Num=2
Rouse, Margaret (2017) Ransomware, defend your data with
best practices. Retrieved from
https://searchsecurity.techtarget.com/definition/ransomware
Running Head: WINDOWS AND LINUX 1
WINDOWS AND LINUX 12
Project 2: Operating Systems Vulnerabilities
Aisha Tate
UMUC
August 8, 2019
Hi Aisha
I know you submitted this report before the detailed self
analysis you did last week. Please go through this checklist.
First, work through the lab results, perform the necessary
research and complete the SAR report. The PowerPoint
presentation is the last item to be completed. Review this
checklist and let me know if you have any questions before you
start your work.
Thanks for your continued efforts.
Dr K
Student Name: Aisha Tate
Date:6-Sep-2019
19. This form provides the same classroom instructions in a
checklist form to help students and professors quickly evaluate
a submission
Project 2: Requires the Following THREE Pieces
Areas to Improve
1. Security Assessment Report (including relevant findings from
Lab)
Revise
2. Non-Technical Presentation Slides (Narration Not Needed)
Revise
3. Lab Experience Report with Screenshots
Revise
1. Security Assessment Report
Defining the OS
Brief explanation of operating systems (OS) fundamentals and
information systems architectures.
Meets expectations
1. Explain the user's role in an OS.
????
2. Explain the differences between kernel applications of the OS
and the applications installed by an organization or user.
Does not meet expectation
20. 3. Describe the embedded OS.
More details needed
4. Describe how operating systems fit in the overall information
systems architecture, of which cloud computing is an emerging,
distributed computing network architecture.
More details needed
Include a brief definition of operating systems and information
systems in your SAR.
Other outstanding information
Need to find better references/ more details – use tables or
graphs
OS Vulnerabilities
1. Explain Windows vulnerabilities and Linux vulnerabilities.
???
2. Explain the Mac OS vulnerabilities, and vulnerabilities of
mobile devices.
Research needed
3. Explain the motives and methods for intrusion of MS and
Linux operating systems.
????
4. Explain the types of security management technologies such
as intrusion detection and intrusion prevention systems.
5. Describe how and why different corporate and government
21. systems are targets.
Does not meet requirements
6. Describe different types of intrusions such as SQL PL/SQL,
XML, and other injections
Preparing for the Vulnerability Scan
1. Include a description of the methodology you proposed to
assess the vulnerabilities of the operating systems.
Please review project instructionss
2. Provide an explanation and reasoning of how the
methodology you propose, will determine the existence of those
vulnerabilities in the organization’s OS.
3. Include a description of the applicable tools to be used,
limitations, and analysis.
4. Provide an explanation and reasoning of how the applicable
tools you propose will determine the existence of those
vulnerabilities in the organization’s OS.
5. In your report, discuss the strength of passwords
5a. any Internet Information Services'
5b. administrative vulnerabilities,
22. 5c. SQL server administrative vulnerabilities,
5d. Other security updates and
5e. Management of patches, as they relate to OS vulnerabilities.
Vulnerability Assessment Tools for OS and Applications (Lab)
Use the tools' built-in checks to complete the following for
Windows OS (e.g., using Microsoft Baseline Security Analyzer,
MBSA):
1. Determine if Windows administrative vulnerabilities are
present.
2. Determine if weak passwords are being used on Windows
accounts.
3. Report which security updates are required on each
individual system.
4. You noticed that the tool you used for Windows OS (i.e.,
MBSA) provides dynamic assessment of missing security
updates. MBSA provides dynamic assessment of missing
security updates. Scan one or more computers by domain, IP
address range, or other grouping.
23. 5. Once complete, provide a detailed report and
recommendations on how to make your system a more secure
working environment. In this case, a tool such as MBSA will
create and store individual XML security reports for each
computer scanned and will display the reports in the graphical
user interface in HTML.
Please review and share observations in Lab report – Results
and recommendations in SAR
Utilize the OpenVAS tool to complete the following:
See note above
1. Determine if Linux vulnerabilities are present.
2. Determine if weak passwords are being used on Linux
systems.
3. Determine which security updates are required for the Linux
systems.
4.You noticed that the tool you used for Linux OS (i.e.,
OpenVAS) provides dynamic assessment of missing security
updates. MBSA provides dynamic assessment of missing
security updates. Scan one or more computers by domain, IP
address range, or other grouping.
5.Once complete, provide a detailed report and
recommendations on how to make your system a more secure
working environment
24. 3. Presentation Slides
Title Slide
Use of Readable Fonts and Color
Meets requirements
Summarizes Findings and Recommendations at High Level
Update based on your revised SAR report
Summarizes Findings and Recommendations at High Level
Update based on your revised SAR report
Presentation Slides Feedback
4. Lab Experience Report
Summarizes the Lab Experience and Findings
Use a table to summarize key findings
Responds to the Questions
Does not meet requirements
Provides Screenshots of Key Results
Meets requirements
Lab Experience Report Feedback
25. Operating Systems
An operating system is a collection of software that manages
computer hardware resources and provides standard services for
computer programs. Operating systems are the essential
software that runs on computers. They manage the computer's
memory and processes as well as all the software and hardware
activities. It is the OS that allows communication with the
network without knowing how to speak the computer language.
An operating system must be able to manage system resources,
and these include CPU scheduling, Process management,
Memory management, Input/output device management, Storage
device management (hard disks, CD/DVD drives, etc.), File
System Management (Silberschatz, Gagne & Galvin, 2018).
Examples of operating systems include Windows OS, which is
the most widely used over 90% of the world's computer
systems. Another category of the operating system is the Mac
OS X, an operating system used for Macintosh computers such
as the Mac Book Pro laptop series. Although IBM PCs, which
are Windows and Mac Computers, are not directly compatible,
it’s possible to use virtualization t run one operating system on
an incompatible computer. UNIX is a command-line interface
OS developed for large machines and networks. Notably, Linux,
last generation of UNIX, is a free, open-source operating system
that most computers support (Silberschatz, Gagne & Galvin,
2018).
Lastly, most electronic devices use an operating system to
manage their physical components and enhance the development
of applications for use in such instruments. An embedded
(particular purpose) operating system is one that is correctly
configured for a specific operating system. Implicitly, the
26. operating systems are designed for specific tasks, and they
perform them efficiently. Embedded operating systems are also
called real-time operating system (RTOS). Examples of the
specific-purpose operating system include Apple iOS, Google
Android, Symbian, Blackberry, Palm, and Windows Mobile
operating systems used for personal digital assistants (PDAs)
and mobile phones.
Applications are types of software's that help a computer user to
perform specific tasks. Applications designed for desktops or
laptops are called desktop applications, while those designed for
mobile devices are called mobile apps (Silberschatz, Gagne &
Galvin, 2018). When a user opens an app, it runs inside the
operating system until it is closed. Often, a user runs more than
a single app, which is commonly known as multitasking.
Kernel refers to the core part in the operating system which
manages system resources. Notably, kernel acts as the bridge
between the application and hardware of the computer.
Therefore, kernel applications of the OS are applications that
relate to the management of the system resources and computer
hardware. On the other hand, user applications are applications
that the user (either organizations or individual) installs for
specific purposes (Silberschatz, Gagne & Galvin, 2018). For
instance, user applications include word processors, database
programs, web browsers, and communications platforms.
Lastly, information system refers to the software that helps
organize and analyze data. The fundamental purpose of the
information system is to convert raw data into useful
information for enhanced decision making in the organization.
The four major types of information systems are transaction
processing system (TPS), decision support system (DSS),
management information system (MIS), and executive support
system (ESS) (Silberschatz, Gagne & Galvin, 2018).
Cloud computing has changed how the MIS services providers
and their employees conduct business activities. Cloud
computing refers to the practice of using networks of remote
servers hosted on the internet to store, manage, and process data
27. into useful information for optimal decision making. Notably, a
cloud operating system manages the operation, execution, and
processes of virtual machines, servers, and infrastructures as
well as backend software and hardware resources. Implicitly, a
cloud operating system is used to enhance information systems
agility in an organization and eradicate the need for local
servers and personal computers.
Vulnerabilities and intrusions
Windows Vulnerabilities
Blue Keep is a vulnerability that exists in various versions of
Windows Operating system, including both the 32-bit and 64-bit
versions and service packs. The versions include Windows
2000, Windows Vista, Windows XP, Windows 7, Windows
Server 2003, Windows Server 2003 R2, Windows Server 2008,
and Windows Server 2008 R2 (Jajodia, 2010).
Blue Keep exists within the Remote Desktop Protocol (RDP) in
the above versions of Ms. Windows's operating systems.
Attackers can exploit BlueKeep to perform remote code
execution on any system that is not protected. This can happen
when the attacker sends specially crafted packets to one of the
Operating System that has RDP enabled within it. Some of the
activities that attacker may perform are adding accounts with
full user rights; viewing, changing, and deleting data, and
installing programs. The Cybersecurity and Infrastructure
Security Agency encourage users and administrators to review
security guidelines and install available measures as soon as
possible (Jajodia, 2010).????? Additional research/Information?
Linux Vulnerabilities
One of the most common vulnerability is CVE-2017-18017,
Linux Kernel Netfilter: xt_TCPMSS,which sits on the Linux
kernel and helps filter network communication by defining the
maximum segment size that permits TCP headers. When an
attacker exploits this vulnerability, they send communications
floods and throw the system offline in denial of service attack.
28. Another vulnerability is CVE-2017-18202, which lies in the
mm/oom_kill.c file. This file is useful in killing a process when
memory is low. Vulnerability versions of the file can lead to
mishandling of operations as well as opening doors for denial of
service (DoS) attacks.
(Just two vulnerabilities? Please research this topic)
Mac OS and Mobile Device Vulnerabilities
First, Denial of Service (DoS) vulnerability exists within the
Apple or Android operating systems. The underlying purpose of
this attack is to make software resources unavailable for the
tasks it has been designed. DoS vulnerabilities are highest in
iOS than in Android operating systems. (Jajodia, 2010)
Secondly, a bypass something vulnerability makes a given
mobile device vulnerable to a third party evading protection
layer established by the user or the administrator. Both Apple
and Android are focused on limiting the vulnerabilities that
allow hackers to bypass the security process (breach security
protocol) (Jajodia, 2010).????
Furthermore, code execution is a type of security flaw which
allows hackers to bypass authentication and run any code. It can
be triggered remotely and can be used in various scenarios.
Consequently, the attack can happen without the knowledge of
the user.
Data theft is another vulnerability of Mac OS and Mobile
devices. Recently, the security firm. F-Secure unveiled
dangerous firmware exploit that affected almost all Mac and
Windows devices. This vulnerability could lead to data theft,
and even left Macs with FileVault turned on susceptible
(Jajodia, 2010).
Lastly, memory corruption vulnerability is a programming error
in the operating system, which makes the memory of the device
susceptible to hacker's exploitation. The weakness lies in the
memory location of the invention. An attack occurs when the
code is modified, violating the safety of the information stored
in the memory (Jajodia, 2010).
Microsoft and Linus OS intrusion
29. Intrusion, by definition, is to comprise an operating system by
breaching the security of such system. The act of intruding or
slightly gaining unauthorized access to the OS leaves traces that
can be detected by the intrusion detection system. Intruders use
various methods to gain access to operating systems by
breaching security. One of them is physically breaking through
and robbing away the operating systems from the owner.
Physical intrusion is frequent when the OS is installed in a
device that can easily be stolen (Munson & Elbaum, 2004).????
Asymmetric routing is another method of intruding the
operating system. The attackers utilize more than a single route
to the target device consisting of the desired OS. The idea of
this method is to have an overall attack evade detection by
bypassing specific security codes. Any OS devices that are not
set up for asymmetric routing are impervious to this kind of
intrusion.
Additionally, buffer overflow attack is an approach which
overwrites specific sections of memory and replaces standard
data with commands which, when executed attacks the operating
system. In other words, it's "a popular class of attacks
strategically overburdens that buffer, so the data "overflows"
into other parts of the memory" (Newman, 2019). Often, the
goal for this intrusion is to initiate a denial of service (DoS)
situation. Although, averting an overflow may sound simple, the
practice itself has proven to be a daunting task to achieve,
hence the continuous appearance of the buffer overflow attacks.
This problem recurs due to there being no generic mechanism in
use across languages in use what can perfectly specify such
capacity (Piromsopa & Enbody, 2011)????
Security awareness technologies and system attack targets????
What does this graphic mean?
The intrusion detection system ranges from antivirus to
hierarchical models which checks the traffic of the network.
This can be best described as a network intrusion detection
systems and host-based detection systems. The system is critical
30. as it helps in the analysis of the traffic that enters the market.
The IDS is classified as signature-based and anomaly-based
detection. A section of the intrusion detection system can detect
intrusions (Wilson & Hash, 2003).
The intrusion prevention system is a network to prevention
technology that determines the traffic, detects and prevents
vulnerability issues. The exploits come in the form of uncertain
applications that are objective to attackers and use it to
punctuate or acquire control of a device. When the exploit has
been successful, the attacker can disable the target application
or can obtain potential access to the rights of the target
applications (Munson & Elbaum, 2004).
Corporate and government systems are the one that faces
significant threats (Baccass et al., 2011). This can be attributed
to their notable high level of information that is of interest to
several people, notably politicians, rival companies, countries,
and groups. Additionally, this information is of high value, and
when they are sold to interested parties, they can fetch high
levels of income.
Types of Intrusions
An SQL injection is an explosion where the attacker can include
the SQL code to the Webform input to acquire access to the
resources. It is linked to an attack where the end-user enters a
system and places special characters and used to corrupt data.
XML injection is an attack that is applied to control or harm the
logic XML application. The infusion can undertake alteration of
logic. It can lead to the placing of harmful content. The SMTP
injection attacks the mail server in a way that would be made
possible without the use of the internet (Munson & Elbaum,
2004).
Vulnerability Results
The following vulnerabilities were identified during the lab:
· There are several Windows administrative vulnerabilities on
the host scanned.
· The following administrative vulnerabilities were found:
· Developer tools, runtimes, and redistributables are missing
31. security updates
· There were multiple Linux vulnerabilities detected
· Weak encryption and ciphers
· Accounts have passwords with no expiration
· Accounts have blank or weak passwords
· Multiple administrators on a computer
Vulnerability Scanning and Security Assessment Report
Considering the organization utilizes several advanced
technological systems, the majority of the security processes
and strategies can't guarantee that the system is protected from
attack. However, the routers help secure the gateway to the
internet while firewalls secure the network. This is dependent
on the abilities of the staff, the ability to patch as well as
keeping vigilance on the web. Notable from the company
systems, the networks are not well protected from risks that may
arise????. This can be attributed to poor security and inadequate
data protection from the third party. The passwords used are
weak and irregular system updates. The Linux OS was not found
to comprise of any dangers when it came to the virus. However,
there is a need to consider reliable password protection against
the third party.
The Microsoft Baseline Security Analyzer can scan several
computer software. This is effective because it saves time.
Those that have a green check are stated to be secure. It is also
a useful security feature in that it makes sure that the IE and IIS
server is set in the best way. The system is easy to run and
offers stable security features. It is the best way to keep
Microsoft windows features updated. Its essential asset is the
capacity to go above the OS to ferret gaps in several
applications. The OpenVas is the mode of analysis of several
services and tools by giving information on the level of
vulnerability (Baccass et al., 2011). Similar to the MBSA, it is a
system that is easy and reliable for the users.
MBSA is the best tool for system analysis and threat detection
(Wilson & Hash, 2003). The system, though with notable
challenges, has proved to be effective. It allows frequent
32. security updates as well as focusing on several machines at a go
hence saving time. Notably, risks, as noted from the paper, arise
from inferior password protection methods, unlimited access to
sensitive data in the company, and failing to update system
security mechanisms. This can be resolved by keeping the
systems up to date, restricting access to sensitive data, and use
of strong passwords as well as the use of antivirus. Eventually,
it will help in managing the threats in the company.
Operating systems are the center and nerve system of which
businesses and applications process run off. The role that
operating systems take on is to control hardware resources
within a computer system and are vulnerable to attacks in which
there is missing improper security controls and user account
controls. Due to the popularity of the Windows operating
system, it is the most susceptible to attacks in business and
home users. The vulnerability scans are only one way of
reducing attacks on a system, and vulnerability assessments
require discovery, planning an attack, and reporting to mitigate
risk. By utilizing free tools such as Microsoft Baseline Security
Analyzer and Open VAS, such vulnerabilities can be identified
early on, and remediation can take place.
(Table of key observations, analysis and recommendations?)
References
Baccass, P. et al. (2011). OS X Exploits and Defense: Own
it...Just like Windows or Linux! New York: Syngress.
Jajodia, S., (2010). Cyber Situational Awareness Issues and
Research (pp. 139-154). Springer, Boston, MA.
Munson, J. C., & Elbaum, S. G. (2004). U.S. Patent No.
6,681,331. Washington, DC: U.S. Patent and Trademark Office.
Newman, L. H. (2019, May 14). How Hackers Broke WhatsApp
With Just a Phone Call. Retrieved from
33. https://www.wired.com/story/whatsapp-hack-phone-call-voip-
buffer-overflow/
Piromsopa, K., & Enbody, R. J. (2011). Survey of Protections
from Buffer-Overflow Attacks. Engineering Journal, 15(2), 31–
52. doi: 10.4186/ej.2011.15.2.31
Silberschatz, A., Gagne, G., & Galvin, P. B. (2018). Operating
system concepts. Wiley.
Wilson, M., & Hash, J. (2003). Building an information
technology security awareness and training program. NIST
Special publication, 800(50), 1-39.
Running head: SECURITY ANALYSIS REPORT 1
SECURITY ANALYSIS REPORT 13
Project 3: Security Analysis Report on Factors that are Likely to
Affect Ombank’s Organizational Information Systems
Infrastructure
Aisha Tate
UMUC
August 26, 2019
Aisha
2nd Submission – Does not meet requirements – one more
submission allowed. Please review the checklist and review
both submissions. Read the project requirements and share an
34. action plan before you work and submit the last revision.
Thanks for your continued efforts. Here is what you have done
well
· You have focused on an organization and you have tried to
apply the knowledge, skills and abilities you have gained
· You have continued to improve your research skills.
· You have done a good job with your APA formatting Skills
I feel that you did not go through this checklist below. Avoid
using generic graphics from literature especially if they are not
directly pertinent to the discussion. You did a good job with
RAR report. You put much effort with your lab. Leverage
Project 2 and Project 3 lab information in this SAR report.
Please work on the quality of your references – especially in
your RAR and SAR report
Dr K
Student Name: Aisha Tate
Date:6-Sep-2019
This form provides the same classroom instructions in a
checklist form to help students and professors quickly evaluate
a submission
Project 3: Requires the Following THREE Pieces
Areas to Improve
1. Security Assessment Report (including relevant findings from
Lab)
See detailed comments below
2. Risk Assessment Report
Meets Requirements – revise
When you update SAR
35. 3. Lab Experience Report with Screenshots
Continue to improve
Revise and connect with SAR
1. Security Assessment Report
Enterprise Network Diagram
You will propose a local area network (LAN) and
Please research organizations
For network information s
a wide area network (WAN)
define the systems environment,
Meets expectations
incorporate this information in a network diagram.
Discuss the security benefits of your chosen network design.
Needs improvement
Threats
Define threat intelligence and explain what kind of threat
intelligence is known about the OPM breach.
Please find papers and share
Common organizational challenges
differentiate between the external threats to the system and the
insider threats.
?????
entify where these threats can occur in the previously created
diagrams.
Relate the OPM threat intelligence to your organization. How
likely is it that a similar attack will occur at your organization?
Good effort
Identifying Security Issues
Provide an analysis of the strength of passwords used by the
36. employees in your organization.
Tie in lab results
Are weak passwords a security issue for your organization?
????
Firewalls and Encryption
Determine the role of firewalls and encryption, and auditing
???
RDBMS that could assist in protecting information and
monitoring the confidentiality, integrity, and availability of the
information in the information systems.
Research and share
Threat Identification
Identify the potential hacking actors of these threat attacks on
vulnerabilities in networks and information systems and the
types of remediation and mitigation techniques available in your
industry, and for your organization.
Any research?
Identify the purpose and function of firewalls for organization
network systems, and how they address the threats and
vulnerabilities you have identified.
Update
Also discuss the value of using access control, database
transaction and firewall log files.
Meets expectations
Identify the purpose and function of encryption, as it relates to
files and databases and other information assets on the
organization's networks.
No mention of encryption
2. Risk Assessment Report
Risk and Remediation
Please use more peer-reviewed and scho
And scholarly references in your
RAR
37. What is the risk and what is the remediation?
Good overview
What is the security exploitation?
Meets expectations
Revise after SAR report is done
3. Lab Experience Report
Summarizes the Lab Experience and Findings
Continue to improve
Responds to the Questions
Tie lab observations to
SAR report
Provides Screenshots of Key Results
Yes
Lab Experience Report Feedback
Table of Contents
Introduction 3
Purpose 3
Organization 4
Scope 5
Methodology 6
Data 8
Results 10
Findings 12
References 13
Introduction
Organizational information is the key to success in modern
business environments. In this project, Ombank – a hypothetical
financial organization has been used to demonstrate key
security issues likely to face organizations, as well as the
preparation of a security assessment report. Ombank is a
financial services organization offering financial support to
38. customers through online assistance and physical consultancy.
The organization is tasked with managing financial resources
for customers who in turn pay for these services. For instance,
customers who seek to find out how feasible their business
ideas are for start-ups, they provide this information to
Ombank, who are going to recommend the best course of action
to take as far as investments, capital, and expenditure are
concerned.
On-site financial consultants provide services to customers who
chose to physically acquire help or services from the
organization. An online helper service facilitates remote
consultancy for customers who need assistance but they are
physically constrained. The customers who prefer online access
are presented by a means of inputting their financial
information, which may be in form of assets or personal
finances. In this Security Analysis Document, we will be
finding out the crucial security risks and vulnerabilities in the
OmBank Organization.Purpose
The purpose of this Security Assessment Analysis is to come up
with possible security concerns for the organization as well as
outlining possible threats to Ombank’s organizational
infrastructure as far as information systems are concerned.
Various I.T infrastructure will be assessed, outlining threats, to
the organizational network, underlying security issues and
overall enterprise threats. Information security is crucial to an
organization’s business viability in accordance with its
predefined goals (Bishop, 2003). Therefore, in this report, the
factors which are likely to undermine the overall business
viability and stability of the organization will be described and
the possible factors which may lead to this unpleasant situation
assessed. Organization
Ombank, is structured in a way that every department is
connected to a local area network. This infrastructure is meant
to offer seamless management policies which improves the
39. overall business organization, whilst providing a framework for
customer and employee interaction with the information
systems’ infrastructure. The local area network is connected to
the internet through one router and three access points. The
company makes use of technologies such as cloud computing.
This means that the organization makes use of an online cloud
database as opposed to local storage . Customer information is
processed either locally or remotely. The following is a visual
representation of the network architecture (???? Connect with
literature for similar real-life organization)
Ombank’s network is connected in the form of local and wide
area networks. The local area network provides access to the
organizational resources such as servers – which may be
application or network servers, and, at the same time providing
a framework for information sharing, data management, and
traffic congestion management (Fowler et al., 1991).
The organizational architecture is shown below:
Scope
The analysis covers assessment of the infrastructure in the
[company] organization. I.T infrastructure to be checked for
security assessment include: 1) the enterprise network layout or
infrastructure. Several concepts of networking have been
applied in the organizational infrastructure. Issues arising from
platform usage, cloud computing, centralized and distributed
computing as well as programming designs used are
investigated to find flaws, irregularities and vulnerabilities
which may be costly if manipulated. ????
Networking hardware also needs to be subjected to security
tests to affirm that there are no inconsistencies, leakages in
hardware functionality. Network hardware tested include
routers, switches and firewalls. Hardware in network
configurations is often manipulated to gain unauthorized entry
into organizational networks, which may prove costly in terms
40. of financial losses and data breaches which may affect an
organization’s reputation as well as business credibility (Hoo,
2000). To make sure that these factors are not manipulated,
Ombank requires a full hardware audit and assessment to
exhaustively analyze risks attached to all network hardware.
Moreover, human organization in the organization???? also
needs to be carefully scrutinized to ensure consistency, security
and access in a manner that does not compromise the
information security or pose a threat to the organization.
Nonetheless, organizational policies are also scrutinized to
ensure that no loopholes can be present which may be
manipulated by attacks to compromise data security.
Software applications making use of organizational information
such as databases and network communication too needed to be
probed for loopholes and vulnerabilities. Ernest and Lin (2007)
clearly illustrate that employee behavior is a factor that
mandates for enactment and implementation of organizational
control policies in an aim to protect information systems.
Methodology
Analysis was conducted over a period of six months. The
investigation was conducted on governance policies, human
resource and computer infrastructure. Physical security of
computer components and overall organizational structure was
handled first. This was to ensure that compromise to the
information system infrastructure would not come from physical
external contact, or, unauthorized internal contact (What
standards are appropriate?). This also curbs the problem of
vandalism or breakage.
When physical security is out of question, analysis was done on
authorization access. ????Maintaining the property of physical
security, the organization access policies to hardware was also
scrutinized. This means that only users with particular levels of
access privileges would access to certain components. For
instance, access to network servers and application servers in
the distributed computing environment needs to be restricted
only to the respective administrators. The level of privileges
41. among all employees was recommended ascertaining that
databases and applications would not be subject to any
manipulation by unauthorized personnel. Moreover, this would
help delegate responsibility to specific people who would
answerable in case of incidents. (Very vague – find case studies
/ scholarly reports for classification of data/access)
Network hardware under investigation was also identified, each
component being give emphasis as a vulnerability would mean a
loophole with heavy risks. The organization uses local area
networks in wireless and wired forms. Both of these
technologies are however connected to similar access points.
The wireless local area network needed to be protected using
the WPA or WPA2 encryption methods. These forms of
password protection are hard to crack or hack as opposed to
WEP encryption. Wi-Fi access points with WEP encryption
were noted down for replacement. The wired network is
connected to the routers through wired access points. These are
in form of switches and hubs. The wired network is made
possible through the use of Ethernet cables, connected to
switches and access points.
Due to the increasingly large size of Ombank’s organizational
layout, local area network access points are heavily distributed
across the organizational premises. During the assessment, it
was crucial to establish whether the Ethernet access is protected
against unauthorized access too, and the level of privileges set
for computers connected to the Ethernet.
Ombanks’s network still makes use of hubs despite being a little
overtaken by time. Hubs do not allow control of traffic as
opposed to switches. These components are becoming obsolete
since one cannot control information being transferred within
the organization. Therefore, employees with malicious
intentions may use this loophole to transmit uncensored
information outside the organization. Marianov et al., (1999)
claim that the use of toxic hubs???? may prompt computer users
into network manipulation to share malicious information due to
lack of network monitoring capabilities. (Please find more
42. recent papers on network security)
Moreover, the organization makes use of cloud computing. This
means that organizational information is stored in databases
provided by cloud computing service providers as opposed to
local storage. As much as this technology offers security due to
non-interference, study needed to be conducted to ensure how
information is transmitted, whether there is a possibility for
database manipulation by different employee levels.
Programming designs used for software around the organization
also needed inspection to ascertain security of applications and
bugs which may lead to inconsistencies. Object-oriented
approaches are best suitable for security designs due to factors
such as data encapsulation, inheritance and abstraction. Object
oriented designs therefore are important because they are easier
to debug and troubleshoot problems.Data
Data is crucial in a security analysis situation as it helps define
the areas which are susceptible to compromise, and makes
troubleshooting easier. This information provides an overview
of the current organization in question and flaws in any parts of
the data may lead to threats to information security. Data
collected for this assessment was in the following form.
1. I.T Infrastructure information
I. Networks
Network components such as routers, switches and firewalls.
II. Application software
Details about the software used by the organization, including
programming principles used.???? Do you mean secure coding
practices?
III. Database
Information about the organizational database, local and cloud-
based.
IV. Application servers
This information pertains the location of servers, authorized
personnel who access and the security protocols employed.
2. User Information in the organization
I. Authentication policies
43. Information about password policies, level of authentication and
password management. What are the differences between
Authentication, Authorization and Accounting? Why are these
three important to this organization?
II. Employee information.
Details about all employees in the organization, including
names, salaries and disciplinary reports.
III. Personal identifiable information.
This is information about all people related with the
organization, clients, managers or general employees. This
information includes Identification numbers, phone numbers,
and addresses.
3. Physical layout information
I. Physical security information.
These are all the details pertaining physical security including
number of security personnel, locks and gate passes.
II. Disaster precaution information????.
This includes information relating to how the security is
prepared against calamities such as fires. This includes fire
extinguishers and smoke detection information.
Results
Major threats to the organizational information system was
realized in transaction handling and overall management.
Threats arising from poor infrastructural organizations were
also indicated.
These threats are categorized according to the type; those that
may arise from organizational personnel and those that could be
manipulated by external attackers with malicious intents.
Scenarios of the findings are indicated as follows:
Lack of proper physical security. The organization has
employed security guards for physical security. However, the
infrastructural components could still be accessed by a majority
of employees, including those without proper authorization.
Server rooms need enhanced protection.
Organizational policies not exhaustive. Access Control Polices
(ACP) are not clearly defined and enacted. Majority of the users
44. use the shared network. However, there are not clearly defined
laws (do you mean policies and procedures?) restricting network
usage access. Access to administrative privileges have been
realized amongst standard users. This is dangerous as it could
easily provoke employees with more knowledge of information
technology systems to manipulate the systems to gain access to
sensitive information. Incident reporting mechanisms in the
organization have also been undermined. Working in such an
organization requires a fast means of giving feedback to the
responsible personnel of even the slightest malfunction in the
computer systems. With this kind of feedback, system
administrators can troubleshoot problems even when they are
far-coming. ????
Furthermore, with the organization access to the internet, it is
easy for employees to take work home, and submit it remotely
to the servers. The Remote Access Policy has not been clearly
defined. This policy requires an organization to set acceptable
standards for connecting to an organization’s network remotely.
The communication policy is partially defined. While it is clear
to employees about the implications of sharing company
sensitive information with outside parties, rules governing the
use of corporate communication services have not been set. An
instance was realized when an employee received an email,
through the corporate means, from an unknown source and still
accessed it from their workstations. Attackers normally use
unsuspecting employees to spread viruses, backdoors and
Trojans through such means.
Use of outdated technologies. Technology, be it hardware or
software becomes obsolete when issues arise pertaining their
usage and security. It was therefore horrifying to find out that
the company still uses outdated technologies such as hubs for
local area connections. Use of hubs poses serious challenges to
administrators as there is no possible way of monitoring or
filtering information being relayed around the organization and
the outside world. Furthermore, some Wi-Fi access points were
found to be using the obsolete WEP encryption method. The
45. WEP encryption method poses serious dangers of unauthorized
access given how easy it is to crack passwords encrypted with
this technology.
No tie-in with the lab report – Project 2, Project 3 Lab
work?Findings
Threats to overall security were categorized according to the
nature and the impact that would be realized in case of
employment of the vulnerabilities. These included natural
threats, human threats, environmental factors, and threats to
physical security. Natural threats arise due to unintended
environmental factors in the organizational structure. These
may include fire and water damage. An assessment of the
organization showed that the premises is well equipped to
handle such conditions. Fires started intentionally or
unintentionally pose a risk to damage of equipment resulting in
loss of information and cost inflation to the organization.
Human threats in the organization include espionage and
sabotage. The organization hosts a minimum of 200
employees.??? Should be at the start of the report?
Discontentment, dissatisfaction and feuds with management
may pose a risk of sabotage where disgruntled employees may
result in causing intentional damage or compromising
organizational information (Shaw et al., 1998). Human threats
furthermore include vandalism, theft hacking and social
engineering. It was identified that the organization’s employees
are not competent with social engineering schemes. These
include malicious emails which may be used to capture personal
information by hackers. Moreover, organizational data integrity
is prone to being compromised attributing to the fact that
employees have a tendency of taking work away from the
office.
Environmental and physical threats identified include program
errors, unauthorized entry and power outages. The organization
lacks infrastructural uninterrupted power supply systems.
Instead, these devices are located for majority of the
46. workstations. This however does not rule out the fact that short-
life UPSs are susceptible to malfunction or failure if power
outages prolong for long periods of time.
References
Bishop, M. (2003). What is computer security?. IEEE Security
& Privacy, 1(1), 67-69.
Fowler, H. J., Leland, W. E., & Bellcore, B. (1991). Local area
network traffic characteristics, with implications for broadband
network congestion management. IEEE Journal on Selected
Areas in Communications, 9(7), 1139-1149.
Hoo, K. J. S. (2000). How much is enough? A risk management
approach to computer security. Stanford: Stanford University.
Ernest Chang, S., & Lin, C. S. (2007). Exploring organizational
culture for information security management. Industrial
Management & Data Systems, 107(3), 438-458.
Marianov, V., Serra, D., & ReVelle, C. (1999). Location of hubs
in a competitive environment. European Journal of Operational
Research, 114(2), 363-371.
Shaw, E. D., Ruby, K. G., & Post, J. M. (1998). The insider
threat to information systems. Security Awareness
Bulletin, 2(98), 1-10.
Cloud ServicesInternetApplication
serverWorkstationWorkstationWorkstation
Cloud Services
Internet
Application server
Ethernet
Workstation
Workstation
Workstation
HubWireless Access PointWireless Access pointSwitchWork
47. StationWork StationWork StationWork StationWork
StationWork StationPDA/SmartphonesServerFirewallRouter
Hub
Wireless Access Point
Wireless Access point
Switch
Work Station
Work Station
Work Station
Work Station
Work Station
Work Station
PDA/Smartphones
Server
Firewall
Router
Running head: Cryptography 1
Cryptography
6
48. Cryptography
Aisha Tate
UMUC
August 29, 2019
Hi Aisha
You are heading in the right direction. You need to have
specific details correct. Please use this guide and use
scholarly/peer-reviewed articles. You appear to have just
googled the information. Here is the checklist. Create
appropriate tables and use the correct sources. Please see my
notes below.
Best wishes,
Dr K
Student Name: Aisha Tate
Date: 7-Sep-2019
This form provides the same classroom instructions in a
checklist form to help students and professors quickly evaluate
a submission
Project 5: Requires the Following TWO Pieces
Areas to Improve
1. Paper
2. Lab Experience Report with Screenshots
1. Paper
IT Systems Architecture
You will provide this information in tabular format and call it
the Network Security and Vulnerability Threat Table
49. security architecture of the organization
the cryptographic means of protecting the assets of the
organization
the types of known attacks against those types of protections
means to ward off the attacks
Include and define the following components of security in the
architecture of your organization, and explain if threats to these
components are likely, or unlikely:
LAN security
identity management
physical security
personal security
availability
privacy
Then list the security defenses you employ in your organization
to mitigate these types of attacks.
Plan of Protection
Learn more about the transmission of files that do not seem
suspicious but that actually have embedded malicious payload,
undetectable to human hearing or vision. This type of threat can
enter your organization’s networks and databases undetected
through the use of steganography or data hiding. You should
50. include this type of threat vector to an organization in your
report to leadership.
Provide the leadership of your organization with your plan for
protecting identity, access, authorization and nonrepudiation of
information transmission, storage, and usage
Data Hiding Technologies
describe to your organization the various cryptographic means
of protecting its assets. descriptions will be included in the
network security vulnerability and threat table for leadership
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
4. Block ciphers
5. triple DES
6. RSA
7. Advanced Encryption Standard (AES)
8. Symmetric encryption
9. Text block coding
Data Hiding Technologies
1. Information hiding and steganography
51. 2. Digital watermarking
3. Masks and filtering
Network Security Vulnerability and Threat Table
Describe the various cryptographic means of protecting its
assets. descriptions will be included in the network security
vulnerability and threat table for leadership
Encryption Technologies
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
Access Control Based on Smart Card Strategies
Describe how identity management would be a part of your
overall security program and your CAC deployment plan:
2. Lab Experience Report
Summarizes the Lab Experience and Findings
See note below*
Responds to the Questions
Provides Screenshots of Key Results
Yes
Lab Experience Report Feedback
· I am puzzled that your payload changed the size of the image
file. You just added a text file? Right? You do not have to
52. resubmit your Lab file.
Cryptography
Introduction
This is a security assessment report on cyber security threats
against varying cryptographic mechanisms and set out control
access programs to try to stop/inhibit such security threats for a
property management firm. Within the report, there will be an
overview of the property management firm’s network.
Moreover, I will try to establish the different potential threats
that he company faces. The report will also feature the property
management needs to consider installation of stored information
protection features as well as control to access of its employees.
Perhaps, the report will also explain the enrolment of CAC
(Control Access Cards) for authentication purposes. Then lastly,
the report will cover email security and encryption types that
can be used to aid in email security.
It system architecture
A distributed system is the network system used within our
company’s offices. The constituents of this system includes;
WLAN, LAN and a WAN. The office’s LAN is made up of a
computer network. LAN mainly used for one purpose within the
office: sharing of resources which includes printers and data
storage infrastructures. The connection is wired. Besides being
fast, it is also characterised for enhancing security. The
function of WAN is interconnection of the LAN in offices of the
entire firm. The primary advantage of this system is that the
firm’s agents and employees can work from different
workstations yet have the access to the company’s resources
(Rouse, 2017). The LAN also is also connected to the internet
through a firewall. All of the firm’s offices are connected to
53. WLAN. This allows the firm’s agents to connect there devices
(i.e. phones and laptops) to the company’s LAN hence access of
the internet. Through this, they are able to access to important
resources.
Lab Findings
The lab findings for project 5 involved the utilization of
cryptography; gaining experience and an understanding of
stenography and encryption/decryption. The three stenography
programs used were OpenStego, QuickStetgo and OurSecret in
addition, the two encryption/decryption programs used were
VeraCrypt and AxCrypt. The Security Manager (SM) and the
System Administrator (SA) for the system conducted research
on their own systems to determine which tools they could
recommend to the managers of the organization.
OpenStego was used to hide a secret message inside of a
picture. This allowed the SM and SA to create messages, store
the message in a text file, and lastly, text a file within the
message of an existing image. This process then granted the
message to be extracted from the picture with the payload. The
most distinguished difference between the original image (757
kb) and the image with the payload (1.59 MB), was that the
image was much larger in size with the payload.
The same technique was utilized in the hiding of a secret
message inside of an image was identified when using
QuickStego. The main contrtrast between using QuickStego and
OpenStego was that QuickStego was more of a basic tool in
terms of stenography. QuickStego didn’t grant the SM and SA
access to encrypt or decrypt the payload tex data thats hiddin in
the image. OurSecret included the same capabilities of hiding a
secret message inside of an image, just like OpenStego and
QuickStego. The most obvious distinction was that OurSecret
had the ability to encrypt files hidden in an image, as well as
assign a password that the user would need in order to extract
the hidden files. OurSecret mirrored and mimicked OpenStego
in regards that the file size would be larger if the file contained
a hidden message within an image.
54. The two encryption/decryption tools that were used during this
lab exercise were VeraCrypt and AxCrypt. While conducting the
OpenStego portion of the lab exercise, it was noted that the SM
and SA tested and used the VeraCrypt encryption/decryption
tool to encrypt directories, drives, or partitions as containers.
Later, those files could generate an encrypted file container,
encrypt a non-system partition/drive and/or encrypt the system
partition or the entire system drive. The SM and SA also used
this tool, to encrypt and decrypt files or folders. It’s noted that
AxCrypt worked as a separate program within its own window,
in addition to fully integrating into Windows Explorer.
To determine which tool would be best for the
organization, the SM and SA discusses which type of message
that needs to be sent and the purpose of the message. OpenStego
would be the best contender due to the fact that you only need
to send an encrypted message hidden inside of another message.
QuickStego would be best recommened if you only needed to
send a hidden message within an image but didn’t need to be
encrypted. If a hidden message needed to be encrypted and
password protected, then the SM and SA would recommend the
use of OurSecret. When it comes to determining which
encryption and/or decryption tool to use, the SM and SA
decides on whether or not they would use VeraCrypt or
AxCrypt. Once this happens, the SM and SA would need to
verify and confirm their decision with the Chief Information
Security Officer (CISO) to discuss the way ahead for the
organization in terms of cryptography. (See Checklist above)
Types of attacks
A cyber-attack is a deliberate use of codes to manipulate
computer systems and networks in an attempt to manipulate and
compromise the confidentially of certain information (Ledford,
2018). Perhaps there are different motivations behind every
cyber-attack. It can be political or social. The internet is the
main channel through which this happens. The targets also
varies. The activity might be targeted towards a corporate
organization, the government or an individual. The
55. cybersecurity attacks are carried out by use of malicious
programs like fake websites, viruses, unauthorized web access a
mong other means. The intention can be either for financial gain
or boosting of the ego of the perpetrator through causing harm
to the organization.
From the article, “Types of attacks”, we learn of the examples
and definition of the different types of cyberattacks.
1. Back door attack – this is a type attack where an attacker
takes advantage of the vulnerabilities and flaws of a system
though use of viruses, worms and Trojan horses to gain access
into system after which he sets up a backdoor (Oppenheimer
2010). This allows him access to important information without
the administrator realizing.
2. Denial of service. This can be abbreviated as DDoS. Denial
of service attack is carried out by numerous systems relaying
ICMP packets to a server. The objective of this attack is
preventing being to gain access to a certain site they might want
to access. This is the type of attack that is common among us as
agents of a property management firm. The main source of leads
and traffic is the website. This is where clients get to know of
our services and thereafter reach out. Therefore, sometimes the
competitors might want to deploy malicious program to deter
clients from reaching us.
3. Phishing – this is an attack where something malicious is sent
through the email. At most times, they will send out a link and
request you to click on it. Moreover, you might be requested to
download something over the net. When sending out such
emails, they will try to eliminate all sources of suspicion and
make it look genuine. Once you do that, you will have your
system infected. Just as the other types of security attacks,
phishing is also one which a property management firm is
exposed to. Our clients are the primary targets of this attack,
mostly there information on our system. Besides the threat of
our clients losing money there is also the threat of money
laundering. On top of it all, such events might lead to tarnishing
of the name of the firm leading to reduced client flow.
56. 4. Use of SQL – This is a programming language which
facilitates communication with the database. When an attacker
uses SQL, he or she will send out malicious codes which will
lead to your database giving out more information than what it
is usually meant to share (Menegaz, 2012). The attacker will do
this by taking advantage of the commonly identifies SQL
vulnerabilities. (See checklist above)
5. Cross-site scripting. This is abbreviated as XXS. This kind
of attack is targeted at vulnerable websites with weak security
systems for the purpose of attaining user credentials or other
classified information. Just as the SQL, XXS is also carried out
by use of malicious codes. In XXS, the site is not the primary
target but rather its visitors. As a property management firm,
our clients who have accounts/portals on our website are the
ones who could fall prey of such as attack. This is because on
registration with the firm, a client is required to submit
confidential information about his property and himself which
is meant to be between the firm and the client.
Security mechanisms
A security mechanism consists of policies and that are meant to
detect, inhibit or recover from a security threat posed by an
attacker. Example of security mechanism include:
1. Physical security – this is a mechanism that requires
installation of physical barriers crucial network resources. This
can includes installation and locking of doors. The advantage of
this is to prevent mishandling of equipment by new unskilled
agents or even their clients.
2. Authentication – authentication means that the information
given by a person on his or her identity is true. Users have to
undergo a three tier identification process before approval of
the authentication process. The first step involves input of
credentials by user, which are known to him or her. These
includes PINS, private key and passwords, which they
themselves created. The next is provision of a resource they are
expected to have. Provision of a genuine resource means you
pass the authentication step and vice versa. Examples of these
57. resources are security cards and security tokens. The last means
of authentication is assessment of a certain physical character
trait. A good example is ones fingerprints, voice or patterns of
the retina. A strong authentication process involves
incorporation of two or more of the three mentioned
authentication procedures. The common ones is use of
fingerprint and retina pattern identification.
3. Authorization mechanism – this involves giving the user
access to the network and whichever resource they might want
to retrieve. The administrator of the network is the person
infested with the powers to grant access to the network to only
identified workers of the property management firm. Thereafter
is when they can have access to whichever resource they were
after. The managing broker of the firm will be given access to
all information on the network. On the other hand, the agents of
the firm will only have access to shared data and
data/information that they themselves have uploaded on their
personal portals in the network.
4. Data encryption – this is formatting of information in a way
that only the intended person can decode it. This is done to
protect information from read by third parties who might use
the same information to harm the firm. Perhaps this is a
mechanism that than come in handy in our efforts to ensure
customer data security.
5. Firewalls – firewalls enhances security policies by acting as
boundaries of two networks. Use of various set of instructions is
what is used by firewalls in deciding which of the incoming
traffic will be granted access and which wouldn’t.
6. Intrusion detection system and intrusion prevention system –
these security mechanisms are used to inhibit security risks and
prevent occurrence of new ones. An IDS makes use of intrusion
alerts to sense and analyse outbound and inbound network
traffic for suspicious undertakings (Rouse, 2017). In case of
event of a suspicious activity, the IDS kicks the uses out of the
network accompanied by a notification to the security personnel
of the potential threat. The IPS is a complimentary of the IDS.
58. The IDS works by examining incoming traffic to reject harmful
requests. The IPS averts threat by uncovering malicious packets
and blocking threat carrying IPs and notifying the security
personnel of the incidence. The property management firm
needs to continue utilising both IPS and IDS in its 24/7
operations to ensure enhanced security of the network. Below is
a table showing the access points and how they can be secured.
Protection plan
Security and protection of client’s information and assets is one
of our top priorities. So far we have taken a look at the IT
systems of the architecture of the property management firm.
We have looked at the potential types of cybersecurity faced by
the firm and the various types of mechanisms that can be
deployed. The next important step is formulation of a protection
plan. A multi-tier system will be used to in the firm’s
identification process. The firm’s agents will be provided with
security cards and retina identification systems will be installed
at all major access points to the company’s network.
Alternative, one of this will be used in complementary with use
PINs. Given the fact that it’s the agents who will come up with
these passwords, they will not be expected to share them with
third parties. Moreover, the passwords/PINs will comprise of
numbers, letters, special characters and alpha-numeric to make
sure they are not easily cracked. A network password will be
assigned to the WLAN and only a given agent will be able to
access it. He will be responsible for making any necessary
changes when needed to the WLAN. A strong protection plan
will ensure that our clients and agents information and files is
protected. (please see checklist above)
Issuance of CAC will be used to control access to the firm’s
buildings. Besides strong six character digit pin, the company’s
agents will be have a badge with their picture, fingerprint, name
and the name of the firm on it. Outside the building, there will
be a door system which will require a person to provide his/her
or and the scanning of the badge. A green light will be
59. accompanied by an “access granted” feedback while a red light
will display “access denied” based on assessment of a persons’
credentials. All agents will submit their schedules to the
security specialists to be programmed in the system to ensure
security. For example a person who randomly shows up in days
which he or she is not supposed to be on duty will not be
allowed entry into the firm’s premises. So all the agents will be
required to submit their schedules so that necessary adjustment
can be done to the system to grant you access into the premises.
This will be done within 48hrs. The policy will help deny
access to people who are not supposed to be there. Perhaps, this
will not only help ensure the general security of the firm but
also the company’s personal information and conversations.
Each team or group of agents will only have access to the files
which they themselves uploaded. That is, there personal files on
their private portals. The person supposed to have access to all
files is the managing broker only. This plan of protection will
be set in place to make sure confidential information of our
clients and agents does not land on a third party.
Nonrepudiation protections will be ensured by a digital
signature present on the CAC issued to all agents. CAC readers
will be installed on all desks besides the computers. This will
make sure the information sent and deleted from the network
can be traced to the originator (Lord, 2017). This will help
increase accountability. No one will deny of having done
something which compromised the security of the network and
its information because he/ she will be under watch on his or
her workdays. Therefore a person will be responsible for
anything that happens while he/she is logged in through his
card, PIN or retina recognition system.
Cryptography protection
(Symmetric Versus Asymmetric???)
describe to your organization the various cryptographic means
of protecting its assets. descriptions will be included in the
60. network security vulnerability and threat table for leadership
Encryption Technologies – Make a simple table
1. Shift / Caesar cipher
2. Polyalphabetic cipher
3. One time pad cipher/Vernam cipher/perfect cipher
4. Block ciphers
5. triple DES
6. RSA
7. Advanced Encryption Standard (AES)
8. Symmetric encryption
9. Text block coding
Data Hiding Technologies
1. Information hiding and steganography
2. Digital watermarking
3. Masks and filtering
One of the several ways of data encryption is triple DES. This
method involves application of block cipher algorithm to every
data block thrice. Each block is always characterised by 64 bits
worth of data. As the word ‘triple’ suggests, in triple DES, data
is encrypted thrice. One con is that is slow. However, on the
other hand, it is hard to break and hence more secure.
RSA is a public key encryption algorithm. It uses both the
public key and private key in its encryption process. One thing
to note is that both keys are paired. Moreover, while the public
key is distributed, while the private key isn’t. The process start
with two prime numbers, then products and finally the
exponents. Besides RSA being secure, it is also hard to crack.
On the other hand, the encryption process might be very slow
especially when encrypting large amounts of data.
Blowfish is another symmetric block cipher which makes use of
an adjustable key length ranging from 32-448 bits.it can be used
for exportable or domestic. No patent is made against it and
hence the licence is free. Of all the bock ciphers, the blowfish is
relatively fast. However, its use requires a key and management
of a key is not easy.
Twofish, just as the blowfish is block cipher algorithm
61. encryption. Its key goes up to 256 bits. Additionally, just as
blowfish, it is not patented hence availably free for use. Its pro
is that it is relatively fast as a block cipher and can be used by
bigger CPUs as well as smartcards. Because of its huge size,
slowdowns on the system are frequent.
Advanced Encryption Standard (AES) is another symmetrical
encryption algorithm. It constitutes AES 256, AES 192 and AES
128. Because of its symmetrical nature, the key used in its
encryption is supposed to be shared in order to decrypt.
Advanced encryption standard is recommended because its
secure and the fact that it uses varying key lengths in its
encryption (Lord, 2017). Its one con is that the algebraic
structure it uses is simple and the form used is uniform across
all the blocks.
I would recommend use of AES for data encryption in our
offices. I consider it secure compared to other modes of date
encryption and hence promising in terms of ensuring security
for our clients as well as the firm. Perhaps that is why the
security protocol is common. Most importantly, clients entrust
us with most confidential information. Breaking of the trust
would lead ruining of the reputation that the company has tried
so hard to uphold. Perhaps this will lead to lose of clients.
CAC Deployment Strategy
CAC is a user identification method. The CAC is basically a
card implanted with a chip containing information regarding its
owner. It has a digital signature that allows the user/owner to
decrypt and encrypt using the card keys. The CAC deployment
plan is meant to give the agents a common network access
method. The CAC will not be necessary whenever they want to
use the WLAN. A password is all they will need. The only time
the CAC will be necessary is when they want to delete or upload
to the network and when they want to access the office after
normal worktime hours. But during the day, the agents will use
the PINs and cards for access into the firm’s premises. The aim
62. of the measure is to ensure security of the clients as well as the
agents from cyberattacks.
Email security strategy
Emails and internal messaging services are the main
communication channels of the property management firm. The
agents update the clients’ information and keep track of the
clients through emails as well. Considering the number of
emails flowing through the network in a day, it makes it easier
for an attacker to find a vulnerability within the network and
gain access to important data. In an attempt to prevent this risk,
the firm has put in place policies to ensure email security.
Varying encryption technologies can be made use of in the
process but the most efficient method would be use of digital
certificates. The advantage of using digital certificates is that
they are hard to bypass. However you will not have access to
data in the event of loss of the key. As a measure to ensure to
ensure more security, the digital certificates can be incorporated
into the firm’s agent’s emails which will bring about an
automatic encryption of all the emails flowing through the
firm’s network. (Find References and specific information??)
Conclusion
We have explored the explanation and organization of the
property management firm and looked at the potential
cyberattack threats facing the firm. Moreover, I have also
looked at the various security mechanisms and policies that can
be implemented to prevent and neutralize the attacks. Given the
fact that our firm is a service delivery company, we need to
have all the security systems intact. I would urge the firm to
invest more on security in order to secure the firm’s
transactions. The investment would lead to increased
trustworthiness between us and the clients hence increased
traffic. To ensure security of emails, the company should use
CACs stepped up with digital certificates. More attention should
be given on the same considering it’s the firm’s main channel of
63. communication. All in all, strong security features will help our
clients have confidence us hence feel safe while we are
handling their property.
References – Please see our discussions about peer-reviewed
references and scholarly articles
Cisco Press. (2016, February 09). Retrieved September 9, 2018,
from
http://www.ciscopress.com/articles/article.asp?p=1626588&seq
Num=2
Ledford, Jerri (2018) What is a cyber attack and how to prevent
one? Retrieved from https://www.lifewire.com/cyber-attacks-
4147067
Lord, Nate (2017) What is a phishing attack? Defining and
identifying different types of phishing attacks. Retrieved from
https://digitalguardian.com/blog/what-phishing-attack-defining-
and-identifying-different-types-phishing-attacks
Menegaz, Gery (2012) SQL Injection Attack: What is it, and
how to prevent it. Retrieved from
https://www.zdnet.com/article/sql-injection-attack-what-is-it-
and-how-to-prevent-it/
Merriam-Webster Dictionary. (n.d.). Retrieved September 19,
2018, from https://www.merriam-
webster.com/dictionary/cyberattack
Oppenheimer, Priscilla (2010) Developing Network Security
Strategies. Retrieved from