You're building an app in Mendix and are configuring security so the user James can fully use the following page that allows customer info to be added and saved. The company markets to customers according to their main interest, so the add to interest group button executes a microflow that matches the main interest to the best marketing group. The save button saves the customer info. Cancel cancels the add operation and returns James to his home page. Assume you have already assigned the appropriate user and module roles to James. Describe the access rules you need to set up to configure security so the user James can fully use the page. New Customer Name: Address: Main interest: Add to interest group Save Cancel.

1. You've been hired as a network and information security officer for a private IT security firm
that offers private and public clients security services and expertise. You've been given the task
of providing network and information security to a company that deals with data communication
and e-commerce. Because their business is rapidly expanding, they must develop effective
network security strategies because: Security breaches can be extremely costly in terms of
business disruption and potential financial losses. Increasing amounts of sensitive data are being
exchanged over the internet or intranets that are connected to it. It was discovered that hackers
were attempting to take advantage of the company's less technical employees. As a result, the
organisation has asked you to supply a complete security solution. Available Assets: Information
assets - Databases: Contains information critical to your business. - Data files: Information stored
within file outside of a database. Software assets - Application software: Implements business
processes. - System software: Operating Systems, Mobile OS', VOIP, Firewall etc. Physical
assets - Computer equipment: Desktops, laptops, phones, servers. - Communication equipment:
PBX, POP gateway, routers, switches. - Storage media: Off/on site backup media, software
inventory, etc. - Technical equipment: UPS, server racks, wiring closet(s), etc. - Security
equipment: Firewall. Your company carried out the security risk assessment for the hazard
identification, risk analysis, and risk evaluation based on the available assets. As a result, they
identified several threats: 1) Database threats a. Credential threats b. Privilege Threats c. System
Threats i. SQL injections ii. Cloud 2) Network Security Threats a. Network Ransomware Attacks
b. Denial of Service Attacks
c. Identity Spoofing d. SSL/TLS Attacks e. Penetration Testing f. Browser Attacks Based on the
security risk assessment, your task is to create a report that includes the following information:
Purpose of the Project (Background) Based on your company's Risk assessment, justify and
answer the following questions - Explain briefly about the identified threats (any two from each
identified threats) Based on the identified threats, explain the possible consequences of failing to
manage threats. Propose
Solution
Overview of Security Mechanism Propose a solution, which employs a security mechanism
including, cryptographic algorithms, network access control and other possible security
solutions. Justify the selection of your security mechanism. Explain how the company will
maintain the security (security policies), considering the CIA triads. The company has both
software and hardware firewalls. Explain the purpose of having both firewalls. Conclusion