Essay Instructions: Request for Infoceo!!
I have a new paper requirement. It's a total of 8 pages, plus a one page
bibliography. Total 9 pages. There are several questions that I need detailed answers to the
questions Research Paper Requirement: the following questions in Part 1 and Part 2 need to be answered. The number of pages for each answer is supplied below. Request that at least 6 references be used per answer and be included as part of a Bibliography on the last page. Total pages for both questions not to include Bibliography = 8 pages, Plus a one page for the bibliography. I have included one reference for answering one of the questions.
Part I
Instruction for Part I:
1. Part 1 answers should be based on how the requirements for security is related to system security threats and vulnerabilities. Answers to the associated questions should list the kinds of security threats and vulnerabilities involved and the types of controls that may be useful to reduce those threats. Specifically, you must explain how the different types of controls you recommend can help reduce the vulnerabilities you name. You must also link threats and controls to the important goal of computer security.
2. Citations and references are required to add strength to your written opinions. Use the necessary reference sources to support your answers.
3. Follow the APA (5th edition) guidelines for in-text citations and references. Place all references in a bibliography on the last page. No Abstract required
.
4. Answer all three questions for Part I, 6 pages total (see individual questions for max number of pages per answer; total = 6 pages for all three questions); total excluding the bibliography.
The following Security incident scenario is to be used in answering all three questions:
On January 1,2008, the "Lamers", a club made up of computer hobbyists who say they experiment with computer programs for reasons of curiosity and challenge, created a new program that took advantage of a design weakness in the popular SoftMicro operating system. Their new program could arrive and install itself on (or "infect") a machine through email or through contact with other infected programs on a Web Site. The program was independent and robotic in that it contained its own email system, and each infected machine had the ability to find and communicate directly through the Internet with other infected machines. It could examine and copy or alter the contents of data base files, and quietly transmit information and selected files back to a changeable address. It could even delete all traces of itself from an infected system upon receiving a
special command through the Internet. The program pushed technical boundaries, and could possibly be used as a tool for either good or evil.
On February 2, CERT, a large security watchdog organization, monitored messages in hacker chat rooms where the Lamers were bragging about the technology in their new program. Several hacker Web sites published technical details of the source code. CERT immediately contacted the SoftMicro vendor, along with Anti- Virus product vendors to warn them about the newly discovered vulnerabilities of their widely-distributed operating system product, and the possibility of a serious new security threat.
(It is an actual accepted industry practice for CERT to not issue public security warnings until after the affected vendors first have a chance to create new software patches or new anti-virus protection signatures, and offer them to the public. The reason for this is that wide publication of the vulnerability, without first having available solutions, would increase chances for attack. Please do not comment on this CERT industry practice as part of your answer for this exam.)
On March 3, the "Lamers" club, in a press conference, announced they were forming a new security company, named "SecureThink", and planned one day to be traded on the New York Stock Exchange (under the ticker symbol"STNK"). Their program, now polished and improved, was protected by copyright and sold as a tool to help systems administrators detect security flaws in their systems. That same day, the MoneyBags Record company announced that they would hire Secure Think to protect their intellectual property against copyright infringement.
On April 4, a few businesses began noticing a new kind of computer attack that seemed to deliberately alter their data base files.
On May 5, more attacks were noticed and reported to CERT SoftMicro announced new software security patches, and Anti- Virus vendors had developed new protection against the malicious code signature. Businesses and organizations were advised to acquire and install these new security protections. CERT issued a public warning on their Web site, and officially named the new malicious code "Lamers.Legacy", because hacker Web sites called it by that name.
On May 10, the FBI sent out security warning messages on to all federal and local government agencies, urging them to download new Anti- Virus protection signatures ana also download and install the new SoftMicro security software patch to avoid being affected by the new "Lamers.Legacy" malicious code. The malicious code spread through the Internet.
On June 6, more attacks were noticed, and news stories appeared, most describing the "Lamers.Legacy" malicious code as an annoyance. However, the computer security fixes worked well, and after one week, reports diminished about computer attacks and the news stories faded. Then, about 4 months later, two computer security incidents occurred that were traced back to the different ways the malicious code operated.
On October 9 2008, elevators at the Washington, DC city hall building were stuck open on the first floor, and would not carry passengers to any other floors in the 5-story building. Staff and citizens had to walk up and down the stairway that entire day.
On October 10 2008, air traffic control computers at the central and very important Chicago International airport suddenly became very sluggish, and automatic routing systems alarmingly directed airplanes to fly on collision course toward each other, and toward tall buildings. It was as if the computers were communicating with each other, beyond the control of the airport managers. Airport computer backup systems kicked in. There were several moments of danger and uncertainty, as air traffic controllers rushed to verify the accuracy of critical databases in the backup control computers.
Investigation later showed that both city hall and airport computer systems had been victims of the "Lamers. Legacy " malicious code. City hall was victimized through direct manipulation of their facilities management database, which had been altered so the elevators would serve only the first floor. The database had been affected because the security fixes had never been installed or updated. Authorities guessed hackers looking for mischief caused the elevator problem.
The Chicago airport was victimized by the same malicious code, but more indirectly. The SoftMicro security fix and the Anti- Virus security fix had both been installed on airport computer systems. Access to the air traffic control computer systems programs and databases is protected by encryption. However, the files containing passwords needed to operate the public-key cryptosystem used by airport systems administrators had apparently been stolen. This had occurred because the "Lamers. Legacy " code had exploited vulnerabilities, and transmitted stolen information to an unknown address, and then deleted itself before the security fzxes were installed. Investigation showed that unauthorized persons had later returned to airport computers through the Internet, and gained access to program source code by pretending to be authorized administrators with valid passwords. Those old, but still valid passwords allowed them operate the public and private keys needed to replace encrypted computer programs and modify database information.
The unauthorized users had been accessing the encrypted files, possibly for months, quietly changing them through the Internet. The events made it seem as if the unauthorized hackers were likely international terrorists. The altered programs were activated remotely that day by a signal sent through the Internet. No one yet knows if programs at other airports, or programs important to other parts of the critical infrastructure of the US, have been altered the same way. No one is yet sure if the backuJ systems used to restore the corrupted Chicago airport files are clean, or also corrupted.
End of scenario ???>
Question A:
Answer this 5-part question using no more than 3 pages total. Label the answers AI, A2, A3, A4, A5.
1. Briefly support your own opinion about the ethical principles of the Lamers group before formation of the SecureThink company. Briefly support your opinion about the ethics of the hiring of SecureThink by the MoneyBags record company.
2. Name the groups that have responsibility in the occurrence of each of these 2 computer security incidents, and give examples (you may speculate) of their responsibilities?
3. Explain the types of system security threats and vulnerabilities involved in each security incident.
4. List a combined total of 5 security controls that would be most useful to prevent or lessen the likelihood of the computer security incidents described above, and describe how each of these 5 controls could have been used to improve security.
5. What, according to McNurlin, Sprague & Bui are the prime reasons for information insecurity since security is often applied in instances such as the above incidents?
Ref: (BooK): Information Systems Management In Practise, 8th Ed. Barbara C. McNurlin, Ralph H. Sprague, Jr., Tung Bui
Question B:
Answer this question using no more than 1 ? pages total. Label the answers B 1, B2
Many people actively share copyright-protected music files, or other types of digital files (photos, computer software, video) through the Internet by using any of several free file-sharing programs (such as Gnutella, or BearShare, or Napster). Some organizations consider this activity an attack on computer systems and digital intellectual property. Describe 2 possible types of computer system security threats when doing this activity at the work site, and link them to types of computer assets that are at risk. Explain 2 possible security controls that may help reduce these threats.
Question C:
Answer this 2-part question using no more than 1 ? pages total. Label the answers C 1, C2, C3
1. Public-key cryptography uses 2-keys. This is different from single-key (secret-key) cryptography.
What characteristic is a major vulnerability that discourages use of single-key cryptography in a network?
2. How does public-key cryptography overcome this vulnerability to allow for more securety for communications through a network?
3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it improve trust?
Part II
Instruction for Part II:
Requires a 2 page answer, APA format with 6 references
Answer the following question using no more than
(2 pages total). Label the answer D 1
1. Rapid growth of the Internet is triggering dramatic changes in traditional business methods and practices. But some industries and businesses seem better able to deal with the online world than others. For this question, identify a business or a service function you are familiar with. Describe and defend your strategy for implementing a web-based application to support that business or service. Be sure to conduct an environmental scan, determine best practices, identify information technology elements (infrastructure or capabilities) necessary to conduct the business, and a strategy for capitalizing on the success of your venture in the next iteration.
