Computer Security Essays and Research Papers

Instructions for Computer Security College Essay Examples

Title: Please see detailed information

  • Total Pages: 8
  • Words: 2728
  • Bibliography:0
  • Citation Style: APA
  • Document Type: Essay
Essay Instructions: Request for Infoceo!!

I have a new paper requirement. It's a total of 8 pages, plus a one page
bibliography. Total 9 pages. There are several questions that I need detailed answers to the
questions Research Paper Requirement: the following questions in Part 1 and Part 2 need to be answered. The number of pages for each answer is supplied below. Request that at least 6 references be used per answer and be included as part of a Bibliography on the last page. Total pages for both questions not to include Bibliography = 8 pages, Plus a one page for the bibliography. I have included one reference for answering one of the questions.



Part I

Instruction for Part I:

1. Part 1 answers should be based on how the requirements for security is related to system security threats and vulnerabilities. Answers to the associated questions should list the kinds of security threats and vulnerabilities involved and the types of controls that may be useful to reduce those threats. Specifically, you must explain how the different types of controls you recommend can help reduce the vulnerabilities you name. You must also link threats and controls to the important goal of computer security.
2. Citations and references are required to add strength to your written opinions. Use the necessary reference sources to support your answers.
3. Follow the APA (5th edition) guidelines for in-text citations and references. Place all references in a bibliography on the last page. No Abstract required
.
4. Answer all three questions for Part I, 6 pages total (see individual questions for max number of pages per answer; total = 6 pages for all three questions); total excluding the bibliography.
The following Security incident scenario is to be used in answering all three questions:
On January 1,2008, the "Lamers", a club made up of computer hobbyists who say they experiment with computer programs for reasons of curiosity and challenge, created a new program that took advantage of a design weakness in the popular SoftMicro operating system. Their new program could arrive and install itself on (or "infect") a machine through email or through contact with other infected programs on a Web Site. The program was independent and robotic in that it contained its own email system, and each infected machine had the ability to find and communicate directly through the Internet with other infected machines. It could examine and copy or alter the contents of data base files, and quietly transmit information and selected files back to a changeable address. It could even delete all traces of itself from an infected system upon receiving a

special command through the Internet. The program pushed technical boundaries, and could possibly be used as a tool for either good or evil.
On February 2, CERT, a large security watchdog organization, monitored messages in hacker chat rooms where the Lamers were bragging about the technology in their new program. Several hacker Web sites published technical details of the source code. CERT immediately contacted the SoftMicro vendor, along with Anti- Virus product vendors to warn them about the newly discovered vulnerabilities of their widely-distributed operating system product, and the possibility of a serious new security threat.
(It is an actual accepted industry practice for CERT to not issue public security warnings until after the affected vendors first have a chance to create new software patches or new anti-virus protection signatures, and offer them to the public. The reason for this is that wide publication of the vulnerability, without first having available solutions, would increase chances for attack. Please do not comment on this CERT industry practice as part of your answer for this exam.)
On March 3, the "Lamers" club, in a press conference, announced they were forming a new security company, named "SecureThink", and planned one day to be traded on the New York Stock Exchange (under the ticker symbol"STNK"). Their program, now polished and improved, was protected by copyright and sold as a tool to help systems administrators detect security flaws in their systems. That same day, the MoneyBags Record company announced that they would hire Secure Think to protect their intellectual property against copyright infringement.
On April 4, a few businesses began noticing a new kind of computer attack that seemed to deliberately alter their data base files.
On May 5, more attacks were noticed and reported to CERT SoftMicro announced new software security patches, and Anti- Virus vendors had developed new protection against the malicious code signature. Businesses and organizations were advised to acquire and install these new security protections. CERT issued a public warning on their Web site, and officially named the new malicious code "Lamers.Legacy", because hacker Web sites called it by that name.
On May 10, the FBI sent out security warning messages on to all federal and local government agencies, urging them to download new Anti- Virus protection signatures ana also download and install the new SoftMicro security software patch to avoid being affected by the new "Lamers.Legacy" malicious code. The malicious code spread through the Internet.
On June 6, more attacks were noticed, and news stories appeared, most describing the "Lamers.Legacy" malicious code as an annoyance. However, the computer security fixes worked well, and after one week, reports diminished about computer attacks and the news stories faded. Then, about 4 months later, two computer security incidents occurred that were traced back to the different ways the malicious code operated.

On October 9 2008, elevators at the Washington, DC city hall building were stuck open on the first floor, and would not carry passengers to any other floors in the 5-story building. Staff and citizens had to walk up and down the stairway that entire day.
On October 10 2008, air traffic control computers at the central and very important Chicago International airport suddenly became very sluggish, and automatic routing systems alarmingly directed airplanes to fly on collision course toward each other, and toward tall buildings. It was as if the computers were communicating with each other, beyond the control of the airport managers. Airport computer backup systems kicked in. There were several moments of danger and uncertainty, as air traffic controllers rushed to verify the accuracy of critical databases in the backup control computers.
Investigation later showed that both city hall and airport computer systems had been victims of the "Lamers. Legacy " malicious code. City hall was victimized through direct manipulation of their facilities management database, which had been altered so the elevators would serve only the first floor. The database had been affected because the security fixes had never been installed or updated. Authorities guessed hackers looking for mischief caused the elevator problem.
The Chicago airport was victimized by the same malicious code, but more indirectly. The SoftMicro security fix and the Anti- Virus security fix had both been installed on airport computer systems. Access to the air traffic control computer systems programs and databases is protected by encryption. However, the files containing passwords needed to operate the public-key cryptosystem used by airport systems administrators had apparently been stolen. This had occurred because the "Lamers. Legacy " code had exploited vulnerabilities, and transmitted stolen information to an unknown address, and then deleted itself before the security fzxes were installed. Investigation showed that unauthorized persons had later returned to airport computers through the Internet, and gained access to program source code by pretending to be authorized administrators with valid passwords. Those old, but still valid passwords allowed them operate the public and private keys needed to replace encrypted computer programs and modify database information.
The unauthorized users had been accessing the encrypted files, possibly for months, quietly changing them through the Internet. The events made it seem as if the unauthorized hackers were likely international terrorists. The altered programs were activated remotely that day by a signal sent through the Internet. No one yet knows if programs at other airports, or programs important to other parts of the critical infrastructure of the US, have been altered the same way. No one is yet sure if the backuJ systems used to restore the corrupted Chicago airport files are clean, or also corrupted.
End of scenario ???>

Question A:
Answer this 5-part question using no more than 3 pages total. Label the answers AI, A2, A3, A4, A5.
1. Briefly support your own opinion about the ethical principles of the Lamers group before formation of the SecureThink company. Briefly support your opinion about the ethics of the hiring of SecureThink by the MoneyBags record company.
2. Name the groups that have responsibility in the occurrence of each of these 2 computer security incidents, and give examples (you may speculate) of their responsibilities?
3. Explain the types of system security threats and vulnerabilities involved in each security incident.
4. List a combined total of 5 security controls that would be most useful to prevent or lessen the likelihood of the computer security incidents described above, and describe how each of these 5 controls could have been used to improve security.
5. What, according to McNurlin, Sprague & Bui are the prime reasons for information insecurity since security is often applied in instances such as the above incidents?
Ref: (BooK): Information Systems Management In Practise, 8th Ed. Barbara C. McNurlin, Ralph H. Sprague, Jr., Tung Bui
Question B:
Answer this question using no more than 1 ? pages total. Label the answers B 1, B2
Many people actively share copyright-protected music files, or other types of digital files (photos, computer software, video) through the Internet by using any of several free file-sharing programs (such as Gnutella, or BearShare, or Napster). Some organizations consider this activity an attack on computer systems and digital intellectual property. Describe 2 possible types of computer system security threats when doing this activity at the work site, and link them to types of computer assets that are at risk. Explain 2 possible security controls that may help reduce these threats.
Question C:
Answer this 2-part question using no more than 1 ? pages total. Label the answers C 1, C2, C3
1. Public-key cryptography uses 2-keys. This is different from single-key (secret-key) cryptography.
What characteristic is a major vulnerability that discourages use of single-key cryptography in a network?
2. How does public-key cryptography overcome this vulnerability to allow for more securety for communications through a network?
3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it improve trust?




Part II

Instruction for Part II:

Requires a 2 page answer, APA format with 6 references

Answer the following question using no more than
(2 pages total). Label the answer D 1

1. Rapid growth of the Internet is triggering dramatic changes in traditional business methods and practices. But some industries and businesses seem better able to deal with the online world than others. For this question, identify a business or a service function you are familiar with. Describe and defend your strategy for implementing a web-based application to support that business or service. Be sure to conduct an environmental scan, determine best practices, identify information technology elements (infrastructure or capabilities) necessary to conduct the business, and a strategy for capitalizing on the success of your venture in the next iteration.

[ Order Custom Essay ]

[ View Full Essay ]

Excerpt From Essay:
Bibliography:

References

Jason E. Bailes, & Gary F. Templeton. (2004). Managing P2P Security. Association for Computing Machinery. Communications of the ACM, 47(9), 95-98.

Bajaj, oA., Bradley, W., & Cravens, K.. (2008). SAAS: Integrating Systems Analysis with Accounting and Strategy for Ex-Ante Evaluation of IS Investments. Journal of Information Systems, 22(1), 97-124.

Caviglione, L.. (2009). Understanding and exploiting the reverse patterns of peer-to-peer file sharing applications. Network Security, 2009(7), 8-12

Chevalier, Y., & Rusinowitch, M.. (2010). Compiling and securing cryptographic protocols. Information Processing Letters, 110(3), 116.

Concha, D., Espadas, J., Romero, D., & Molina, a.. (2010). The e-HUB evolution: From a Custom Software Architecture to a Software-as-a-Service implementation. Computers in Industry, 61(2), 145.

Creeger, M.. (2009). CTO Roundtable: Cloud Computing. Association for Computing Machinery. Communications of the ACM, 52(8), 50.

Leon Erlanger. (2004, February). IM and P2P Security; the explosion of IM and P2P in the workplace can be a security nightmare. Here's how to keep your network - and your company - safe. PC Magazine, 23(2), 68+.

Galindo, D., & Herranz, J.. (2008). On the security of public key cryptosystems with a double decryption mechanism. Information Processing Letters, 108(5), 279.

Galindo, D., Morillo, P., & Rafols, C.. (2008). Improved certificate-based encryption in the standard model. The Journal of Systems and Software, 81(7), 1218.

Gaspary, L., Barcellos, M., Detsch, a., & Antunes, R.. (2007). Flexible security in peer-to-peer applications: Enabling new opportunities beyond tile sharing. Computer Networks, 51(17), 4797.

Sidney Hill, & Jr.. (2008, January). SaaS economics seem to favor users more than vendors. Manufacturing Business Technology, 26(1), 48.

Steve Hoberman. (2010). Data Modeling in the Cloud: Will the cloud make our data management jobs easier or harder?. Information Management, 20(2), 32.

Mike Hoskins. (2008). Solving the SaaS, SOA and Legacy Applications Sudoku. DM Review, 18(5), 21.

Brad Kenney. (2007, September). LIFE BEYOND CRM: SaaS Grows Up. Industry Week, 256(9), 38-39.

King, J.. (2010, February). Beyond CRM: SaaS Slips into the Mainstream. Computerworld, 44(4), 16-18,20.

Landau, S.. (2008). Privacy and Security a Multidimensional Problem. Association for Computing Machinery. Communications of the ACM, 51(11), 25.

Linda Leung. (2005, June). Hackers for hire. Network World, 22(24), 47.

Libeau, F.. (2008). Automating security events management. Network Security, 2008(12), 6-9.

Lowe, N.. (2009). Shields Up! Protecting browsers, endpoints and enterprises against web-based attacks. Network Security, 2009(10), 4-7.

Mansfield-Devine, S.. (2010). The perils of sharing. Network Security,

2010(1), 11-13.

Rowan, T. (2009). Password protection: the next generation. Network Security, 2009(2), 4-7.

Sarkar, S., & Maitra, S.. (2010). Cryptanalysis of RSA with more than one decryption exponent. Information Processing Letters, 110(8/9), 336.

Swartz, N.. (2007). P2P: New National Security Risk? Information Management Journal, 41(6), 7.

Seewald, a., & Gansterer, W.. (2010). On the detection and identification of botnets. Computers & Security, 29(1), 45.

Eli Winjum, & Bjorn Kjetil Molmann. (2008). A multidimensional approach to multilevel security. Information Management & Computer Security, 16(5), 436-448.

Order Custom Essay On This Topic

Title: Students security concentration required write a detailed document respective areas The security project requirements dependent students security concentration Each require a series security documentation suitable a hypothetical actual large corporation

  • Total Pages: 19
  • Words: 5280
  • Sources:30
  • Citation Style: MLA
  • Document Type: Research Paper
Essay Instructions: Students in the security concentration are required to write a detailed document in their respective areas. The security project requirements will be dependent on the student?s security concentration. Each will require a series of security documentation suitable for a hypothetical or actual large corporation. Students completing the Computer Security concentration will include corporate security policies that address security related considerations, a detailed document describing the organization?s defense in depth measures, firewall design and configurations, and an audit checklist covering firewall, intrusion detection system, operating system security, and database security. Students completing the Security concentration will include corporate security policies that address security related considerations, a detailed document describing the organizations defense in depth measures, a corporate contingency of operation plan, and a corporate disaster recovery plan.

The first two weeks of this course were dedicated to developing a project proposal. The project plan was to include: project description, team members, roles of each team member, (note: team members in this context are fictitious in your project. detailed time-line describing goals of each week, data schema, graphical interface design, report design, testing plan, deployment plan, support plan, schematics, and other relevant information required for project planning in each concentration. The project proposal was approved but professor said timeline needed improvement.

I need the first 15 pages by May 4th and the last 15 by May 16th. I also need a 2 paragraph update as to work completed this week by Saturday April 28th.

[ Order Custom Essay ]

[ View Full Essay ]

Excerpt From Essay:
Sources:

Bibliography

Checklist Details for Database Security Checklist for MS SQL Server 2005 Version 8, Release 1.7. Checklist ID: 157, 25 Dec 2009. Retrieved from: http://web.nvd.nist.gov/view/ncp/repository/checklistDetail?id=157

Heidari, Mohammad (2011) Operating Systems Security Considerations. PacketSource -- Security White Papers. 5 Nov 2011. Retrieved from: http://www.packetsource.com/article/operating-system/40069/None

Kiely, Don (2005) Microsoft SQL Server 2005. Security Overview for Database Administrators. SQL Server Technical Article. Jan 2007. SQL Server 2005 RTM and SP1.

Litchfield, David (2006) Which Database is More Secure? Oracle vs. Microsoft.21 Nov 2006. Retrieved from: http://www.databasesecurity.com/dbsec/comparison.pdf

Overview of SQL Server Security Model and Security Best Practices (2003) TRIPOD 20 May 2003. Retrieved from: http://vyaskn.tripod.com/sql_server_security_best_practices.htm

Ricciuti, Mike (2008) Microsoft Readies Revamped Database, Security Software. CNET 10 June 2008. Retrieved from: http://news.cnet.com/8301-10784_3-9964189-7.html

Swanson, Marianne (1998) Guide for Developing Security Plans for Information Technology Systems. Federal Computer Security Program. Manager's Forum Working Group. Dec 1998. Retrieved from: http://www.cio.gov/Documents/Planguide.pdf

Navicat for SQL Server 10.0.11 (2012) Softpedia. Retrieved from: http://www.softpedia.com/get/Internet/Servers/Database-Utils/Navicat-for-SQL-Server.shtml

Order Custom Essay On This Topic

Title: Want preparing Statement Purpose application made Masters program Engineering specialisation Information Computer Security The statement Purpose divided Currently Computer Science a paragraph a real fascinating innovative engineering fascinated

  • Total Pages: 2
  • Words: 599
  • References:2
  • Citation Style: APA
  • Document Type: Essay
Essay Instructions: Want help in preparing the Statement of Purpose so that an application can be made for Masters program in Engineering with specialisation in Information and Computer Security

The statement of Purpose can be divided in the following way

-Currently doing Computer Science, so would appreciate a first paragraph, a real fascinating and innovative one on how and why did engineering fascinated me. You can talk about hacking, crytography, ethical hacking, secured systems or some statistic that impressed me and propelled me to take computer science engineering

- Growth in Engineering years - what was learnt and how did the technical traits develop, talk about traits and undergradaute subjects

- Learning beyond Curriculum

-What did I like about networks and security and what are its applications and how will it be the technolgoy of the future etc. what I can achieve through Computer security

-Highlighting the other part of personality through participation in extra- curricular, co-curricular, social and sports activites

-Reasons for choosing USA for Masters studies and reasons for selecting a particular school in USA

TO BE DONE BY INFOCEO / Jonsmom ONLY

[ Order Custom Essay ]

[ View Full Essay ]

Excerpt From Essay:
Order Custom Essay On This Topic

Title: TOPIC How decide secure information And make decisions REQUEST INFOCEO OR paulsolo3414 AS WRITER BACKGROUND READING DiBattiste C

  • Total Pages: 3
  • Words: 737
  • Works Cited:3
  • Citation Style: MLA
  • Document Type: Research Paper
Essay Instructions: TOPIC: ---How should we decide how secure we want our information to be? And who should make these decisions?----

###REQUEST _INFOCEO_ OR __paulsolo3414__ AS WRITER###

BACKGROUND READING:
-----------------------------------------------------------------------------------------------------------------------
DiBattiste, C. (2009) Privacy and Information Security 101: Have a plan Information Security Best Practices 2009 conference archive The Wharton School, University of Pennsylvania. Zicklin Center for Business Ethics Research. Retrieved on July 26, 2010 from http://technopolity.editme.com/files/isbp2009talks/DiBattiste-summary.doc

Cranor, L. (2008) A Framework for Reasoning About the Human in the Loop. Retrieved on June 10, 2011 from http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf

Miller, M. (2005). Computer Security: Fact Forum Framework Retrieved on July 26, 2010 from http://www.caplet.com/security/taxonomy/index.html

_PLEASE USE AT LEAST __TWO__ OF THESE SOURCES FOR CITATIONS_

Expectations:
-----------------------------------------------------------------------------------------------------
1. Ability to apply an understanding of complex issues involved in the case question.

2. Explanation of the intrusion and intrusion detection systems.

3. Discussion and explanation of the need for web security especially in e-business

4. Description of the types and threats from hackers and intrusion to organizational records and sensitive data

5. Discussion of the need for computer security

[ Order Custom Essay ]

[ View Full Essay ]

Excerpt From Essay:
Works Cited:

References

Jason Bellone, Segolene de Basquiat, Juan Rodriguez. 2008. Reaching escape velocity: A practiced approach to information security management system implementation. Information Management & Computer Security 16, no. 1

(January 1): 49-57.

Cranor, L. (2008) A Framework for Reasoning About the Human in the Loop. Retrieved on June 10, 2011 from http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf

DiBattiste, C. (2009) Privacy and Information Security 101: Have a plan Information Security Best Practices 2009 conference archive The Wharton School, University of Pennsylvania. Zicklin Center for Business Ethics Research. Retrieved on July 26, 2010 from http://technopolity.editme.com/files/isbp2009talks/DiBattiste-summary.doc

Miller, M. (2005). Computer Security: Fact Forum Framework Retrieved on July 26, 2010 from http://www.caplet.com/security/taxonomy/index.html

Mukhopadhyay, I., Chakraborty, M., & Chakrabarti, S.. (2011). A Comparative Study of Related Technologies of Intrusion Detection & Prevention Systems. Journal of Information Security, 2(1), 28-38.

Order Custom Essay On This Topic
Request A Custom Essay On This Topic Request A Custom Essay
Testimonials:
“I really do appreciate HelpMyEssay.com. I'm not a good writer and the service really gets me going in the right direction. The staff gets back to me quickly with any concerns that I might have and they are always on time.’’ Tiffany R
“I have had all positive experiences with HelpMyEssay.com. I will recommend your service to everyone I know. Thank you!’’ Charlotte H
“I am finished with school thanks to HelpMyEssay.com. They really did help me graduate college.’’ Bill K