Request for Infoceo!!
I have a new paper requirement. It's a total of 8 pages, plus a one page
bibliography. Total 9 pages. There are several questions that I need detailed answers to the
questions Research Paper Requirement: the following questions in Part 1 and Part 2 need to be answered. The number of pages for each answer is supplied below. Request that at least 6 references be used per answer and be included as part of a Bibliography on the last page. Total pages for both questions not to include Bibliography = 8 pages, Plus a one page for the bibliography. I have included one reference for answering one of the questions.
Instruction for Part I:
1. Part 1 answers should be based on how the requirements for security
is related to system security
threats and vulnerabilities. Answers to the associated questions should list the kinds of security
threats and vulnerabilities involved and the types of controls that may be useful to reduce those threats. Specifically, you must explain how the different types of controls you recommend can help reduce the vulnerabilities you name. You must also link threats and controls to the important goal of computer security
2. Citations and references are required to add strength to your written opinions. Use the necessary reference sources to support your answers.
3. Follow the APA (5th edition) guidelines for in-text citations and references. Place all references in a bibliography on the last page. No Abstract required
4. Answer all three questions for Part I, 6 pages total (see individual questions for max number of pages per answer; total = 6 pages for all three questions); total excluding the bibliography.
The following Security
incident scenario is to be used in answering all three questions:
On January 1,2008, the "Lamers", a club made up of computer
hobbyists who say they experiment with computer
programs for reasons of curiosity and challenge, created a new program that took advantage of a design weakness in the popular SoftMicro operating system. Their new program could arrive and install itself on (or "infect") a machine through email or through contact with other infected programs on a Web Site. The program was independent and robotic in that it contained its own email system, and each infected machine had the ability to find and communicate directly through the Internet with other infected machines. It could examine and copy or alter the contents of data base files, and quietly transmit information and selected files back to a changeable address. It could even delete all traces of itself from an infected system upon receiving a
special command through the Internet. The program pushed technical boundaries, and could possibly be used as a tool for either good or evil.
On February 2, CERT, a large security
watchdog organization, monitored messages in hacker chat rooms where the Lamers were bragging about the technology in their new program. Several hacker Web sites published technical details of the source code. CERT immediately contacted the SoftMicro vendor, along with Anti- Virus product vendors to warn them about the newly discovered vulnerabilities of their widely-distributed operating system product, and the possibility of a serious new security
(It is an actual accepted industry practice for CERT to not issue public security
warnings until after the affected vendors first have a chance to create new software patches or new anti-virus protection signatures, and offer them to the public. The reason for this is that wide publication of the vulnerability, without first having available solutions, would increase chances for attack. Please do not comment on this CERT industry practice as part of your answer for this exam.)
On March 3, the "Lamers" club, in a press conference, announced they were forming a new security
company, named "SecureThink", and planned one day to be traded on the New York Stock Exchange (under the ticker symbol"STNK"). Their program, now polished and improved, was protected by copyright and sold as a tool to help systems administrators detect security
flaws in their systems. That same day, the MoneyBags Record company announced that they would hire Secure Think to protect their intellectual property against copyright infringement.
On April 4, a few businesses began noticing a new kind of computer
attack that seemed to deliberately alter their data base files.
On May 5, more attacks were noticed and reported to CERT SoftMicro announced new software security
patches, and Anti- Virus vendors had developed new protection against the malicious code signature. Businesses and organizations were advised to acquire and install these new security
protections. CERT issued a public warning on their Web site, and officially named the new malicious code "Lamers.Legacy", because hacker Web sites called it by that name.
On May 10, the FBI sent out security
warning messages on to all federal and local government agencies, urging them to download new Anti- Virus protection signatures ana also download and install the new SoftMicro security
software patch to avoid being affected by the new "Lamers.Legacy" malicious code. The malicious code spread through the Internet.
On June 6, more attacks were noticed, and news stories appeared, most describing the "Lamers.Legacy" malicious code as an annoyance. However, the computer security
fixes worked well, and after one week, reports diminished about computer
attacks and the news stories faded. Then, about 4 months later, two computer security
incidents occurred that were traced back to the different ways the malicious code operated.
On October 9 2008, elevators at the Washington, DC city hall building were stuck open on the first floor, and would not carry passengers to any other floors in the 5-story building. Staff and citizens had to walk up and down the stairway that entire day.
On October 10 2008, air traffic control computers
at the central and very important Chicago International airport suddenly became very sluggish, and automatic routing systems alarmingly directed airplanes to fly on collision course toward each other, and toward tall buildings. It was as if the computers
were communicating with each other, beyond the control of the airport managers. Airport computer
backup systems kicked in. There were several moments of danger and uncertainty, as air traffic controllers rushed to verify the accuracy of critical databases in the backup control computers
Investigation later showed that both city hall and airport computer
systems had been victims of the "Lamers. Legacy " malicious code. City hall was victimized through direct manipulation of their facilities management database, which had been altered so the elevators would serve only the first floor. The database had been affected because the security
fixes had never been installed or updated. Authorities guessed hackers looking for mischief caused the elevator problem.
The Chicago airport was victimized by the same malicious code, but more indirectly. The SoftMicro security
fix and the Anti- Virus security
fix had both been installed on airport computer
systems. Access to the air traffic control computer
systems programs and databases is protected by encryption. However, the files containing passwords needed to operate the public-key cryptosystem used by airport systems administrators had apparently been stolen. This had occurred because the "Lamers. Legacy " code had exploited vulnerabilities, and transmitted stolen information to an unknown address, and then deleted itself before the security
fzxes were installed. Investigation showed that unauthorized persons had later returned to airport computers
through the Internet, and gained access to program source code by pretending to be authorized administrators with valid passwords. Those old, but still valid passwords allowed them operate the public and private keys needed to replace encrypted computer
programs and modify database information.
The unauthorized users had been accessing the encrypted files, possibly for months, quietly changing them through the Internet. The events made it seem as if the unauthorized hackers were likely international terrorists. The altered programs were activated remotely that day by a signal sent through the Internet. No one yet knows if programs at other airports, or programs important to other parts of the critical infrastructure of the US, have been altered the same way. No one is yet sure if the backuJ systems used to restore the corrupted Chicago airport files are clean, or also corrupted.
End of scenario ???>
Answer this 5-part question using no more than 3 pages total. Label the answers AI, A2, A3, A4, A5.
1. Briefly support your own opinion about the ethical principles of the Lamers group before formation of the SecureThink company. Briefly support your opinion about the ethics of the hiring of SecureThink by the MoneyBags record company.
2. Name the groups that have responsibility in the occurrence of each of these 2 computer security
incidents, and give examples (you may speculate) of their responsibilities?
3. Explain the types of system security
threats and vulnerabilities involved in each security
4. List a combined total of 5 security
controls that would be most useful to prevent or lessen the likelihood of the computer security
incidents described above, and describe how each of these 5 controls could have been used to improve security
5. What, according to McNurlin, Sprague & Bui are the prime reasons for information insecurity since security
is often applied in instances such as the above incidents?
Ref: (BooK): Information Systems Management In Practise, 8th Ed. Barbara C. McNurlin, Ralph H. Sprague, Jr., Tung Bui
Answer this question using no more than 1 ? pages total. Label the answers B 1, B2
Many people actively share copyright-protected music files, or other types of digital files (photos, computer
software, video) through the Internet by using any of several free file-sharing programs (such as Gnutella, or BearShare, or Napster). Some organizations consider this activity an attack on computer
systems and digital intellectual property. Describe 2 possible types of computer
threats when doing this activity at the work site, and link them to types of computer
assets that are at risk. Explain 2 possible security
controls that may help reduce these threats.
Answer this 2-part question using no more than 1 ? pages total. Label the answers C 1, C2, C3
1. Public-key cryptography uses 2-keys. This is different from single-key (secret-key) cryptography.
What characteristic is a major vulnerability that discourages use of single-key cryptography in a network?
2. How does public-key cryptography overcome this vulnerability to allow for more securety for communications through a network?
3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it improve trust?
Instruction for Part II:
Requires a 2 page answer, APA format with 6 references
Answer the following question using no more than
(2 pages total). Label the answer D 1
1. Rapid growth of the Internet is triggering dramatic changes in traditional business methods and practices. But some industries and businesses seem better able to deal with the online world than others. For this question, identify a business or a service function you are familiar with. Describe and defend your strategy for implementing a web-based application to support that business or service. Be sure to conduct an environmental scan, determine best practices, identify information technology elements (infrastructure or capabilities) necessary to conduct the business, and a strategy for capitalizing on the success of your venture in the next iteration.
[ Order Custom Essay ]
[ View Full Essay ]
Jason E. Bailes, & Gary F. Templeton. (2004). Managing P2P Security. Association for Computing Machinery. Communications of the ACM, 47(9), 95-98.
Bajaj, oA., Bradley, W., & Cravens, K.. (2008). SAAS: Integrating Systems Analysis with Accounting and Strategy for Ex-Ante Evaluation of IS Investments. Journal of Information Systems, 22(1), 97-124.
Caviglione, L.. (2009). Understanding and exploiting the reverse patterns of peer-to-peer file sharing applications. Network Security, 2009(7), 8-12
Chevalier, Y., & Rusinowitch, M.. (2010). Compiling and securing cryptographic protocols. Information Processing Letters, 110(3), 116.
Concha, D., Espadas, J., Romero, D., & Molina, a.. (2010). The e-HUB evolution: From a Custom Software Architecture to a Software-as-a-Service implementation. Computers in Industry, 61(2), 145.
Creeger, M.. (2009). CTO Roundtable: Cloud Computing. Association for Computing Machinery. Communications of the ACM, 52(8), 50.
Leon Erlanger. (2004, February). IM and P2P Security; the explosion of IM and P2P in the workplace can be a security nightmare. Here's how to keep your network - and your company - safe. PC Magazine, 23(2), 68+.
Galindo, D., & Herranz, J.. (2008). On the security of public key cryptosystems with a double decryption mechanism. Information Processing Letters, 108(5), 279.
Galindo, D., Morillo, P., & Rafols, C.. (2008). Improved certificate-based encryption in the standard model. The Journal of Systems and Software, 81(7), 1218.
Gaspary, L., Barcellos, M., Detsch, a., & Antunes, R.. (2007). Flexible security in peer-to-peer applications: Enabling new opportunities beyond tile sharing. Computer Networks, 51(17), 4797.
Sidney Hill, & Jr.. (2008, January). SaaS economics seem to favor users more than vendors. Manufacturing Business Technology, 26(1), 48.
Steve Hoberman. (2010). Data Modeling in the Cloud: Will the cloud make our data management jobs easier or harder?. Information Management, 20(2), 32.
Mike Hoskins. (2008). Solving the SaaS, SOA and Legacy Applications Sudoku. DM Review, 18(5), 21.
Brad Kenney. (2007, September). LIFE BEYOND CRM: SaaS Grows Up. Industry Week, 256(9), 38-39.
King, J.. (2010, February). Beyond CRM: SaaS Slips into the Mainstream. Computerworld, 44(4), 16-18,20.
Landau, S.. (2008). Privacy and Security a Multidimensional Problem. Association for Computing Machinery. Communications of the ACM, 51(11), 25.
Linda Leung. (2005, June). Hackers for hire. Network World, 22(24), 47.
Libeau, F.. (2008). Automating security events management. Network Security, 2008(12), 6-9.
Lowe, N.. (2009). Shields Up! Protecting browsers, endpoints and enterprises against web-based attacks. Network Security, 2009(10), 4-7.
Mansfield-Devine, S.. (2010). The perils of sharing. Network Security,
Rowan, T. (2009). Password protection: the next generation. Network Security, 2009(2), 4-7.
Sarkar, S., & Maitra, S.. (2010). Cryptanalysis of RSA with more than one decryption exponent. Information Processing Letters, 110(8/9), 336.
Swartz, N.. (2007). P2P: New National Security Risk? Information Management Journal, 41(6), 7.
Seewald, a., & Gansterer, W.. (2010). On the detection and identification of botnets. Computers & Security, 29(1), 45.
Eli Winjum, & Bjorn Kjetil Molmann. (2008). A multidimensional approach to multilevel security. Information Management & Computer Security, 16(5), 436-448.