Essay Instructions: Request for Infoceo!!
I have a new paper requirement. It's a total of 8 pages, plus a one page
bibliography. Total 9 pages. There are several questions that I need detailed answers to the
questions Research Paper Requirement: the following questions in Part 1 and Part 2 need to be answered. The number of pages for each answer is supplied below. Request that at least 6 references be used per answer and be included as part of a Bibliography on the last page. Total pages for both questions not to include Bibliography = 8 pages, Plus a one page for the bibliography. I have included one reference for answering one of the questions.
Instruction for Part I:
1. Part 1 answers should be based on how the requirements for security is related to system security threats and vulnerabilities. Answers to the associated questions should list the kinds of security threats and vulnerabilities involved and the types of controls that may be useful to reduce those threats. Specifically, you must explain how the different types of controls you recommend can help reduce the vulnerabilities you name. You must also link threats and controls to the important goal of computer security.
2. Citations and references are required to add strength to your written opinions. Use the necessary reference sources to support your answers.
3. Follow the APA (5th edition) guidelines for in-text citations and references. Place all references in a bibliography on the last page. No Abstract required
4. Answer all three questions for Part I, 6 pages total (see individual questions for max number of pages per answer; total = 6 pages for all three questions); total excluding the bibliography.
The following Security incident scenario is to be used in answering all three questions:
On January 1,2008, the "Lamers", a club made up of computer hobbyists who say they experiment with computer programs for reasons of curiosity and challenge, created a new program that took advantage of a design weakness in the popular SoftMicro operating system. Their new program could arrive and install itself on (or "infect") a machine through email or through contact with other infected programs on a Web Site. The program was independent and robotic in that it contained its own email system, and each infected machine had the ability to find and communicate directly through the Internet with other infected machines. It could examine and copy or alter the contents of data base files, and quietly transmit information and selected files back to a changeable address. It could even delete all traces of itself from an infected system upon receiving a
special command through the Internet. The program pushed technical boundaries, and could possibly be used as a tool for either good or evil.
On February 2, CERT, a large security watchdog organization, monitored messages in hacker chat rooms where the Lamers were bragging about the technology in their new program. Several hacker Web sites published technical details of the source code. CERT immediately contacted the SoftMicro vendor, along with Anti- Virus product vendors to warn them about the newly discovered vulnerabilities of their widely-distributed operating system product, and the possibility of a serious new security threat.
(It is an actual accepted industry practice for CERT to not issue public security warnings until after the affected vendors first have a chance to create new software patches or new anti-virus protection signatures, and offer them to the public. The reason for this is that wide publication of the vulnerability, without first having available solutions, would increase chances for attack. Please do not comment on this CERT industry practice as part of your answer for this exam.)
On March 3, the "Lamers" club, in a press conference, announced they were forming a new security company, named "SecureThink", and planned one day to be traded on the New York Stock Exchange (under the ticker symbol"STNK"). Their program, now polished and improved, was protected by copyright and sold as a tool to help systems administrators detect security flaws in their systems. That same day, the MoneyBags Record company announced that they would hire Secure Think to protect their intellectual property against copyright infringement.
On April 4, a few businesses began noticing a new kind of computer attack that seemed to deliberately alter their data base files.
On May 5, more attacks were noticed and reported to CERT SoftMicro announced new software security patches, and Anti- Virus vendors had developed new protection against the malicious code signature. Businesses and organizations were advised to acquire and install these new security protections. CERT issued a public warning on their Web site, and officially named the new malicious code "Lamers.Legacy", because hacker Web sites called it by that name.
On May 10, the FBI sent out security warning messages on to all federal and local government agencies, urging them to download new Anti- Virus protection signatures ana also download and install the new SoftMicro security software patch to avoid being affected by the new "Lamers.Legacy" malicious code. The malicious code spread through the Internet.
On June 6, more attacks were noticed, and news stories appeared, most describing the "Lamers.Legacy" malicious code as an annoyance. However, the computer security fixes worked well, and after one week, reports diminished about computer attacks and the news stories faded. Then, about 4 months later, two computer security incidents occurred that were traced back to the different ways the malicious code operated.
On October 9 2008, elevators at the Washington, DC city hall building were stuck open on the first floor, and would not carry passengers to any other floors in the 5-story building. Staff and citizens had to walk up and down the stairway that entire day.
On October 10 2008, air traffic control computers at the central and very important Chicago International airport suddenly became very sluggish, and automatic routing systems alarmingly directed airplanes to fly on collision course toward each other, and toward tall buildings. It was as if the computers were communicating with each other, beyond the control of the airport managers. Airport computer backup systems kicked in. There were several moments of danger and uncertainty, as air traffic controllers rushed to verify the accuracy of critical databases in the backup control computers.
Investigation later showed that both city hall and airport computer systems had been victims of the "Lamers. Legacy " malicious code. City hall was victimized through direct manipulation of their facilities management database, which had been altered so the elevators would serve only the first floor. The database had been affected because the security fixes had never been installed or updated. Authorities guessed hackers looking for mischief caused the elevator problem.
The Chicago airport was victimized by the same malicious code, but more indirectly. The SoftMicro security fix and the Anti- Virus security fix had both been installed on airport computer systems. Access to the air traffic control computer systems programs and databases is protected by encryption. However, the files containing passwords needed to operate the public-key cryptosystem used by airport systems administrators had apparently been stolen. This had occurred because the "Lamers. Legacy " code had exploited vulnerabilities, and transmitted stolen information to an unknown address, and then deleted itself before the security fzxes were installed. Investigation showed that unauthorized persons had later returned to airport computers through the Internet, and gained access to program source code by pretending to be authorized administrators with valid passwords. Those old, but still valid passwords allowed them operate the public and private keys needed to replace encrypted computer programs and modify database information.
The unauthorized users had been accessing the encrypted files, possibly for months, quietly changing them through the Internet. The events made it seem as if the unauthorized hackers were likely international terrorists. The altered programs were activated remotely that day by a signal sent through the Internet. No one yet knows if programs at other airports, or programs important to other parts of the critical infrastructure of the US, have been altered the same way. No one is yet sure if the backuJ systems used to restore the corrupted Chicago airport files are clean, or also corrupted.
End of scenario ???>
Answer this 5-part question using no more than 3 pages total. Label the answers AI, A2, A3, A4, A5.
1. Briefly support your own opinion about the ethical principles of the Lamers group before formation of the SecureThink company. Briefly support your opinion about the ethics of the hiring of SecureThink by the MoneyBags record company.
2. Name the groups that have responsibility in the occurrence of each of these 2 computer security incidents, and give examples (you may speculate) of their responsibilities?
3. Explain the types of system security threats and vulnerabilities involved in each security incident.
4. List a combined total of 5 security controls that would be most useful to prevent or lessen the likelihood of the computer security incidents described above, and describe how each of these 5 controls could have been used to improve security.
5. What, according to McNurlin, Sprague & Bui are the prime reasons for information insecurity since security is often applied in instances such as the above incidents?
Ref: (BooK): Information Systems Management In Practise, 8th Ed. Barbara C. McNurlin, Ralph H. Sprague, Jr., Tung Bui
Answer this question using no more than 1 ? pages total. Label the answers B 1, B2
Many people actively share copyright-protected music files, or other types of digital files (photos, computer software, video) through the Internet by using any of several free file-sharing programs (such as Gnutella, or BearShare, or Napster). Some organizations consider this activity an attack on computer systems and digital intellectual property. Describe 2 possible types of computer system security threats when doing this activity at the work site, and link them to types of computer assets that are at risk. Explain 2 possible security controls that may help reduce these threats.
Answer this 2-part question using no more than 1 ? pages total. Label the answers C 1, C2, C3
1. Public-key cryptography uses 2-keys. This is different from single-key (secret-key) cryptography.
What characteristic is a major vulnerability that discourages use of single-key cryptography in a network?
2. How does public-key cryptography overcome this vulnerability to allow for more securety for communications through a network?
3. What will help you trust a public-key that belongs to an unfamiliar person or Web site, and why does it improve trust?
Instruction for Part II:
Requires a 2 page answer, APA format with 6 references
Answer the following question using no more than
(2 pages total). Label the answer D 1
1. Rapid growth of the Internet is triggering dramatic changes in traditional business methods and practices. But some industries and businesses seem better able to deal with the online world than others. For this question, identify a business or a service function you are familiar with. Describe and defend your strategy for implementing a web-based application to support that business or service. Be sure to conduct an environmental scan, determine best practices, identify information technology elements (infrastructure or capabilities) necessary to conduct the business, and a strategy for capitalizing on the success of your venture in the next iteration.
Excerpt From Essay:
Total Pages: 19 Words: 5280 Sources: 30 Citation Style: MLA Document Type: Research Paper
Essay Instructions: Students in the security concentration are required to write a detailed document in their respective areas. The security project requirements will be dependent on the student?s security concentration. Each will require a series of security documentation suitable for a hypothetical or actual large corporation. Students completing the Computer Security concentration will include corporate security policies that address security related considerations, a detailed document describing the organization?s defense in depth measures, firewall design and configurations, and an audit checklist covering firewall, intrusion detection system, operating system security, and database security. Students completing the Security concentration will include corporate security policies that address security related considerations, a detailed document describing the organizations defense in depth measures, a corporate contingency of operation plan, and a corporate disaster recovery plan.
The first two weeks of this course were dedicated to developing a project proposal. The project plan was to include: project description, team members, roles of each team member, (note: team members in this context are fictitious in your project. detailed time-line describing goals of each week, data schema, graphical interface design, report design, testing plan, deployment plan, support plan, schematics, and other relevant information required for project planning in each concentration. The project proposal was approved but professor said timeline needed improvement.
I need the first 15 pages by May 4th and the last 15 by May 16th. I also need a 2 paragraph update as to work completed this week by Saturday April 28th.
Excerpt From Essay:
Total Pages: 2 Words: 599 References: 2 Citation Style: APA Document Type: Essay
Essay Instructions: Want help in preparing the Statement of Purpose so that an application can be made for Masters program in Engineering with specialisation in Information and Computer Security
The statement of Purpose can be divided in the following way
-Currently doing Computer Science, so would appreciate a first paragraph, a real fascinating and innovative one on how and why did engineering fascinated me. You can talk about hacking, crytography, ethical hacking, secured systems or some statistic that impressed me and propelled me to take computer science engineering
- Growth in Engineering years - what was learnt and how did the technical traits develop, talk about traits and undergradaute subjects
- Learning beyond Curriculum
-What did I like about networks and security and what are its applications and how will it be the technolgoy of the future etc. what I can achieve through Computer security
-Highlighting the other part of personality through participation in extra- curricular, co-curricular, social and sports activites
-Reasons for choosing USA for Masters studies and reasons for selecting a particular school in USA
TO BE DONE BY INFOCEO / Jonsmom ONLY
Excerpt From Essay:
Total Pages: 3 Words: 737 Works Cited: 3 Citation Style: MLA Document Type: Research Paper
Essay Instructions: TOPIC: ---How should we decide how secure we want our information to be? And who should make these decisions?----
###REQUEST _INFOCEO_ OR __paulsolo3414__ AS WRITER###
DiBattiste, C. (2009) Privacy and Information Security 101: Have a plan Information Security Best Practices 2009 conference archive The Wharton School, University of Pennsylvania. Zicklin Center for Business Ethics Research. Retrieved on July 26, 2010 from http://technopolity.editme.com/files/isbp2009talks/DiBattiste-summary.doc
Cranor, L. (2008) A Framework for Reasoning About the Human in the Loop. Retrieved on June 10, 2011 from http://www.usenix.org/events/upsec08/tech/full_papers/cranor/cranor.pdf
Miller, M. (2005). Computer Security: Fact Forum Framework Retrieved on July 26, 2010 from http://www.caplet.com/security/taxonomy/index.html
_PLEASE USE AT LEAST __TWO__ OF THESE SOURCES FOR CITATIONS_
1. Ability to apply an understanding of complex issues involved in the case question.
2. Explanation of the intrusion and intrusion detection systems.
3. Discussion and explanation of the need for web security especially in e-business
4. Description of the types and threats from hackers and intrusion to organizational records and sensitive data
5. Discussion of the need for computer security
Excerpt From Essay:
I really do appreciate HelpMyEssay.com. I'm not a good writer and the service really gets me going in the right direction. The staff gets back to me quickly with any concerns that I might have and they are always on time.
I have had all positive experiences with HelpMyEssay.com. I will recommend your service to everyone I know. Thank you!
I am finished with school thanks to HelpMyEssay.com. They really did help me graduate college..