Category: Computer Science homework help

Brandon 
Security design principles are fundamental concepts that provide a basis for understanding, developing, and evaluating security mechanisms. These principles include least privilege, fail-safe defaults, economy of mechanism, complete mediation, open design, separation of privilege, least common mechanism, and psychological acceptability (Gollmann, 2011). Authentication methods are used to verify the identity of users, systems, and applications. The most common method is password-based authentication, where users are required to enter a unique password. However, this method has its weaknesses such as the possibility of password cracking or guessing. To mitigate these risks, organizations implement password policies that dictate the complexity, length, and expiration of passwords (Jermyn, et al., 1999). In terms of other authentication methods, two-factor authentication (2FA) or multi-factor authentication (MFA) have been adopted widely. 2FA requires the user to provide two different types of information, typically something they know like a password, and something they have, such as a security token or a smartphone app. MFA extends this by requiring additional verification methods like biometrics (Furnell, 2007).
The principle of least privilege suggests that a user should be given the minimum levels of access necessary to complete their tasks. This can be achieved through the use of role-based access control (RBAC), where access rights are based on the role of the user within the organization (Sandhu et al., 1996). Similarly, the principle of fail-safe defaults means that access decisions should deny by default, and the access should be granted only when permitted. This principle can be implemented through the use of access control lists (ACLs), where each resource has an associated list of users that are permitted access (Gollmann, 2011). Ultimately, organizations should consider these security design principles when implementing authentication methods and password policies to ensure the security of their systems and data.
 Ezikiel
The principle of “Least Privilege” shows the importance of restricting user access to only the resources essential for their role within the organization. By implementing strong authentication methods, like biometrics or multi-factor authentication (MFA), and strong password policies, organizations can ensure that only authorized individuals have access to sensitive data or critical systems. This principle not only reduces the potential impact of insider threats but also mitigates the consequences of external attacks seeking to exploit weak authentication mechanisms. These measures not only enhance the overall security of a business but also create a culture of accountability among it’s users. Regularly updating password policies to show evolving security threats and educating people about the importance of secure authentication practices further solidifies the organization’s dedication to protecting against potential breaches. Additionally, implementing automated access controls that adjust user permissions based on changing roles or responsibilities aligns with the principle of least privilege, ensuring that users only have access to the resources necessary for their current tasks. Through these multifaceted approaches, organizations can effectively mitigate the risk of unauthorized access and protect sensitive assets from potential compromise. 
 

Concerning online applications, discuss the principles of CIA Triad (Confidentiality, Integrity, Availability) and propose an implementation process with the CIA’s adherence. (Hint: with online applications, detecting inadequate procedures, and careless employees).
Need 2-3 pages with peer-reviewed citations. No introduction or conclusion needed.
Please ensure NO AI and plagiarism free.

After reviewing chapter 2 and the “Identify Threats and Vulnerabilities,” compose a 5-7 page APA-formatted report, providing in-depth risk analysis and the result of an “undetected online security breach”.
Must include an introduction and a conclusion. Please, include recent peer-review references not older than five years. Must include minimum of 9 peer-reviewed citations.
Please ensure NO AI and plagiarism free.

You have been promoted as the manager of the e-commerce site for the company you working for. You are concerned about a recent SQL attack that happened. Your team reacted to the situation by notifying you immediately. You and your team were successful in containing and correcting the issues that allowed the website and database to be compromised by an SQL injection attack.
Knowing that many of the issues can be created by human error, you have decided to evaluate the processes your team uses when they code. As their leader, it is your responsibility to be current on all the best secure coding practices. Your job is to create guidelines for best coding practices, which you will present to your team.
Follow the instructions below
Provide at least three reasons why it is less expensive to build secure software than to correct security issues after a breach.
Outline the objectives and purpose of your company’s “best secure coding practices” and explain how it will influence your division.
Evaluate which method of the secure software development lifecycle will best serve your team, and explain how you plan on implementing your thoughts into your existing processes.
Identify three resources that can be used as “reference material” and act as a beginner’s guide for new employees. Outline the importance of each resource and how each resource can assist new coders. 
Outline all the major aspects of the best practice coding guideline, including objectives, purpose, resources, and methodology

Question #1: Research two software firewalls and explain the advantages and disadvantages of each one of them. Which one would you recommend and why?
Question #2: What are the challenges in securing networks (internet, LANs, wireless)? Which network is most difficult to secure and why?

Using  the same dataset as last week or a different one, select two  qualitative variables and two quantitative variables. Explain why you  selected these variables. 
Analysis:
For your qualitative variables, create a contingency table and calculate the association between them. 
For  your quantitative variables, calculate the correlation between them.  Include scatter plot to visually represent this relationship. 
Interpretation:  Explain your findings. What does the association or correlation say  about the relationship between your variables? Is the relationship  strong, weak, positive, negative, or nonexistent? 
Reflection:  Reflect on the importance of understanding associations and  correlations in data analysis and how they can guide further data  investigation. 
Submission Format: Your submission should be a maximum of 500-600 words. Submit your assignment in APA format as a Word document or a PDF file. Include  both your written analysis and any visualizations or tables that  support your findings. If you use any software for your calculations  (Excel), please include your code or  formulas as well.

Purpose
In this assignment, you will examine a forensic disk image for evidence of corporate espionage. Read the scenario document carefully, as you may consider it interview notes with your client. This represents a more complex scenario than Investigation 01 and thus contains a greater degree of irrelevant data. Be sure to give yourself plenty of time to perform the examination, and be sure to take advantage of Autopsy’s features to assist your disambiguation.
Instructions
You’ll need to use the following resources to complete the assignment:
Investigation 02 Sample Evidence*
Autopsy the open-source forensic suite* (or another suite, such as EnCase or FTK.)
(Optional) Download and use the report template (See the Investigation and Forensics Challenge module for the templates)
*Accessed via the Virtual Lab.
After reading the Investigation 02 Scenario, open your forensic tool and import the sample evidence into the tool. Begin a forensic report and begin your search. As you do, be sure to take special note of these answers to these questions. These questions represent those that need to be answered to arrive at a logical conclusion to this scenario. They are provided here, but in the future, you will be required to decide these questions on your own.
Scenario
This scenario takes place circa 2008.
M57.biz is a hip web start-up developing a body art catalog. They’ve pulled in over $3 million in funding with a net return of $10 million. The company is small, with only seven employees, including founder Alison Smith. Alison was co-founder with her long-time partner Raoul Perdoga, but she recently forced him out of the business following a nasty break-up.
Current employees are:
President: Alison Smith
CFO: Jean Jones
Programmers: Bob Blackman, Carol Canfred, David Daubert, Emmy Arlington
Marketing: Gina Tangers, Harris Jenkins
BizDev: Indy Counterching
Despite their recent success, they have a decentralized office. Most people work at home or on the road. Communication and collaboration are primarily by email through their own @m57.biz domain. This worked fine until a spreadsheet containing confidential proprietary company information was posted as an attachment in the technical support forum of a competitor’s website.
The spreadsheet came from CFO Jean’s computer, but she denies any knowledge of the leak. She says that Alison asked her to prepare the spreadsheet as part of a new funding effort and to email it to her. Alison denies she ever asked for the spreadsheet and never received a copy by email. A recreation of the spreadsheet table is found below for you to use.
Questions
When did Jean create the spreadsheet? Jean asserts that she created the spreadsheet after Alison had asked for it by email.
How did the spreadsheet get from Jean’s computer to the competitor’s website? Jean says she emailed it to Alison but denies ever visiting the competitor’s website.
Is anyone else from the company involved? What about people who are not in the company? What possible motive could they have?
If what Jean says is true, what steps can we take to continue our investigation?

 
Instructions
Week 2 Assignnment: Key Hardware 
This week’s assignment we are going to start digging into the specifics of the hardware that makes up both of our water treatment facilities, remember your company is responsible for purification of both drinking water and wastewater. You need to make sure you note key hardware and machines for the actual processes, but you also need to do work on the devices and systems you will need for the control systems for both facilities. The goal of the paper is to develop a rough list of hardware that goes into the water treatment facilities. If you remember your video and documents from last week, things will be much easier in knowing what type of hardware is needed.
Assignment Guidelines
Step 1: Using the documents from last week and Google, you will need to list all the key hardware and machines that make up the water treatment facilities and their ICS/SCADA systems. Below you will find a few sources of information to help you get started. Also, a hint, lots of companies in water treatment have technology pages. Don’t forget to mention what hardware and security you would use to build out the network, you only need to focus on standard networking for this week.
 https://www.samcotech.com/how-much-does-an-industrial-water-treatment-system-cost/
 https://www.samcotech.com/cost-wastewater-treatment-system/
 https://www.process-logic.com/content/images/SCADA.pdf
Step 2: Once you have gathered up all the information you will compile the data into a PowerPoint presentation. Each step of the processes will be a single slide. Each slide will list the hardware needed for that respective step, make sure to include photos and brief descriptions of the hardware explaining their usage and their role in the process. Your final slide should cover the hardware and security you would put into place for the networking.

 
Choose one of the Business Scenario Options to establish the audience and business perspective for your Emerging Technology Analysis Report.

NASCAR

Consider the Topic Options presented under each of the Emerging Technology Categories and choose one topic option to investigate, 

 Blockchain for Data Security

In your role as a consultant in your chosen business scenario, create a digital artifact (student choice: video, animation, presentation, storyboard, report, infographic, etc.) that covers:
An executive summary or abstract (integrate business scenario description)
The business and/or societal factors that contributed to the interest in and/or growth of this emerging technology
The tools and techniques used to gauge and evaluate the usefulness and/or efficiency of this emerging technology
3 scholarly references

 
Instructions
Instructions: 
This assignment consists of two questions (below) to test your knowledge and assimilation of the course objectives.  You are to pick ONE and answer it in 6-8 page paper.  Grading will be based on the rubric.  Make sure you follow AMU’s writing policies and the Chicago writing style guide (cover page, page numbering, double space, headings/subheadings, etc).  YOU MUST CITE YOUR SOURCES AND INCLUDE A BIBLIOGRAPHY. You must also have a strong introduction, thesis statement and conclusion.
Question #1: Select one of the studies presented in weeks 6 or 7 of this class or another case of your choosing with instructor approval. You might have to look ahead. Write an analysis paper providing more details of the attack, to include the following:
a.   Victim, attacker, and probable motivation for the attack.
b.   Nature and sophistication of the attack.
c.   What was the desired outcome of the attack?
d.   How successful was it?
e.   How effective were the attackers in covering their tracks?
f.    How did the victim respond?
OR  
Question #2: Discuss the future of cyber warfare. Include the following as part of your discussion:
a.   How future wars will be fought.
b.   How ethical is cyber warfare?
c.   How the United States is preparing defensively to counter cyber-attacks?
d.   What is next?