Home >> Free Essays >> All Subjects >> IT
IT Examples and Topics
Risk Assessment Paper
Malintha Liyanage
Institution
Table of Contents
TOC \o "1-3" \h \z \u Abstract PAGEREF _Toc17710812 \h 3
Proposal PAGEREF _Toc17710813 \h 4
Asset Inventory and Priority PAGEREF _Toc17710814 \h 4
Network Topology Assessment PAGEREF _Toc17710815 \h 6
Network Authentication PAGEREF _Toc17710816 \h 9
Risk Assessment PAGEREF _Toc17710817 \h 10
Vulnerabilities PAGEREF _Toc17710818 \h 11
Remote Configuration Management PAGEREF _Toc17710819 \h 12
Analyze Wireless Traffic PAGEREF _Toc17710820 \h 14
Conclusion PAGEREF _Toc17710821 \h 15
Executive Summary PAGEREF _Toc17710822 \h 17
References PAGEREF _Toc17710823 \h 20
Abstract
Finance and banking companies are most vulnerable to attacks and 64 percent of cyber-attacks are for financial gains. Remaining 36 percent is for getting sensitive information of clients CITATION BCa04 \l 1033 (B Cashell, 2004). Global Finance Incorporation (GFI) has also been a victim of cybersecurity attacks, in 2013 they lost their customer database as result of attack on their Oracle database. Similarly, in 2014, GFI network has been attacked which resulted in losing customer’s confidence and USD 1.7 million as a penalty in lawsuit. Moreover, it has been noticed that GFI’s employee lost his laptop containing company’s confidential information. Each cyber-incident is due to company failure to put forth a good cybersecurity policy. In the recent incident of client losing a laptop containing financial details of customers. the hard disk of the laptop was not encrypted and it contained financial details of customers, client failed to encrypt the hard disk of his laptop. Due to several incidents of cyber-attacks on the company’s network, the Chief Operating Officer has asked for risk assessment report. The risk assessment report also identifies the vulnerabilities in company’s network infrastructure and the plan devised for securing and improving GFI’s network.
Proposal
Risk Assessment Report is used for identifying security threats within the company’s network. The effect of these threats along with the necessary steps needed for securing the company’s network is discussed in this report. Company’s |COO has commissioned a team to assess risk of security in company’s network infrastructure to determine whether there are vulnerabilities present in the company’s network. As per past incident of network breach, company might get bankrupt in case of another security breach. Qualitative and quantitative assessment approach will be used for assessing network vulnerabilities. The approach will also help in identifying the value of company’s asset. A qualitative assessment is based on no numerical levels and categories by setting up rules, principal, and methods. A quantitative assessment is based on data and numbers by setting up riles, principal, and methods CITATION SRC94 \l 1033 (SR Chaplan, 1994). In this Risk Assessment Report, assumptions are based on vulnerabilities, value of asset, and impact of network breach using qualitative and quantitative approach.
Asset Inventory and Priority
Organizations are unaware when the network breach is going to happen. It is the responsibility of the company’s IT department to conduct an analysis network security risks and find solution to overcome network vulnerabilities. Risk analysis allows a company to identify network security threats and devise a relevant network security policy. Risk analysis also provides a way of identifying the level of vulnerabilities and helps in designing a secure network. GFI is an international company that provides financial services to its clients in Mexico, Canada, and United States. As GFI is managing sensitive and financial data of thousands of consumers, its network needs to be secured. Due to recent incidents of cyber attacks, this report will evaluate the value of assets along with its priority. Table 1 explains the equipment worth along with its priority and its objective.
LINK Excel.Sheet.12 "C:\\Users\\Evening\\Desktop\\Masoud\\work\\MPW-106528\\Book1.xlsx" "Sheet1!R1C1:R17C6" \a \f 5 \h \* MERGEFORMAT
Sr. No.
Equipment
QTY
Asset Value
$
Priority
Object
1
Printers
26
53040
Low
Prints data
2
Workstation
171
726750
Moderate
Helps employee in doing daily tasks
3
Exchange e-mail server
1
7140
Low
the facility of email for the employees
4
Internal DNS server
1
7990
Moderate
for sharing resources
5
SUS server
1
8160
Moderate
Provide patch management to the servers, and also provides necessary updates to employees
6
Internet Web Server
1
10030
Moderate
Allows sharing files between departments
7
Oracle Database Server
1
9350
Very high
Transactions data center
8
Access Layer VLAN
6
8670
Low
For separating department on the bases of the subnet address
9
Multi-layers switch
3
35700
High
link routers, TCB network, and VLAN switches
10
Wireless Router
1
20400
High
Helps BYOD policy by allowing internet connection to employee's devices
11
Distribution Router
2
27030
Moderate
Allows traffic flow between WAN which includes PBX and access
12
Border Core Router
2
85000
Very high
Link company's network to the internet
13
VPN gateway
1
10200
Very High
allows secure communication between TCB network and remote location
14
RAS
1
3400
Low
allows users to connect to the network via VPN
15
PBX
1
850
Low
Authenticated dial-in connection for user
Table 1: Asset and Priority
In Table-1, the value of assets is compared with their level of priority on the basis of their impact on network security. The value of the Oracle Database server is set very high, this is because all the financial data and transaction store in Oracle Database Server. Oracle Database server is a valued part of GFI’s network infrastructure. A company can go bankrupt if the Oracle Database is compromised. Switches and Border Core Routers are also set at high priority as they allow the connection between devices. Devices are interconnected with the help of switches in a way that the system will not crash if one equipment malfunction. RAS server, PBX, and printers are set at low priority.
Network Topology Assessment
GFI network is connected to Wide Area Network (WAN) which is on a mesh topology. Shown in figure 1. In this kind of topology, a single router is connected to switches or other routers. Every router in the topology of the GFI network is connected to every other switch or every other router CITATION KZh02 \l 1033 (K Zhu, 2002).
GFI network offers excellent performance and it has 10 remote locations. Clients of the company are connected to their network using the internet connections present at their homes. Clients are granted access by the company to its Oracle database server which is installed in company’s headquarter.
The company’s database servers are not encrypted. The database server receives data from a remote access site. There is no encryption in the company’s database which is accessed by the clients. No encryption in the connection raises the risk of cyber-attacks.
Install Internet Protocol Security (IPSec) to the company’s network for its protection from potential hackers. IPSec contains three encrypted protocols that are used for the protection of company’s traffic and its database server CITATION AHo02 \l 1033 (A Householder, 2002).
With the advancement of technologies chances of network breaches also increase. Parameters that can make company’s network vulnerable to cyber-attacks are; internet of things, VPNs, remote access, cloud technologies, BYOD policies, and innovative smart technologies. GFI’s network requires an upgrade for protecting it against the vulnerabilities. The company’s network has two-border core router which is not enough for overall protection against cyber-attacks. In 2015, there has been an incident in which a unknown laptop had found connected to company’s network. A sniffer program was running on the laptop which was found in an empty office room in company’s head office. Security appliance method along with enabled port security can prevent any intrusion like 2015 incident.
Demilitarized Zone (DMZ) along with firewalls can be used for securing the company’s network from intrusions. A passive action to be aware of threats and their pattern is called alerts and logs. A company’s network should have a Firewall with a mechanism of automated active for providing protection and enable a user to respond to a threat. DMZ can be used for protecting company’s network perimeters and is installed between the security appliance and the router CITATION DPJ09 \l 1033 (DP Johnson, 2009). The topology of GFI’s network should be changed to Screened Subnet for added protection CITATION Zal02 \l 1033 (Zalenski, 2002). Empty ports within the company’s network should also be disabled.
Company has recently put forth a Bring Your Own Device (BYOD) policy which allows an employee to connect their personal devices to the company’s network. Although the BYOD policy gives flexibility to its employee, but increase the chances of potential cyber-attacks CITATION KWM12 \l 1033 (KW Miller, 2012). There is two external access point in GFI’s network; one is Private Branch Exchange (PBX) and the second one is VPN. The authentication process in the VPN connection contains user credentials and it utilizes Microsoft- Challenge Handshake Authentication Protocol (MS-CHAP) V2. In MS-CHAP, every device in the company’s network has to authenticate other devices CITATION SNo06 \l 1033 (S Norman, 2006). For added protection, two pathways are installed within the company’s network for separate encryption key for each command while going through a specific part of the network. For VPN remote access, an IPsec protocol should be installed in the network for the protection of network traffic. Recommended steps will eventually protect the company’s database servers from intruders.
Internet of things (IoT) is a concept that allows devices to connect to a bigger network. GFI is an example of BYOD and IoT as the company allows its employees and consumers to have remote access to their servers. For a company’s wireless connection, our company uses the WEP protocol. A network with WEP protocol uses static security keys which is the biggest flaw of company’s network. To overcome the issue, IEEE 802.1X security protocol should be used within the company’s network. Company has Wide Area Network (WAN) with several access point which raises the chances of getting cyber-attacks.
Network Authentication
The company’s network depends on remote access, mobile devices, wireless connection, and wired connection. To reduce the chances of vulnerabilities in network infrastructure, proper authentication protocols are needed. To protect company’s wireless network, IEEE 802.1X protocols should be implemented. IEEE 802.1X protocol enables control over access points. Moreover, IEEE 802.1X also provides methodology to distribute encryption keys within the company’s network CITATION JCC05 \l 1033 (JC Chen, 2005). WEP protocol that a company is already using only provides system based authentication. An Organization like GFI, which is practicing BYOD policy and using IoT strategy requires a user-based authentication. Company’s employee has option of using mobile devices, laptop, or a tablet. The devices are all company’s asset which is provided to its employees for better performance. In addition, employee has an option of BYOD which further increases the performance of company’s operations. The vulnerabilities of the network increase with the BYOD policy. There are mobile software management solutions available, which reduces the chances of security threat. Mobile Device Management (MDM) which is a network-based solution is needed for protecting company’s asset. The company’s administration can remotely upgrade its security policy by using MDM solution. In addition, a stolen or misplaced device can be wiped away and removed from the company’s network with the help of MDM solution. MDM solution will reduce the vulnerabilities in remote access point, mobile devices, and company’s internal WAN CITATION JFr04 \l 1033 (J Fraley, 2004). A port-based solution using IEEE 802.1protocal is also needed for added protection. Unlike the incident of 2015, it will be hard for any hacker to connect its device to company’s network with proper authentication.
Risk Assessment
The business sway evaluation (BIA) process approaches the issue from both quantitative and subjective perspectives. Be that as it may, it is enticing for a Business congruity arranging (BCP) group to "go with the numbers" and play out a quantitative evaluation while ignoring the to some degree progressively troublesome subjective appraisal. It is essential that the BCP group play out a subjective examination of the elements influencing the BCP procedure (Stewart, Chapple, and Gibson, 2012). The hazard evaluation recognizes the advantage with the opportunity it may happen and the effect it has on the system. Stewart et al., when a BCP has finished the following stage in the BIA is to recognize the assets that are basic to an association's continuous reasonability and the dangers presented to those assets. It additionally surveys the probability that every risk will happen and the effect those events will have on the business
A fundamental bit of the procedure inside the BCP is the Quantitative and Qualitative examination in which both are similarly significant. When getting to the presumable hood that an episode may happen the measurements use to decide the single misfortune anticipation (SLE) which is an event likely occur, we can figure the fiscal misfortune with the equation SLE = Asset Value (NAV) x Exposure Factor (EF). For instance, how about we inspect the GFI arrange edge the AV is the outskirts center switch/Oracle DB evaluated all out worth is $55,500. The EF is evaluated at 95%, and this was resolved to utilize the measurement of the past risk to the system beginning in 2013 and finishing in 2015. In each example, a programmer had the option to penetrate into the system accessed the Oracle database. The single misfortune hope ascertains with the equation above is $52,725 if this event is probably going to occur
Vulnerabilities
Distributed computing has been one of the most problematic advances, which has changed the way undertakings, both little and huge expend IT. The capacity to buy into the "as-an administration" utilization model, while changing over capital consumption to operational use, has been a key driver for Cloud reception (Chen, Zhang, and Gottschalk, 2017). GFI is pushing ahead in building up an arrangement to offer its item and administrations online by means of the Cloud. The COO has communicated his worry over the security highlight inside the distributed computing condition.
Distributed computing gives favorable circumstances over the utilization of a supercomputer lodging GFI database. There are numerous arrangements inside the distributed computing condition to convey administration to the cloud. In the first place, before any administration builds up a cloud base condition must be tried first to improve the IT foundation necessities, there are various alternatives for distributed computing to incorporate inward/outside to private stockpiling/open stockpiling. For GFI cloud structure we will take a gander at using interior stockpiling and moving some advantage for the cloud. cloud condition would befit the structure for GFI to used private stockpiling resources; furthermore, the security concern the COO has about security if there should be an occurrence of break of organization information. GFI should set up a virtualization situation to test the distributed computing condition before provisioning the administrations. The test condition ought to be arranged on servers dwelling inside TCB. This choice uses the current equipment right now set up along these lines sparing the organization on buying costly equipment and programming related support cost. GFI Intranet Web Server dwells with the Trusted Computing Based Internal Network. (TCB) which is a connect to a multilayer switch, the VPN Gateway, and Border Core Router. The outskirt center switch, by and large, handles the edge protection, the fringe switch will do it occupation of separating of inbound traffic yet came up short on the security include prerequisites of a security apparatus, anyway with the uptick of system traffic a security mechanism is a favored technique to verify the GFI organize edge from undesirable interruptions
Remote Configuration Management
Procedure of keeping up and sorting out data of the considerable number of parts of organization's system is called remote design the executives. System the executive database causes the organization to overhaul, alter, grow, and fix organization's system remotely. The information base has system address, IP address, and area of equipment gadgets (Perkins, 1992). Besides, data about updates, forms, projects and setting of equipment gadgets which are introduced inside the system foundation of the organization. Remembering over, the organization can utilize remote system directors in its system framework to expand efficiency of the framework. Any disappointment in the system can likewise be observed effectively utilizing remote system setup. As there is an alternate arrangement for each system gadget, organize design can facilitate the way toward sparing various setups. To fix a specific equipment or programming disappointment inside the system, remote system design administrator can spare time and exertion. The information is generally put away in focal servers with the end goal of remote arrangement supervisor. There are numerous instruments accessible for the remote system design the board, seller explicit apparatus will be progressively appropriate for our organization's system. In remote design the executives, framework organization can be utilized to decrease personal time of a system. In addition, the responsibility and deceivability of system additionally improve with remote arrangement the executives. Following are the advantages our organization can accomplish by introducing remote system arrangement:
a.Easily documenting of subtleties in system setup changes.
b.If the framework refreshing makes framework shutdown, it can without much of a stretch be downsized to past settings and programming.
c.Changes made in one equipment does not influence other gadget.
d.Network security will be advanced.
e.Configuration and change the board for the most part causes mistake; this can be decreased by utilizing remote design the executives.
f.Systematic procedure of updating, extension, fix, and upkeep in the system
It is seen that there is an obscure gadget associated with the organization's system. This can be identified by either by Sequence number examination or from Dynamic Host Configuration Protocol (DHCP) customer tables. On the off chance that any obscure gadget's IP address or MAC address is identified in the DHCP table, MAC address of the gadget can be effectively obstructed by essentially utilizing passage design. Advance system verifying apparatuses which are proposed before can likewise be utilized for this reason. When the MAC address is obstructed, the gadget will never again appear in DHCP customer table. This will guarantee that the client or the gadget has been totally expelled from the system. Moreover, IP output of the system will likewise demonstrate the rundown of the IP delivers associated with the system. On the off chance that the fixed IP delivers are relegated to every gadget and its data is store arrangement database, an obscure IP address will be effectively recognized. Remote arrangement the executives can be utilized to acquire the MAC address of that IP client. When the MAC address is gotten, it can likewise be blocked utilizing remote setup the executives.
Analyze Wireless Traffic
The last advance CIR is to break down the traffic of the remote system. Pre-caught records of remote traffic from organization's system are given to investigate the system. These pre-caught documents can be utilized to screen representative exercises. By contrasting pre-caught records and the present traffic will distinguish and suspicious or noxious conduct. Breaking down traffic of the system. The fundamental motivation behind dissecting remote traffic is to guarantee that information is verified and no gatecrasher is invading through organization's traffic. The best approach to screen remote traffic is to utilize arrange design the board and validated access. This will guarantee dependable checking of the traffic and will verify information transmission. Verification gets to likewise enables the organization to keep record of the logins and addresses of the gadgets which are associated with the organization's system. Including secure logins will further improve the security of the system. Most organizations scramble their information before moving between various gadgets which guarantee the security of remote traffic. Virtual Private Network (VPN) and point to point encryption are utilized filling the need masking the traffic from the assailant. The last wilderness of verifying a remote system and its traffic is' organization. An organization needs to keep up the security of the system by making different strides after the establishment of secure remote system (Bauer, 2004). The means incorporate customary checking of the entrance logs and standard observing of the system traffic. Standard checking can help in recognizing any deficiency in framework, arrange entrance, information rupture, undesirable access logs, and MAC parodying. Additionally, cautious observing can likewise help in recognizing who is disregarding the organization's system approach. To introduce a smart traffic checking framework in the organization's system, thee various segments must be introduced. The first part is the observing unit which screens the traffic at various focuses inside the system. The next part in smart checking framework is the putting away unit. An organization's stockpiling servers can be utilized to store traffic logs. The most significant piece of the observing framework is to introduce a keen anticipating unit. This determining will help in recognizing danger or flaw inside the framework and will likewise upgrade the exhibition of the framework. Gauging unit has total access to the put-away logs, it can foresee that what can turn out badly or what sort of interest is required at explicit time. Introducing this sort of keen framework will require endeavors and time. There are numerous merchants who are giving such a clever observing arrangement which can be over the top expensive.
Conclusion
Perimeters Security was assessed. The network perimeter implementation lapsed and failed to protect the perimeter security within the network of GFI. The internal network is protected by the two border router. This helps the border router filter and contain the incoming traffic, it also highlights the vulnerabilities within the security measures that are applied. Moreover, the recommended method to secure the network traffic security is to use a security appliance to secure the GFI network perimeters from irregular intrusions. In addition to this activating port, security would have protected and secured the unauthorized machine attached to the network.
The company liberates the employees to their own devices such as laptops, smartphones, and tablets. This reduces the cost of IT devices. Implementing the BYOD policy has its own risks, the GFI networks cannot secure them. To manage such risks, company’s management should introduce applications such as VMware Air Watch to contain the threats related to BYOD. The application is an intelligence-based app, that secures digital workspace platforms. It securely delivers and manages any app on any device by unifying the access to control, and multi-platform endpoint management.
To further protect the network, Remote access is used to access the area. Remotes access undertakes the dial-up system, which is a conventional threat protection system, not used anymore. It is recommended that the traditional remote access system shall not be used anymore and the CVPN should be actively applied to secure the network. Removing the remote access dial system will not add to the GFI system. In order to comprehend and full establish a VPN remote access L2TP/IP sec protocol must be applied. This will enable protection to data in case of connection from remote to the GFOI network. Applying and effectively establishing this would reduce and limit the intrusion in the GFI financial data stored in the server Oracle DB. This system will also require a DMZ and Firewall.
Two security measures are further required to keep the GFI network safe. These two security appliances could be the firewall and the DMZ, which may stop the incoming traffic from intruding within the existing system. The alerts and the logs may be useful in informing, detecting and investigating timely threats, but these devices cannot provide active threat protection. The essential requirements for the security mechanisms are to provide active and passive protection against intrusions. The Firewalls only provide automatize response against the active threats. This security mechanism filters the traffic and limits the irregular and unwanted traffic in the network (see fig. 2). The costs of the two-security appliance are estimated at $13700.
Cloud computing will address the implementation of cloud services using a testing environment with a virtual environment, this identifies areas where security vulnerabilities persist. The organization may use a cloud design that is utilizing internal storage and moving some data on the cloud and hence securing it through it. This secures data and optimizes the intrusion through control mechanisms.
Another way to secure the network is to enhance and effectively the wireless security protocol. Wired Equivalent Privacy is a pioneer in protecting wireless access security. The WEP is not a popularly recommended method to secure a GFI network. The IEEE standard 802.1X or user-centric security is powered by the GFI wireless authentication system. The IEEE 802.1 is not a standard wireless protocol it can only be implemented with both a wireless and wired network. The technology issues authentication framework and ways to distribute keys of encryption. The WEP works with the WPA2 that assigns a static key and gives a system authentication.
The web access protocol such as the DMZ and the Firewall specifically designed to protect Global Finance Incorporation internal networks from incoming threats and viruses
Executive Summary
The motivation behind this paper is to give Security Assessment report to significant media and diversion organization. The organization has started a Bring Your Own Device (BYOD) strategy which results in numerous security episodes. The BYOD strategy of the organization has expanded the helplessness of the organization's system framework. This paper will likewise give the suggestion and new security arrangement which will guarantee the general wellbeing of the organization's system. Utilizing a rule by National Institute of Standard and Technology (NIST) for verifying a Wide Area Network is utilized for structuring remote and BYOD security plan. In remote and BYOD security plan, the standard design of every part of the organization's WLAN system will be utilized. Notwithstanding institutionalized setup, the digital executes chain structure is broke down while planning the system security plan for the organization. Next, a component is intended to follow the area of the organization's benefits. Layered security will be introduced in the organization's system framework to hinder the aggressor's entrance. Macintosh ridiculing is a major risk as it is utilized by most person who needs to harm the organization. Arrangement number examination can be utilized to recognize MAC parodying or data fraud. The arrangement number field of 802.11 casing header has a number field of 12 bits (Hegde, 2016).
The organization has a choice of introducing both wired and remote system, both have their advantages and disadvantages. A remote system gives simplicity of portability and gives similarity the most recent gadgets. A wired association has no remote passage, it hard for an interloper to infiltrate the framework. The organization's remote system can be effectively arranged to shared keys utilizing the WPA PSK convention which offers 256 characters created key for the passageways. The organization's system framework can be effectively made FIPS-1040-2 consistent, by utilizing the WPA2 security convention. The organization's remote traffic will be checked by presenting astute observing of the framework. smart checking will guarantee the general wellbeing of the organization's remote system. The test with redistributing the corporate system security to outside organizations to deal with the IT framework ought not be standard practice to redirect cost investment funds in the long haul re-appropriating could conceivably accomplish more damage than shielding the system from outside interruption. This examination finishes up the vulnerabilities distinguish in this evaluation can be relieved by the IT staff. A business progression plan is fundamental in case of an absolute blackout of system benefits, a border resistance to ensure the system is required, by actualizing a screened subnet firewall topology will improve security, expelling dial-up administration ought to be the standard practice since utilizing dial-up is an obsolete innovation. In the present processing condition executing distributed computing ought to be the standard and not the exemption of utilizing this innovation will decrease the IT framework support and redesign expenses
.
References
BIBLIOGRAPHY A Householder, K. H. (2002). Computer attack trends challenge Internet security. IEEE Journal. Retrieved from https://ieeexplore.ieee.org/abstract/document/1012422
B Cashell, W. J. (2004). The economic impact of cyber-attacks. CRS. Retrieved from http://archive.nyu.edu/bitstream/2451/14999/2/Infosec_ISR_Congress.pdf
Bauer, B. (2004). Network traffic monitoring. Google Patent. Retrieved from https://patents.google.com/patent/US20040047356A1/en
Dhawan, S. (2007). Analogy of promising wireless technologies on different frequencies: Bluetooth, wifi, and wimax. IEEE.
DP Johnson, D. R. (2009). Method and system for creating a demilitarized zone using network stack instances. Google Patentes. Retrieved from https://patents.google.com/patent/US7633864B2/en
Hegde, A. (2016, January 1). MAC Spoofing Detection and Prevention. International Journal of Advanced Research in Computer and Communication Engineering, 5(1), 230,231. Retrieved from https://ijarcce.com/wp-content/uploads/2016/02/IJARCCE-55.pdf
J Fraley, N. C. (2004). Mobile device management system. Google Patents. Retrieved from https://patents.google.com/patent/US20040252197A1/en
JC Chen, Y. W. (2005). Extensible authentication protocol (EAP) and IEEE 802.1 x: tutorial and empirical experience. IEEE communications magazine. Retrieved from https://ieeexplore.ieee.org/abstract/document/1561920/
K Zhu, B. M. (2002). Traffic grooming in an optical WDM mesh network. IEEE Journal. Retrieved from https://ieeexplore.ieee.org/abstract/document/974667
KW Miller, J. V. (2012). BYOD: Security and privacy considerations. It Professional. Retrieved from https://ieeexplore.ieee.org/abstract/document/6320585
Perkins, C. (1992). Network address management for a wired network supporting wireless communication to a plurality of mobile users. Google Patents.
S Norman, D. H. (2006). System and method of controlling access by a wireless client to a network that utilizes a challenge/handshake authentication protocol. Google Patents. Retrieved from https://patents.google.com/patent/US7082535B1/en
SR Chaplan, F. B. (1994). Quantitative assessment of tactile allodynia in the rat paw. Journal of neuroscience. Retrieved from https://www.sciencedirect.com/science/article/pii/0165027094901449
Zalenski, R. (2002). Firewall technologies. IEEE potentials. Retrieved from https://ieeexplore.ieee.org/abstract/document/985324/
Subject: IT
Pages: 15 Words: 4500
Executive Summary
GFI is a worldwide foundation offering financial servicing and items over the United States and encompassing nations. The company confronted difficulties prompting capital loss of assets to clients and jeopardization of business integrity to the all-inclusive community while directing business. At a certain point, fortune magazine highlighted the company for their scaling operational management strategies. Also, the key takeaway in this composing is to show the rationale, procedures, and steps associated with deciding vulnerabilities and moderating dangers for the the company WLAN. The company loss of capital of up to 1.7 million throughout the long periods of business due to digital incidents that brought about payouts to clients and bringing into inquiry to people in general about the company’s confidentiality, integrity, accessibility security rehearses. The rating of vulnerabilities ranges from extremely high hazard to generally safe contingent upon the shortcomings found and the execution of procedures towards them. The inclusion of the assessment ranges to these particular regions of interest: the whole WLAN, WAP and remote security, encryption methods, WLAN policies, convention use, and edge security.
Inventory Asset Analysis
The company has a noteworthy interest in physical asset investment and inventory management. Every class of gadget is essential to the general WLAN; in any case, these assets are organized dependent on the sum hazard they weigh dependent on expense and effect they have on accessibility of the WLAN. On the off chance that the user workstations were lost, the company representatives would not have the capacity to process client data or complete solicitations. This would make a huge misfortune every day operations of the association, which implies lost income.
The company’s internal servers are a high-chance asset on the grounds that without those essential WLAN services, the framework is constrained or non-utilitarian. User workstations and different gadgets depend on these WLAN services to most likely communicate over the WLAN and with different branches. Likewise, the outskirt, appropriation, and access layer switches and switches are a high need in light of the communication mediums they give.
Also, the communication over the WLAN would be affected in the event that at least one of these switches were lost. Be that as it may, in light of the fact that there are redundancies set up, the WLAN would in any case have the capacity to work yet possibly at a lower threshold. The effect of the vpn passages is high a result of the branch areas. The hazard here is that different branches may have no entrance to the inner client database which specifically impacts day by day operations and the capacity to compete demands.
The printers allocated to Private Branch Exchange/ remote access server, and remote passageways are lower need since day by day operations can proceed without them. Frequently nowadays, printing is an extravagance and not completely required. The remote access server is for dial-up remote users however is a lower utilized situation these days. If remote access, somehow happened to be lost, wired is as yet a suitable alternative, representatives would just not have the capacity to be as versatile as previously.
Following table lists the assets in Priority order:
Priority
Asset
1
Oracle Database Server
2
SUS Server
3
File / Printer Server
4
Internal DNS
5
Intranet Web Server
6
E-mail Server
7
TCB Workstation
8
CISCO Switches
9
VLAN Switches
10
Department Workstations
11
Distribution Routers
12
VPN Gateway
13
Remote Access Server
14
Private Branch
15
Exchange Branch
16
Core Routers
17
Wireless Router and Antenna
Vulnerability Assessment for Remote Access
The company’s WLAN have both internal and external WAP. Internal routes incorporate wired user workstations and remote access, while, the external passageways incorporate the remote dial-up and vpn associations. As of now, the company has no edge security for its topology. While the fringe switches can sift through some traffic, they are extremely helpless due to being straightforwardly between the untrusted internet and the internal WLAN. This sort of equipment set-up is helpless against denial of service (dos) incidents in light of the fact that the outskirt switches are the sole channel (wilkins, 2015). The company has been encountering a spike in WLAN traffic over these switches and it is hard to state who or what is causing the expansion. To all the more likely help guard the WLAN, secure firewalls ought to be actualized to include an extra layer of security for separating traffic coming in.
The company allows the remote access of applications and services for remotely connecting to the systems with in a WLAN without any continuous monitoring of WLAN. So such WLAN can be exploited easily and creates several threats for the critical data. Unfortunately, the company is not using such technology of remote access securely by neither updating the tools of remote access and nor configuring it according to best practices of security. It has been believed that more than ninety percent of security breaches are done through remotely access servers.
Although vpn encryption and authentication system of the company are strong, but its current infrastructure is still vulnerable for attacking if the server of vpn can be bypassed.
in this WLAN it is clearly shown that all the wireless client can access the WLAN with the help of wep for associating with an hotspot which can help the hacker to get a private ip easily and can successfully break into the intranet of the company.
The company is using wep to provide wireless security to its byod users but now many WLAN engineers believe that wep has some critical drawbacks and it is not sufficient for the security. In this WLAN client is configured for using wep in order to associate with the aps (WAP) but it does not provide any particular security level. The protocol is wep of weak fundamentally because it uses a key of static encryption as a result of which hackers can easily crack the encryption of wep through using free tools of hacking.
WLAN engineers have revealed the breakthrough of ms-chap v2 authentication to an encryption of single des (2^56) regardless of length of password. With the help of man in the middle attack the hackers can get all the secret data between the authenticator and client. There are several vulnerabilities in such algorithm which can combine together for the success of such kind of attack.
The company also lacks a physical security control of their access WLAN which creates a risk of device theft or loss.
Internal Analysis
The greater part of the company’s internal WLAN services are housed at central command inside the trusted computing base (tcb) internal WLAN. The tcb is intended to empower a top down secure condition for the internal servers by having numerous controls set up that all work together [2].
Nonetheless, as observed with the past incidents on assets that live in the tcb, there are some security imperfections present. Internal users just as external or remote users approach assets inside the tcb. Internal users ought to have effectively validated to the physical WLAN, so they for the most part approach these assets. External users get entrance either through a vpn passage or dial-up association through a Private Branch Exchange and remote access server. Be that as it may, as recently talked about, the vpn at present does not encrypt traffic and the dial-up association is obsolete and has security defects. While the tcb may appear to be physically secure, it isn't consistently secure because of the insecure conventions utilized inside the internal condition.
Workers right now have the choice to interface with the WLAN assets remotely through a dial-up association through a Private Branch Exchange and remote access server. The Private Branch Exchange straightforwardly associates with the open changed phone WLAN to take into account dial-up associations with the the company WLAN. At present, there are actually no security measures set up to shield the Private Branch Exchange from the external dedicated. This implies each association ask for that it gets, it will endeavor to process through the remote access server. This makes the Private Branch Exchange extremely defenseless against beast power and dos incidents through the phone framework [2].
In spite of the fact that the possibility of an assailant picking the phone framework to get entrance may appear to be fantastical, it is entirely conceivable particularly when different techniques for passage are hardened to deny unapproved access. This innovation is maturing, so more up to date framework overseers are not familiar with how the dedicated functions and the associated equipment that interfaces with it. In any case, it is as yet an immediate line from an external WLAN to the company’s internal WLAN and should be tended to and secured.
The most straightforward approach to moderate this hazard is to remove the alternative for users to go through the dial association for WLAN access. The company should just offer a vpn association for remote access as it is substantially more secure and decreases the external WLAN WAP. One would likewise assume that the company is as of now using Voice over IP (VoIP) for their voice services which takes a shot at a similar WLAN and uses indistinguishable assets from data. VoIP is a less expensive, progressively scalable, and more reasonable choice than the customary telephone lines [2]. VoIP additionally takes into account in house management as opposed to having external telephone company professionals requiring physical access to various zones of The company’s central station at whatever point there is an issue. This choice could completely wipe out The company’s unwavering quality on the dedicated and moderate the dangers associated with it.
Security Improvement
Monitoring-Based solutions will be effective in such type of wireless WLAN. Detection of hidden wireless routers is very critical because in this scenario WLAN security is compromised as in this scenario non-VPN-authenticated user can gain the access to the WLAN of the company bypassing their VPNs server. So monitoring the cross-traffic which is the traffic from the station of wireless that is not authenticated to the server of VPN but to another station of wireless is key to detect the hidden wireless routers. Such traffic can be identified with the help of sniffer as it has the ability to identify the cross traffic.
Solution of Access-point based can react to a detected Hidden Wireless Router for preventing it from operating. WAP can use frame filtering which is based on the MAC destination and source address. This help WAP to take into account only authorized IP address which can help them to allow or deny cross traffics.
The unauthorized access to the remote server can also be prevented by using the certificates of the server. The Company authentication must have a trusted or identified certificate which is issued by the higher authorities of IT department in the type of private certificate. The WLAN can verify that user it is contacting has the trusted certificate and can be allowed to access the WLAN. In BYOD platforms JoinNow can be used for configuring the device in order to check for particular certificates and also to verify that it is connected to the authentic WLANs.
In order to mitigate the issues associated with the WEP, Wi-Fi Protected Access (WPA) can be used which is considered to be the much stronger algorithm of encryption than WEP. Both these protocol uses the same encryption and decryption method but have different master keys. WPA uses a protocol of temporary key integrity that dynamically transforms the key when packets of data are sent to the WLAN. As the key is changing constantly, it can make the cracking of key more complex than that of WEP.
Moreover, MS-CHAP v2 is easily crack able so in order to fix this issue GIF should use PEAP or adopt a more tunnel of secure VPN like SSTP, VPN Reconnect or L2TP.
Remote access Interface Vulnerabilities
The remote system is considered to be the most significant vulnerabilities in the WLAN. It allows the hackers to access direct channel to the intranet of the company and after entering into the intranet they can do everything they want. In such type of infrastructure overflow technique of buffer can be used for forcing execution of remote code on the machines of the company.
Wireless WAP are considered to be the insecure regardless whether the encryption is used or not. This remotely access WLAN is very convenient but it is very difficult for understanding it when it comes to vulnerability. This remote access can give the hackers a path for compromising the WLANs of organization and gaining access to the critical data. If the hacker can gain the access to the remote access infrastructure, it can easily gain access to the internal system of the company. Moreover, the most severe disadvantage of this WLAN is that there is no firewall installed in this infrastructure which can easily allow the hackers to hack the WLAN and can remotely access to the internal WLAN for breaching the data.
In order to prevent the vulnerabilities of remote access infrastructure methodology of testing can be used which is then divided into three phases such as Profiling, Assessment, and Exploitation.
In profiling phase, the techniques of information gathering such as fingerprinting, foot-printing, and enumeration can be performed for gathering enough information about the company’s remote access infrastructure. Such techniques can help to identify the supported modes, encryption hashes or algorithms, and authentication protocols such as digital certificates or pre-shared key. Both manual and automated assessment of vulnerability can be performed in the assessment phase on the basis of the information gathered from the profiling phase against the remote access infrastructure of THE COMPANY for ensuring that all unknown and known vulnerabilities can be identified. In this phase following techniques can be used:
Lack of Patching- identifies the out-of-date services and systems.
Force Aggressive Mode- gives the possibilities for enabling mode of insecure aggression.
Capture Pre-Shared Key- gives the possibilities for capturing the pre-shared key.
In the exploitation phase THE COMPANY can try to validate and exploit identified vulnerabilities existence. Both offline and online techniques of password cracking can be performed against the hashes of password. In case of successful exploitation THE COMPANY can escalate privileges within WLANs, host, and applications. After knowing all the possible vulnerabilities effective measurements can be done to prevent all the cyber-threats to the organization. It is considered to be the most significant technique of cyber threat prevention.
Installation of up-to-date firewall is necessary for ensuring the rules of inbound which provide sufficient protection. Without firewalls every WLAN is considered to be insecure and can easily be accessible by a junior level hacker. THE COMPANY should limit its remotely access WLAN and can provide access to only those who needs it. The credentials for remotely access the WLAN should not be shared with anyone and everyone must have a unique password and username.
Intranet
Internal machines connected through the VPNs to the external WLAN can be considered somewhat in terms of security risk as internal WLAN of this company is connected to the internet with very less security controls. The webserver can be accessed from both outside and inside the WLAN so it can be used for creating a gateway of attack and can also compromised other machines of internal WLAN. The worst scenario of web server is that it can allow the user to modify or upload the data which is hosted on the webserver at some point. So for the instance hacker can insert malicious data into the content of webserver such as links to the code of exploitation and then can be automatically or transparently accessed by any users through browsing the web server.
Solution of Web Servers
In order to prevent the webserver of the company from any vulnerabilities it is necessary to identify the flow of WLAN regarding request. If one can get the information regarding the flow of regular WLAN which the server is supposed to send or receive, then he can check and allow the request or content while the other flow or traffic would be prevented to enter with the help of an effective firewall. It is considered to be the measure of WLAN isolation which can decrease the threats of malware spread or any intrusion which can get deeper. It should also be ensured that there must be no way for directly requesting the web servers and through by passing the filtering layers of security and the users should not have any possibility for directly utilizing the LAN. Another efficient way to overcome such vulnerabilities is to deploy the detection system of WLAN intrusion which can block or detect the malicious requests of WLAN. In this scenario MAPP is the best option which is also considered to be the official partner of Microsoft. Deployment of Firewall of Web Application as a webserver front end can play an important role in overcoming the vulnerabilities of the server. It will allow to strengthen the control of requests and also to tighten the filter for matching the specifications of the web applications. ModSecurity can be best solution for this vulnerability. URLscan can also be helpful in this regard for securing the data inputs, URL, and the protection against the injection of code.
Cloud Computing Policies
Cloud computing has become the technological turning point that is rapidly taking the business and economic domains to the new levels of global consumerism and connectivity. As the selection and transitioning of the Cloud Computing is expanding with the time, the consumers are also reporting a few issues and breaches over the cloud computing environment. In addition, these issues are generally legal and architectural loopholes and vulnerabilities that are debilitating the future and the security of the consumers, suppliers and the cloud computing services as well (Carlin & Curran, 2011). There is a genuine need to take measures against these issues to make the cloud computing more effective and reliable wellspring of showcasing and business (Carlin & Curran, 2011).
The major contributors of the internet business and the cloud computing service providers have made their own policies to handle these issues; however, the principle issues still hold on the cloud environment. Keeping in mind the end goal to handle these issues there is a prompt need to frame the law under the federal government that must be actualized for all the cloud computing concerned authorities (Carlin & Curran, 2011). Any company, client or supplier conflicting with this law ought to be held culpable and liable to keep the spirit of the cloud computing intact and thriving.
Gartner, being the market leader has composed certain policies and regulations (Heiser & Nicolett, 2008) as a startup for the need of comparative laws and legislation. Till now there are no proper federal laws, legislations or procedures for controlling the misuse or abuse of the cloud computing environment.
Gartner, that has also established the Global IT Council (Heiser & Nicolett, 2008), as a collaborative platform between the cloud service providers and consumers by defining six rights and one responsibility for the cloud computing consumers (Heiser & Nicolett, 2008). Following are the procedures defined by Gartner for the foundation of Cloud Computing Legislature:
Right to retain the ownership
This policy clarifies that the consumer must withhold the ownership and the rights of their own data and their intellectual property.
Right to Service Level Agreements
The cloud consumers must indicate their philosophy of the remediation or the recuperation of the data exploitation.
Right to know of warnings and changes that may influence the consumer
Right to know about the technical framework and the requirements
The cloud service suppliers must clarify their technical framework and the requirements completely to their clients with the goal that they may not confront any legal issues later on furthermore let the consumer arrangement out his work on the premise of these technical clarifications.
Right to know about the legal architecture over which the Cloud Supplier Operates
The consumer must research about the legal infrastructure over which the cloud supplier is processing. This important to know how secure your business with the respective supplier is.
Right to Know of the Security Measures
The supplier of the cloud service must let its client know about the measures and their methodologies they have detailed to keep the security of the client's business over the cloud intact.
Responsibility to Understand the Software License Requirements
The consumers must comprehend the requirements to accomplish the legal rights of any software or adware that they might requirement for their business or comparative use.
Similarly, the Microsoft (Martin, 2010) have also started forcing the federal government and the congress to figure the legislation for the broad utilization of the cloud computing services. The Microsoft has stressed for this stride remembering the colossal blow in the utilization of the cloud service by a large portion of the business holders (Martin, 2010). The legislation must give complete assurance to the consumer and in addition figure the regulations in a manner that the dangers to the service might decrease to the base level and make this cloud service a productive and efficient. (Martin, 2010).
Cloud Computing Security Features
Each time a breach or security exploitation happens, data is lost due to hacker’s incident or intrudes, and the inquiry emerges about who ought to be considered responsible for this carelessness or the misfortune. The cloud consumers are frequently left all alone and bear the misfortune without any compensation. As a prompt thought, the respective issue can be resolved by planning associations alongside the IT technicians for redoing their architectures, domains and brain frames according to the requirements of the Cloud Computing. At exactly that point the transition from the traditional to cloud computing will be a smooth and attractive one.
Risk Assessment and Recommendations for WLAN Security
Perimeter Security
The most astounding need defenselessness to address on the company WLAN is the absence of edge security. At present, the whole internal WLAN depends on the insurance offered by the two fringe switches. Switches alone channel through some traffic yet are unequipped for properly securing the whole WLAN. With the ongoing spike in rush hour gridlock coming into the WLAN, there is no chance to get for the switches to channel through every last bit of it. This implies there could be noxious users utilizing the WLAN at the present time. The company WLAN requires a firewall to be set before the switches that have direct contact with the untrusted network. These firewalls equipped for sifting through all usage and deny possibly destructive usage from utilizing the WLAN. Without protection components set up on the edge of the company WLAN, it would not be troublesome for a malevolent user to access the WLAN and every one of that data put away there. This recommendation requires the buy of two firewalls and would cost roughly ten thousand dollars for two endeavor level firewalls. For a propelled dimension of assurance, a mark based Intrusion Detection Systems (IDS)should be actualized. IDS frameworks screen WLAN exercises and produce reports that IT work force can break down and use to all the more likely protect the WLAN. The IDS components combined with the firewalls will check all outbound and inbound usage. An IDS fit for securing the whole WLAN can be bought for roughly ten thousand dollars.
The current VPN utilized is unencrypted. To moderate this and guarantee usage being transmitted from site to site isn't intercepted IPSec will be utilized. IPSec guarantees data confidentiality and integrity while in course starting with one area then onto the next.
Linking business objectives with security
In order to succeed and develop properly, the SMEs must link and bind their organizational and business objectives with the security measures (Piazza, 2013). It is the responsibility of the managers and in accordance to the modern objectives of technologists as “primarily technologists predominantly focused on keeping bad people out. Now we see them as significant protectors of the brand, leaders of risk management for the organization, at least within IT, as well as a significant part in most organizations’ compliance with regulations” (Piazza, 2013). This is important because the major and most valuable asset for SMEs is their information and data that is also responsible for building their market reputation and help them expand by competing with market giants (Piazza, 2013). Therefore, their ultimate goal is to keep security on top of their organizational objectives. Later, all of the objectives and goals must ensure proper information security, otherwise, they can land in severe trouble and challenges that may involve legal issues, information theft, and reputation put at stake, etc. (Piazza, 2013)
Incident Response Management and Disaster Recovery
In the world of information security the incident response is a trait of companies, in which they primarily claim the guarantee of information sanctity and to control that feature of information the events that involve such transactions are deeply evaluated and a program is continuously detecting for any factor that can lead to breach in the information CITATION Ers05 \l 1033 (Ersatz, 2005). The managing of security in such technological events requires a complete form of incident management. This incident management specifically is designed for the understanding of the response of the company to those aspects and reduce the damaging made by due to that incidents CITATION Ers05 \l 1033 (Ersatz, 2005). There are two teams included in the incident management department of any company; among those one team is process team and the other is evaluating team that evaluates the impact of the damage. It is a major component of any company and is acting on daily basis by detecting the threats and vulnerabilities and this evaluation routine is setup on the basis of diversity found in company’s portfolio and its dependence on the external network to communicate and diversify through the usage of external networking CITATION Isa07 \l 1033 (Isaca, 2012). If the incident management program is sound then only the number of such issues happening can be reduced.
Mobile device security management
One of the characteristic features of SMEs is that they are small in scale but they are extensively interconnected with extensive use of networking technology and mobile gadgets such as smart phones, tablets, etc. This is to help them virtually connected rather than physically connected that needs much more financial investment (such as purchasing buildings, etc.). (IBM, 2013) This interconnection, however, is not safe and is extremely vulnerable against mobile security risks involving data breaches, loss of confidential data, eavesdropping, etc. Done by malicious attackers and even market competitors, such risks can lead to severe loss of reputation and can degrade the establishment of brand power (IBM, 2013). Therefore, it is important that SMEs must ensure and deploy proper Mobile Device Security Management. Mobile Device Security Management is formally defined as “Facilitating mobile device management remotely, including asset, software, configuration, and security management.” (Symantec, 2013)
Remote accessibility and mobility of the employees need to be controlled and managed through proper Mobile Device Security Management. Some of the measure and objectives that can be taken to ensure this security are proposed a very well-known Mobile Device security providing organization named Symantec that not only supports the management but also provides guidelines and roadmap for the security managers. According to Symantec.com following procedures are specified that can help in reducing the overall risk and exposure for the mobile devices: “Achieve real-time systems management including remote device reset; Mobile device manager gives IT the ability to have remote control of smartphones; Conduct over-the-air hardware, software and network inventory; Effective mobile software management, including software delivery and automated application repair; Create ad-hoc reports; Mobile device manager seamlessly integrates with Symantec security solutions, including file encryption, device lock and device wipe” (Symantec, 2013). These strategies and approaches can help the IT managers in minimizing the possibility of IT related vulnerabilities and risks.
Biometric security devices and their use
In order to control authorization and authenticity of the employees and officials that have access to the sensitive information, data and other confidential assets of the company. For this purpose, Biometric Security Devices can help in protecting the physical authorization and accessibility for the SMEs. In order to deploy Biometric security devices, it is important for the IT managers to create complete profile and documentations of the authorized employees (Jain, Hong & Pankanti, 2000). This can also involve certain ethical and legal issues. Yet it is one of the most secure and fool proof authorization methodology.
References
Krutz, R. L., & Vines, R. D. (2010). Cloud security: A comprehensive guide to secure cloud computing. Wiley Publishing.
Grobauer, B., & Schreck, T. (2010, October). Towards incident handling in the cloud: challenges and approaches. In Proceedings of the 2010 ACM workshop on Cloud computing security workshop (pp. 77-86). ACM.
Munteanu, V. I., Edmonds, A., Bohnert, T. M., & Fortis, T. F. (2014, December). Cloud incident management, challenges, research directions, and architectural approach. In Proceedings of the 2014 IEEE/ACM 7th International Conference on Utility and Cloud Computing (pp. 786-791). IEEE Computer Society.
Wolthusen, S. D. (2009, September). Overcast: Forensic discovery in cloud environments. In IT Security Incident Management and IT Forensics, 2009. IMF'09. Fifth International Conference on (pp. 3-9). IEEE.
Gupta, R., Prasad, K. H., Luan, L., Rosu, D., & Ward, C. (2009, September). Multi-dimensional knowledge integration for efficient incident management in a services cloud. In Services Computing, 2009. SCC'09. IEEE International Conference on (pp. 57-64). IEEE.
Zhang, X., Wuwong, N., Li, H., & Zhang, X. (2010, June). Information security risk management framework for the cloud computing environments. In Computer and Information Technology (CIT), 2010 IEEE 10th International Conference on (pp. 1328-1334). IEEE.
Sarkar, S., Mahindru, R., Hosn, R., Vogl, N. G., & Ramasamy, H. V. (2011, March). Automated Incident Management for a Platform-as-a-Service Cloud. In Hot-ICE.
Carlin, S., & Curran, K. (2011). Cloud computing security.
Heiser, J., & Nicolett, M. (2008). Assessing the security risks of cloud computing. Gartner Report.
Martin, T. D. (2010). Hey-You-Get off of My Cloud: Defining and Protecting the Metes and Bounds of Privacy, Security, and Property in Cloud Computing. J. Pat. & Trademark Off. Soc'y, 92, 283.
Anning, R. (2013). 10 steps to online security for SMEs. Economia.
B. Khoo, P. Harris, and S. Hartman. Information security governance of enterprise information systems: An approach to legislative compliant. International Journal of Management and Information Systems, 14(3):49–55, Third Quarter 2010.
Boon, O. C. (2010). The Need for Good Information Security Management in Small to Medium Size. Java.sg, 13.
Ersatz. (2005). Information Technology- Security techniques-Code of practice for ISM. SNV Schweizerische.
Fink, Steven (2002). Sticky Fingers: Managing the Global Risk of Economic Espionage. Chicago: Dearborn Trade. p. 368. ISBN 978-0-7931-4827-1.
IBM. 2013. Hosted mobile device security management. http://www-935.ibm.com/services/us/en/it-services/managed-security-services-cloud-computing-hosted-mobile-device-security-management.html
Isaca. (2012). Incident Management and Response. ISACA.
McAfee. 2013a. Mobile Security. http://www.mcafee.com/us/products/mobile-security/
McAfee. 2013b. Security Awareness Program Development & Training. http://www.mcafee.com/us/services/strategic-consulting/program-development/security-awareness-program-development-and-training.aspx
PRC. 2013. Workplace Privacy and Employee Monitoring. https://www.privacyrights.org/fs/fs7-work.htm
Siemons, F. (2012). Security for Small and Medium Enterprises. InfoSec Resources.
Symantec. 2013. Business Challenge: Mobile Device Management. http://www.symantec.com/mobile-device-management
T. Aura, P. Nikander, and J. Leiwo. Dos resistant authentication with client puzzles. In Proceedings of the Cambridge Security Protocols Workshop 2000, LNCS,, April 2000.
V. Dimopoulos, S. F. (2004). Approaches to IT Security in Small and Medium Enterprises. Research Gate, 9.
Piazza, Peter. (2013). Aligning Security With Business Objectives. http://www.securitymanagement.com/article/aligning-security-business-objectives
Gilad, Ben. "The Future of Competitive Intelligence: Contest for the Profession's Soul", Competitive Intelligence Magazine, 2008, 11(5), 22
Fuld, Leonard M., Competitor Intelligence: How to Get It, How to Use It. NY: Wiley, 1985.
Blenkhorn, D. and C.S. Fleisher. Competitive Intelligence and Global Business. Westport, CT: Praeger, 2005
Jain, A., Hong, L., & Pankanti, S. (2000). "Biometric Identification". Communications of the ACM, 43(2), p. 91-98. DOI 10.1145/328236.328110
Herman T. Tavani (2004). Ethics & Technology: Ethical Issues in an Age of Information and Communication Technology. New Jersey: John Wiley and Sons, Inc..
Subject: IT
Pages: 15 Words: 4500
Risk Management Framework, CIA and security policy
[Name of the Writer]
[Name of the Institution]
Risk Management Framework, CIA and security policy
Introduction
In this new world of technology, every organization is adopting technology for their business operations. Every operation relies on the technology in this new world. There are many benefits provided by the technology as well as there are a lot of problems created by the technology for organizations. The companies are having a concern regarding the privacy of their confidential data and the privacy of their customers. They need to find out the way by which they can protect access to their sensitive data and increase their data security.
Discussion
Data security is the major concern for all the organization these days. It is commonly referred to as confidentially and integrity of data. Data security needs to make sure that the data is only accessible to the authorized individual or groups. The methods to increase data security should make sure that the information which is not required should be destroyed. They should only focus on collecting the data which is necessary and keep it safe. The company needs to make sure that there IT staff are aware of how they can secure the confidential data of the company. The IT staff needs to find out any vulnerabilities in the current IT's infrastructure to make sure that hackers can't access any private data of the company and their clients.
The company needs to monitor the activities of their employees to make sure they are not violating any privacy statement of the company. The servers and operating systems of the organization needs to be properly configured, and the rules for the management of accounts and passwords are clearly defined so that only authorized people can have access. Confidentially, integrity and availability is a model which is also known as CIA is being used by organizations to guide their policies. Confidentially is referred to prevent data from the access of the wrong people, Integrity includes maintaining the consistency & accuracy of data and Availability includes maintenance of hardware problems (Von solms & Van Niekerk, 2013).
Conclusion
Cybersecurity is the solution to all these problems as it provides the protection of systems including software and hardware to protect them from cyber attacks. It is being used by many enterprise organizations to protect their data from unauthorized individuals and parties (Klimburg, 2012). CIA is a model which is very helpful in guiding the policies for information security in an organization, and it must be used by every organization to protect their data from hackers.
References
Von Solms, R., & Van Niekerk, J. (2013). From information security to cyber security. computers & security, 38, 97-102.
Klimburg, A. (Ed.). (2012). National cyber security framework manual. NATO Cooperative Cyber Defense Center of Excellence.
Subject: IT
Pages: 1 Words: 300
Run/ Playbook Part 1: Malware
[Name of the Writer]
[Name of the Institution]
Run/ Playbook Part 1: Malware
Scenario
With the increase in technology, Malware attacks are becoming very popular. The most common type of Malware attack these days is Trojan horse. A Trojan horse is a type of malware which misleads the users by bluffing them. It is a malicious program which contains the virus that hackers used to get access to the systems. A recent malware attack occurred to me in which hackers tried to access the sensitive data of the company. The malware attack which they used to attack my system was Trojan horse (Chunming, 2003). I recently installed software which I found useful, but it was designed to access the sensitive data from my system. The system started to crash and freezes repeatedly. There was a weird increase in the usage of internet on the system. Antivirus stopped working and applications opened up unexpectedly. It’s challenging to find Trojan virus because usually people consider every software useful and they don't know what is happening at the backend.
The trojan can be of different types. When they are activated on the system, they may annoy user by deleting their files and destroying their information from their system. Some Trojans are even dangerous then malicious software’s because they are designed to be more annoying. The most important thing to rescue yourself from these viruses is to download software’s which are from verified sources. Don't download or install software's which are not from a verified source because you don't know whether it is a software or Trojan attack if anyone suffers from a Trojan attack that individual should suddenly turn of the internet to avoid severe damage (White et al., 2017). Trojans also provide access at the backend to the hackers so that they can access your personal information. They cannot harm users unless users run them on their systems.
References
Chunming, Z. M. X. Q. L. (2003). Analysis of Trojan Horse and Its Detection [J]. Computer Engineering and Applications, 28, 053.
White, G. B., Fisch, E. A., & Pooch, U. W. (2017). Computer system and network security. CRC press.
Subject: IT
Pages: 1 Words: 300
Network connections
The organization can secure its network connections by setting a password on Wi-Fi. It must avoid using an open Wi-Fi connection. WPA and WAP2 will provide strong encryption that will minimize the risks of malware. Another appropriate strategy is to avoid broadcasting SSID. The company can itself gain access by typing SSID manually. The wireless device must avoid showing its presence. It is safe to use a different password for a guest SSID. A practical method involves the installation of anti-malware product on all computers and devices and keeping system updated CITATION Kas18 \l 1033 (Kaspersky, 2018).
Mobile devices
There are effective methods that can be adopted for protecting mobile devices from malware. The organization can restrict employees from using public Wi-Fi. It is appropriate to use safe websites only that carry updated malware defense and HTTPs security. Checking HTTP will inform the users about the risky and non-risky sites. Running default OS browser is a practical method of securing devices. Installation of anti-virus apps minimizes the risks of malware or security breaches. Biometric authentication also reduces the risks of malicious activities. Passwords are easy to guess so employees can be instructed to use biometric identifiers. Avoiding third-party play stores is an effective strategy for mitigating risks CITATION Jay181 \l 1033 (Jay, 2018).
Cloud services
Malware in cloud services can be protected by the adoption of risk mitigation strategies. The first step is to keep systems updated that include operating systems, plugins and critical security patches. Enhanced protection demands intelligence defense technologies that are capable of monitoring, uploading, downloading and storing cloud files. SaaS and IaaS applications also enhanced the security of cloud computing. Organizations can identify malicious activities and conduct risk estimation. Machine learning is useful for uncovering future threats.
References
Jay, J. (2018). Five simple ways to protect your phone from malware, ransomware, and viruses. Retrieved 02 11, 2019, from https://indianexpress.com/article/technology/techook/five-simple-ways-to-protect-your-phone-from-malware-ransomware-and-viruses/
Kaspersky. (2018). Protecting Wireless Networks . Retrieved 02 11, 2019, from https://www.kaspersky.com/resource-center/preemptive-safety/protecting-wireless-networks
Subject: IT
Pages: 1 Words: 300
Subject: IT
Pages: 7 Words: 2100
Running Head: IT
Business Intelligence System
[Name of the Writer]
[Name of the Institution]
Business Intelligence System
1) Expert System
An expert system is one of the computer programs that uses the AI interface. The basic premise behind the premise of the plan is to make sure that some sort of stimulation and judgement must be there in terms of the human an organization. The other thing that is commonly witnessed when one talks about the expert systems is that how they are supposed to have broader knowledge and perspective about the experience field. Most of the times, what happens is that the expert system is bound to incorporate a knowledge base system that must be having an accumulated experience and an inference at the given point of time. It is equally important that an inference system must be abiding and working in accordance with the rules engine. The rules engine is somewhat a driving force behind the AI interface as well as the decision making that is supposed to be done at the broader level at the given point of time. Now, when one talks about the underlying capability of the system, they are broadly based on the knowledge base as well as the eventual set of rules that are supposed to be followed by the organization at the given point of time. The other thing that must be noted that the way current system works, it is supposed to have machine learning interface that means that they performance is going to be based on the experience-based stimulus, pretty much the same way human beings are supposed to work. The key reason that the margin of error is on the lower side with such systems is since how these systems are designed and learning from their own experience.
2.1 Scenario in Case of Dollar Rate Falling
One of the decision-making stimuli that is being provided to the system is since how the exchange rate market is supposed to work (Turban et al, 2017, p.45). In that aspect, whenever there is going to be change in the exchange rate and the dollar rate, the corresponding reflection is going to be witnessed in the marketplace at the given point of time. The idea is to make sure that what are some of the changes that are going to be witnessed in terms of the change in the exchange rate at the given point of time. The way parameters of the system are defined, whenever there is going to be fall in the dollar price, it would ask the user to instead invest in the financial market. One of the reasons for this to be happening is since how the dollar market reacts to the changes that are happening in the financial market at the given point of time. Most of the times, what happens is that whenever there are broader changes in the exchange rate of the dollar, it is going to men that the financial markets are going to be turning into lucrative. The way ES is designed, it is pretty much replicating what happens in the global financial market since most of the times, the financial markets are merely working on the same principle that are defined in the given criterion (Popovič et al, 2016, p.739).
2.2 Interest Rates Remain Unchanged
As per the given set of rules that are provided to the client, it has been coded that if there is going to be a case that there are nor broader changes in the exchange rate, the same trend is going to be replicated in the broader financial market instruments. Most of the times, the way financial markets are supposed to work, if there are broader changes that are witnessed in the market, it means that the broader set of changes that are going to be witnessed at the given point of time are going to be witnessed in the financial market as well at that moment in time. Usually what happens, the interest rates are some sort of the broader set of monetary policy guidelines that are being provided to the financial institutions at the point of time. What it means is that in most of the cases, it would mean that the knowledge processing and the fundamental modalities of the financial market are playing an important role in the determination of this role. The key thing that must be seen is that what is the direction that is being taken by the system at the given point of time (Popovič et al, 2016, p.739). The bond market is based on the broader financial market trends that are witnessed at that point of time and as it can be clearly seen, if there are no broader changes in the interest rate, then the likelihood of the other changes happening in the financial market are on the lower side. This system is probably experience and learning based so that would also determine the future trends and advises that go to the user (Olszak and Ziemba, 2017, p.149).
3) Functionality of the Decision Support System
A decision support system is an important component as far as the AI decision making is supposed to be made at the given point of time. The idea is to make sure that the travel agency and customers are going to be working in the manner that would make sure that the basis on which the decision making is supposed to be made are done as per the right manner. The way this system can aid the user is by making sure that whatever the bookings that are being done by them at the given point of time are being done in an appropriate manner. The expert system is going to be providing appropriate and low-cost travel routes based on the algorithm and that algorithm is going to aid the business decision making. The key component and the knowledge that must be stored in the system must be regarding the travel routes as well as the distance logs that are going to support the business decision making at that point of time (Gangadharan and Swami, 2016, p.144). The major limitations of such a system is that once the logs are defined, it is going to be hard to make sure that the eventual degree of accuracy is being maintained as far as the way eventualities of the system are going to be working out at the specific point of time (Elbashir et al, 2018, p.135). The lack of flexibility and constant upgradation is also going to make the whole thing a challenging prospect. The key thing that has to be noted here is that there must be enough flexibility in the system to make sure that the all the relative elements of the storage of the information system must be processed out at the given moment (Elbashir et al, 2018, p.135).
4) Using DSS Models for Prevention for Fraud
There are two major ways that can be used to make sure that the fraud that is being commonly witnessed in the DSS case can be avoided. The first method that must be used is to make sure that predictive analysis has to be used to ensure that the broader trends that are prevailing in data and based on that trend analysis (Elbashir et al, 2018, p.135). The analytics goes a long way towards making sure that how the DSS model is going to have an insight about the data management in terms of the way most of the things are supposed to be working at the given point of time (Elbashir et al, 2018, p.135). With the support of the predictive analysis, the potential loopholes in the DSS system are going to make sure that the potential cases of fraud are being avoided at the given point of time.
The other thing that must be kept in mind is that what is the state of the information system at the given point of time. Effort must be made to make sure that the security protocols that are being formulated at the level of the organization are designed in the manner that allows all the organizational stakeholders to adhere to them. The strong and more robust information management system is also going to ensure that the way data is stored and transmitted across the board is going to be done through an encrypted server (Elbashir et al, 2018, p.135). When the data encryption protocols are being used, it makes sure that the breach of the confidentiality and the eventual risk that is faced during the whole process is diluted allowing much more robust security controls. Whether internal or external, there are a wide variety of threats posed to enterprises across multiple industries. The most difficult threat to diagnose & address, however, is fraud. Fraudulent activity is a high-cost threat that can compromise the integrity of your company as well as cripple your bottom line. Fraud can take the form of internal activity, such as an employee modifying financial records, or can arise from an external threat, such as customer credit card fraud.
References
Elbashir, M.Z., Collier, P.A. and Davern, M.J., 2018. Measuring the effects of business intelligence systems: The relationship between business process and organizational performance. International Journal of Accounting Information Systems, 9(3), pp.135-153.
Gangadharan, G.R. and Swami, S.N., 2016, June. Business intelligence systems: design and implementation strategies. In 26th International Conference on Information Technology Interfaces, 2004. (pp. 139-144). IEEE.
Olszak, C.M. and Ziemba, E., 2017. Approach to building and implementing business intelligence systems. Interdisciplinary Journal of Information, Knowledge and Management, 2, pp.135-149.
Popovič, A., Hackney, R., Coelho, P.S. and Jaklič, J., 2016. Towards business intelligence systems success: Effects of maturity and culture on analytical decision making. Decision Support Systems, 54(1), pp.729-739.
Turban, E., Sharda, R. and Delen, D., 2017. Decision Support and Business Intelligence Systems (required). Google Scholar.
Subject: IT
Pages: 7 Words: 2100
SCADA Worm
Student’s Name
Institution
Introduction
Supervisory Control and Data Acquisition (SCADA) system utilized for controlling and monitoring geographical remote operations. It is used to have control of the system behind the scene to ensure that a function is completed efficiently. It collects operational data and sensor measurement from the field and then process display and relay information across the field to the control command so that the data could be utilized. According to CITATION Mac12 \l 1033 (Mackenzie & Peter, 2012), the average citizens are not aware of SCADA and its importance to the operations of various sectors. The SCADA system are used to control some of the vital infrastructure such as energy, oil and gas, nuclear facilities and water treatment plants and therefore, it is an essential aspect for any control. This paper therefore, provides a detail illustration of the impact of vulnerability of the SCADA Worm on the critical United States’ infrastructure; describe the methods to mitigate the vulnerabilities, as they relate to the seven (7) domains. It also Assess the levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure. It finally, Assess the elements of an effective IT Security Policy Framework, and how these elements, if properly implemented, could prevent or mitigate and attack similar to the SCADA / Stuxnet Worm.
Impact of SCADA and Stuxnet Worm
The SCADA and Stuxnet Worm have critical impact on the infrastructure in the United States. The fact that SCADA and Stuxnet can have access to critical infrastructure it exposes the United States, critical infrastructure to cyber attack. The fact that SCADA does not require human control makes it more vulnerable to attack and therefore, SCADA and Stuxnet Worm exposed the United States’ infrastructure to external attack. CITATION Har18 \l 1033 (Harrison, 2018). A study conducted by Harrison (2018) on vulnerability of system concluded that with knowledge of SCADA any individual can access SCADA software and crate back entry, and this could increase chances of attack to the system. Therefore, the SCADA and Stuxnet Worm make the critical infrastructure in the United States, more vulnerable to attack by cybercrimes and other people or enemies and therefore, it can cause the United States lose of vital information to enemies hence could compromise the national security CITATION Dan171 \l 1033 (Kaplan, 2017). The cyber attack to critical infrastructure will definitely increase due to SCADA and Stuxnet Worm.
Methods to mitigate vulnerability as they relate to the seven domains
The domains are critical point to access an entry into a system. The seven domains are workstation, remote access, LAN to WAN Domain, WAN domain and system application domain. These domains are critical for efficient and secure operation for any business. The vulnerability around these domains can create access, which permit cyber attack hence can cause serious damage to an organization CITATION Mac12 \l 1033 (Mackenzie & Peter, 2012). Therefore, the access must be regulated through passwords, codes and policies. In workstation, a strong authorization password must be configured to ensure that only authorized person can have access to the station. The LAN and WAN system also require three level encryption configuration to filter in and outgoing messages. It therefore, important for a business to protect each of these seven domains from an attacker from get easy access to the private data.
Levels of responsibility between government agencies and the private sector for mitigating threats and vulnerabilities to our critical infrastructure
The government and the private sector have shared responsibilities to ensure that IT infrastructures are protected. The government has responsibilities to come with policies, which can ensure that infrastructures are protected from access. The corporate world design the best methods needed to protect the infrastructure and conduct research to develop some of the latest techniques, which can be utilized to reduce the vulnerability of IT infrastructure. For example, the U.S. government has enacted data private laws to limit access to private. According to CITATION Dan171 \l 1033 (Kaplan, 2017), the government plays a critical role in maintaining the law and order, and therefore, it punishes individuals who have are found guilty to have violated the law to create vulnerability to the system. The private sector and the government also share information related to vulnerabilities including threats in the system and develop critical applications or methods, which can be used to address the problem. Therefore, the government and the private sector work together to assess and address the issues related to vulnerability to the IT infrastructure in the country.
Elements of an effective IT Security Policy Framework
Effective IT Security policy framework is an important component of protecting vital IT system. There are several policies, which have been enacted by the government to address the issue of vulnerabilities. The government through partnership with stakeholders have established National Institute Standard and technology (NIST), National Security Agency (NSA), the office of Management and Budget (OMB) and the National Security Agency (NSA and the General Accounting Office to address the issues related to vulnerability to improve the security system of key infrastructure in the country CITATION Lew18 \l 1033 (Lewis, 2018). These five bodies periodically assess the documents and security level of the every key infrastructure to make sure that any vulnerability is detected early to prevent any attack to the system. These agencies also analyze the depth of threats and issue set rules and guidelines to provide much impact to the economy and to avoid any future attack to the systems.
References
BIBLIOGRAPHY Harrison, S. (2018). Attack Code for SCADA Vulnerabilities Released Online. International Journal of Information System , 21 (5), 2-15.
Kaplan, D. (2017). Defend Your Industrial Control Systems: 8 Practical Steps. International Journal of Information and Business Security , 12-38.
Lewis, N. (2018). What does the Stuxnet worm mean for SCADA systems security? Information Security and Business ethics , 12 (8), 2-35.
Mackenzie, H., & Peter, M. (2012). Cyber Attacks on U.S. Critical Infrastructure will Intensify. Journal of information System and Security , 21 (8), 2-34.
Subject: IT
Pages: 3 Words: 900
Screencast-o-Matic
Benedicta
[Institutional Affiliation(s)]
Author Note
Educational Uses of Screen-o-Matic
Screencast-o-Matic
The process of taking the screenshots off the computer screen can be rather problematic and tiresome. But fortunately, there are ways in which we record the numerous workings on the screen. This procedure has been made by the use of an online source called "Screen-o-Matic", which is an online video recorder that can be used from any browser working in all prominent operating systems like Mac, Windows, and Linux CITATION Scr \l 1033 (ScreenCast, n.d.).
This is not the only function of this software, as there as numerous others when it comes to its use in the classrooms. This is because of easy and user-friendly nature, and other important features. One of which is the feature that allows the students and teachers to engage in video conversations with each other. This is particularly useful when it comes to sharing prompt thoughts and ideas that exhibit deep meaning and understanding. This excess to an easy medium helps to drive meaningful conversations and use the medium of internet and video recordings to enhance the classroom experience.
Teachers use this online resource to connect and build strong academic connections with all their class or individually with specific students as per their needs CITATION CHa12 \l 1033 (C. Hasanudin, 2012). The medium of video provides easier ways to mentor the students should they need help. This personal level of mentorship is sometimes necessary to drive a thought-provoking discussion on the initiation of a brainstorming session with one or multiple students. Other than that, this online resource can also store the presentation delivered in the classroom on a hard disk or upload them directly on YouTube, as per the requirement of the moment CITATION Zin11 \l 1033 (Zinoune, 2011). These videos can later be viewed at YouTube in ordinary quality or High Definition.
In short, Screen-o-Matic is an outstanding tool for a teacher as well as a student. It can help both teachers and students to synthesize useful information related to the requirement of their courses, and even edit the recorded video sessions to suit later purposes.
References
BIBLIOGRAPHY C. Hasanudin, A. F. (2012, July). Flipped Classroom Using Screencast-O-Matic Apps in Teaching Reading Skills in Indonesian Language. International Journal of Pedagogy and Teacher Education, 2(Focus). DOI:0.20961/ijpte.v2i0.25356
ScreenCast. (n.d.). Retrieved from https://screencast-o-matic.com/home
Zinoune, M. (2011, December 5). Screencast-O-Matic: Make Screen Recordings Online for Free. Linux Tutorials. Retrieved from https://www.unixmen.com/screencast-o-matic-make-screen-recordings-online-for-free/
Subject: IT
Pages: 1 Words: 300
Security and DML (Insert, update and delete)
[Name of the Writer]
[Name of the Institution]
Security and DML (Insert, update and delete)
A class scheduler can be limited to access a specific table or database using Grant statement in the Oracle database. Grant statement is used to assign system privileges to users. A user must be assigned the role with ‘admin option' statement or should be assigned the ‘grant any role' system privilege or create a role manually for the access to database or table. Roles are very useful in granting the roles that contain only the privileges according to the requirements of the user. The user can choose the selective availability of privileges for users which will allow specific control of user privileges for a database. A class scheduler will be given the privilege to select any table which means he/she can only view the data in the Oracle database. Database administrators are usually responsible for assigning the roles of the users to enhance the security of the system.
There are two login methods in the Oracle database. The two login methods include the old password and secure password method. In this situation, a class scheduler can only view the student information so for that I will prefer the secure password method because it is more secure as compared to the old password method. In the old password authentication method, client-side requires 8-byte random challenge from the server, and insecure password authentication method, and client-side requires 20-byte random challenge from the server. The old password authentication method is not secure as compared to the secure password authentication method because the secure password method uses a tested cryptographic hashing function which isn't broken. The old password allows users to enter into the database using the authentication method name which is the old password of MySQL. So in this case, a secure password authentication method will be used to give access only to the student's information table.
Subject: IT
Pages: 1 Words: 300
Security in a world of technology
[Name of the Writer]
[Name of the Institution]
Security in a world of technology
Education Methods
Introduction
Training and education are the terms that are used interchangeably, taking into account varying approaches, purposes and outcomes that are associated with these methods. There are different education methods that can be used for teaching, such as instructor-led method, E-learning, just-in-tine training, guided learning, and blended learning. All these teaching methods play a central role in gaining knowledge.
Discussion
Instructor-led training method is a strategy in which knowledge is delivered by an instructor to groups of the audience who are learners and they are gaining knowledge with the help of the teacher ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"djkTtMSI","properties":{"formattedCitation":"(Hebda, Czar, and Mascara 2005)","plainCitation":"(Hebda, Czar, and Mascara 2005)","noteIndex":0},"citationItems":[{"id":19,"uris":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"itemData":{"id":19,"type":"book","publisher":"Pearson Prentice Hall","source":"Google Scholar","title":"Handbook of informatics for nurses and health care professionals","author":[{"family":"Hebda","given":"Toni"},{"family":"Czar","given":"Patricia"},{"family":"Mascara","given":"Cynthia"}],"issued":{"date-parts":[["2005"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hebda, Czar, and Mascara 2005). These learners are connected with the help of Audio Visual aids and technology. This method can be used in an organization to train the employees. Also, this method is driven by kinetic learner experience that requires both databases as well as hardware. E-learning is another method that can be used for teaching and it is used in combination with the training delivery methods. Content is provided with the help of technology ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Q7TCatSV","properties":{"formattedCitation":"(Hebda, Czar, and Mascara 2005)","plainCitation":"(Hebda, Czar, and Mascara 2005)","noteIndex":0},"citationItems":[{"id":19,"uris":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"itemData":{"id":19,"type":"book","publisher":"Pearson Prentice Hall","source":"Google Scholar","title":"Handbook of informatics for nurses and health care professionals","author":[{"family":"Hebda","given":"Toni"},{"family":"Czar","given":"Patricia"},{"family":"Mascara","given":"Cynthia"}],"issued":{"date-parts":[["2005"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hebda, Czar, and Mascara 2005). This method can be used in organizations to let the employees learn by going through different tutorials and other recorded sets of information. It is one of the most suitable and easy to use method.
Just-in-time learning is a training process that can help a learner to learn by being a part of training in practical terms ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"4H7oiwJT","properties":{"formattedCitation":"(Hebda, Czar, and Mascara 2005)","plainCitation":"(Hebda, Czar, and Mascara 2005)","noteIndex":0},"citationItems":[{"id":19,"uris":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"itemData":{"id":19,"type":"book","publisher":"Pearson Prentice Hall","source":"Google Scholar","title":"Handbook of informatics for nurses and health care professionals","author":[{"family":"Hebda","given":"Toni"},{"family":"Czar","given":"Patricia"},{"family":"Mascara","given":"Cynthia"}],"issued":{"date-parts":[["2005"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hebda, Czar, and Mascara 2005). This training is accompanied by the use of a trainer who can supervise all the actions of the learner. This training can be used in an organization to supervise internees who are at work. Also, the learners would be supervised in terms of the learning abilities and the task completed. Blended learning is a combination of training delivery methods that can enhance learning goals. This technique uses web-based independent resources. This learning method can be used in an organization to address the student learning goals by using both online media as well as supervision of new hiring.
Conclusion
It is concluded that each method its own efficiency and credibility and each of the methods aim at enhancing subject knowledge of the one who is taught. Also, all these methods can be used in organizations.
Reference
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Hebda, Toni, Patricia Czar, and Cynthia Mascara. 2005. Handbook of Informatics for Nurses and Health Care Professionals. Pearson Prentice Hall.
Protecting patient’s information
Introduction
With the passage of time, advancement in technology has also brought a huge threat to the information. It is found that healthcare continues to be one of the major targets for the hackers who steal and manipulate data. Ultimately, there are different mechanisms that are used by the healthcare system to overcome and mitigate these issues.
Discussion
Taking into account the method and techniques to protect data, different security mechanisms are used such as audit trails, authentication processes, having control and access guided by a central server, analysis of the external communication links as well as access tools. Some other methods are, developing system backup that can keep a record of the data. Also, it is added that there are different disaster recovery processes that can help to recover and back up the data that is recovered from different resources. There are different administrative and personal issues that arise, taking into account that these issues can be revised by using system self-assessment and the maintenance of the wariness of technological aspects.
It is highlighted that these techniques help to prevent the issues that can breach or manipulate the data. The level of access is also another aspect to consider, taking into account that security techniques have prohibited and minimized access to data ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"Z3UUlNKr","properties":{"formattedCitation":"(Mather and Cummings 2019)","plainCitation":"(Mather and Cummings 2019)","noteIndex":0},"citationItems":[{"id":20,"uris":["http://zotero.org/users/local/6bWeQAmN/items/Z2JSJC75"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/Z2JSJC75"],"itemData":{"id":20,"type":"article-journal","container-title":"BMJ health & care informatics","issue":"1","page":"1–5","source":"Google Scholar","title":"Developing and sustaining digital professionalism: a model for assessing readiness of healthcare environments and capability of nurses","title-short":"Developing and sustaining digital professionalism","volume":"26","author":[{"family":"Mather","given":"Carey Ann"},{"family":"Cummings","given":"Elizabeth"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Mather and Cummings 2019). Also, there is a complete check and balance on the issues of data security so that data can be saved from any kind of threat. Handling and Disposal of Confidential Information is also a major aspect in terms of security concerns. In order to prevent the disposal of data, the central server system is used where audit trails are meant to ensure the safety and mitigation of breaching of data. Also, systematic authentication and personalized access is a major aspect to consider to overcome these issues ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"hs1Musrd","properties":{"formattedCitation":"(Mather and Cummings 2019)","plainCitation":"(Mather and Cummings 2019)","noteIndex":0},"citationItems":[{"id":20,"uris":["http://zotero.org/users/local/6bWeQAmN/items/Z2JSJC75"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/Z2JSJC75"],"itemData":{"id":20,"type":"article-journal","container-title":"BMJ health & care informatics","issue":"1","page":"1–5","source":"Google Scholar","title":"Developing and sustaining digital professionalism: a model for assessing readiness of healthcare environments and capability of nurses","title-short":"Developing and sustaining digital professionalism","volume":"26","author":[{"family":"Mather","given":"Carey Ann"},{"family":"Cummings","given":"Elizabeth"}],"issued":{"date-parts":[["2019"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Mather and Cummings 2019).
Conclusion
Security threat is most dangerous and harmful aspect of the technological disasters in the present time, taking into account that different measures have been taken so far to address these issues. It is also added that the techniques are improved and upgraded over time so that threats can be minimized.
Reference
Mather, C. A., & Cummings, E. (2019). Developing and sustaining digital professionalism: a model for assessing readiness of healthcare environments and capability of nurses. BMJ health & care informatics, 26(1), 1-5.
Education to staff on phishing and spam emails
Introduction
Virtual crimes are one of the major threats that need to be addressed. It is observed that with a major shift in technology, virtual crimes such as spam and phishing has caused a lot of mess. In order to teach the staff on virtual crimes, different teaching methods can be used.
Discussion
Phishing and spam are one of the major virtual crimes. Phishing is a fraudulent practice that have a specified target while spam has a broad target. Spam is more like unnecessary advertisements that can be annoying. In order to teach staff, different methods can be used, such as self-guided learning. It is one of the techniques that can help learners know how to get rid of spams and analyze phishing. This method can be used to teach by using training manuals, it can be evaluated by using tests in the form of quizzes and practice trials. Instructor-led training is another major method that can be used because it paves the way for kinetic learner experience ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"VY7Dl0V8","properties":{"formattedCitation":"(Hebda, Czar, and Mascara 2005)","plainCitation":"(Hebda, Czar, and Mascara 2005)","noteIndex":0},"citationItems":[{"id":19,"uris":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"itemData":{"id":19,"type":"book","publisher":"Pearson Prentice Hall","source":"Google Scholar","title":"Handbook of informatics for nurses and health care professionals","author":[{"family":"Hebda","given":"Toni"},{"family":"Czar","given":"Patricia"},{"family":"Mascara","given":"Cynthia"}],"issued":{"date-parts":[["2005"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hebda, Czar, and Mascara 2005). This method is led by using different audiovisual aids and it can be evaluated in the form of trails and practices.
E-learning is another teaching method that can be used to teach about spam and phishing emails. This method can be evaluated by using different techniques such as the quiz and online assessments. Blended learning is also a major techniques that can be used to teach students about spam and phishing because it will include different methods of teaching ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"b3RwjWMM","properties":{"formattedCitation":"(Hebda, Czar, and Mascara 2005)","plainCitation":"(Hebda, Czar, and Mascara 2005)","noteIndex":0},"citationItems":[{"id":19,"uris":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"uri":["http://zotero.org/users/local/6bWeQAmN/items/4H9MA82F"],"itemData":{"id":19,"type":"book","publisher":"Pearson Prentice Hall","source":"Google Scholar","title":"Handbook of informatics for nurses and health care professionals","author":[{"family":"Hebda","given":"Toni"},{"family":"Czar","given":"Patricia"},{"family":"Mascara","given":"Cynthia"}],"issued":{"date-parts":[["2005"]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (Hebda, Czar, and Mascara 2005). This method or student learning can be evaluated by using different assessments such as trial quizzes and the learnability of the students in the form of presentations.
Conclusion
Taking into account the task of teaching staff about virtual crime, above mentioned teaching methods can be used. These methods can help the students get a deep insight into what is taught to them, also these methods can help to assess the staff’s learnability.
Reference
Hebda, T., Hunter, K., & Czar, P. (2018) 'Handbook of Informatics for nurses and Healthcare Professionals' 6th ed.'
Subject: IT
Pages: 3 Words: 900
Seminar 3
Nancy Duong
School or Institution Name (University at Place or Town, State)
Introduction to Microsoft WORD 2016
Using new Microsoft WORD 2016, users can transform their document into an interactive, easy to share webpage which looks on every device. It also allows the users to improve the comprehension with line focus as users can move through the document line by line without any distractions. Users can adjust the focus by putting one to five lines in view at the same time ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"h8LxMzio","properties":{"formattedCitation":"(\\uc0\\u8220{}What\\uc0\\u8217{}s new in Word for Office 365,\\uc0\\u8221{} n.d.)","plainCitation":"(“What’s new in Word for Office 365,” n.d.)","noteIndex":0},"citationItems":[{"id":441,"uris":["http://zotero.org/users/local/PwL0F8bO/items/LRD5A42L"],"uri":["http://zotero.org/users/local/PwL0F8bO/items/LRD5A42L"],"itemData":{"id":441,"type":"webpage","title":"What's new in Word for Office 365","abstract":"A quick look at new features in Word 2016, such as real-time collaboration, Tell Me for finding commands and help, Smart Lookup with Insights for online research, easier sharing, writing equations with ink instead of the keyboard, and more.","URL":"https://support.office.com/en-us/article/what-s-new-in-word-for-office-365-4219dfb5-23fc-4853-95aa-b13a674a6670","language":"en-US","accessed":{"date-parts":[["2019",1,22]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“What’s new in Word for Office 365,” n.d.). With Microsoft WORD on our PC, Mac or mobile devices, we can,
Create documents from the beginning or choose a template and insert our content accordingly.
Add extra text in the form of text boxes, insert any image, video or art in our document.
Research a topic along with finding credible sources related to the topic, using online search option available with WORD.
Access the documents from the tablet, computer or mobile phone using OneDrive.
Share the work or document with other people.
Track and make any necessary changes in the document.
Creating a New Document
We can either create a document from scratch or use a built-in template provided by Microsoft WORD. This corresponds to two steps:
Creating a blank document: To create a blank document, we can either,
Open up Microsoft WORD and click on “Blank Document” from the list of document types available on the screen.
OR
Click on the “File” tab on the top left corner of the WORD file and from the newly available list, choose “New” and from there, choose “Blank Document” from the available list.
Creating a document using a template: To create a document using built-n templates, we can either,
Open up Microsoft WORD and click on the list of templates available on the screen.
OR
Click on the “File” tab on the top left corner of the WORD file and from the newly available list, choose “New” and from there, choose any template available on screen except the “Blank Document” from the available list. Users can also search for the templates online using the “search online templates” box available right above the list of templates available on screen ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"4TFtI2Zo","properties":{"formattedCitation":"(\\uc0\\u8220{}Create a document in Word,\\uc0\\u8221{} n.d.)","plainCitation":"(“Create a document in Word,” n.d.)","noteIndex":0},"citationItems":[{"id":443,"uris":["http://zotero.org/users/local/PwL0F8bO/items/2QGITC88"],"uri":["http://zotero.org/users/local/PwL0F8bO/items/2QGITC88"],"itemData":{"id":443,"type":"webpage","title":"Create a document in Word","abstract":"Training: Get up and running quickly with our Word Quick Start, Learn how to create a document, add and format text, and add pictures, shapes, and charts.","URL":"https://support.office.com/en-us/article/create-a-document-in-word-aafc163a-3a06-45a9-b451-cb7250dcbaa1","language":"en-US","accessed":{"date-parts":[["2019",1,22]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Create a document in Word,” n.d.).
Saving the Document in WINDOWS operating system
To save the document, we can use two ways to do it,
Using your keyboard: To save a document in WORD using your keyboard, you can save it by pushing “Ctrl+S” on the keyboard simultaneously. This can be achieved by keep pressing the “Ctrl” key before you press the “S” key available on your keyboard. WORD would ask you about the file name and where you want the file to be saved.
Without using the keyboard: For this, you need to click on the "File" tab available at the top left corner of the WORD screen. From the available list on the left side of the window, select the "Save As" and the window will appear asking the required file name and the location of the file to be saved. After choosing your appropriate file name and location, you can save the file.
Saving a file to OneDrive on Windows Operating System
To save a file on OneDrive, after clicking on the “File” and “Save As” as mentioned above, we can click on “OneDrive” to save the personal files to OneDrive which can be accessed on both the mobile phones and your computer systems ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"WdQc8KnZ","properties":{"formattedCitation":"(\\uc0\\u8220{}Save your document to OneDrive in Word,\\uc0\\u8221{} n.d.)","plainCitation":"(“Save your document to OneDrive in Word,” n.d.)","noteIndex":0},"citationItems":[{"id":445,"uris":["http://zotero.org/users/local/PwL0F8bO/items/NRH3KZ39"],"uri":["http://zotero.org/users/local/PwL0F8bO/items/NRH3KZ39"],"itemData":{"id":445,"type":"webpage","title":"Save your document to OneDrive in Word","abstract":"Training: Get up and running quickly with our Word Quick Start. Learn how to create and save a document in Word.","URL":"https://support.office.com/en-us/article/save-your-document-to-onedrive-in-word-d7c23ed3-a80a-4ff4-ade5-91211a7614f3","language":"en-US","accessed":{"date-parts":[["2019",1,22]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Save your document to OneDrive in Word,” n.d.). You would need to create an account on OneDrive first to access this feature.
Saving a file online on MAC Operating System
We can follow the following steps,
Click on the “File” tab and select “Save As” and then selecting “Online Locations” from the window which appears on the screen ADDIN ZOTERO_ITEM CSL_CITATION {"citationID":"6DXIDkuc","properties":{"formattedCitation":"(\\uc0\\u8220{}Save documents online in Word for Mac,\\uc0\\u8221{} n.d.)","plainCitation":"(“Save documents online in Word for Mac,” n.d.)","noteIndex":0},"citationItems":[{"id":447,"uris":["http://zotero.org/users/local/PwL0F8bO/items/FSUQYSRZ"],"uri":["http://zotero.org/users/local/PwL0F8bO/items/FSUQYSRZ"],"itemData":{"id":447,"type":"webpage","title":"Save documents online in Word for Mac","abstract":"Save Word for Mac files online at OneDrive to make it easy to share them and get to them from all of your devices.","URL":"https://support.office.com/en-us/article/save-documents-online-in-word-for-mac-70adea1d-df17-416e-ac76-7eb7bd7abc24","language":"en-US","accessed":{"date-parts":[["2019",1,22]]}}}],"schema":"https://github.com/citation-style-language/schema/raw/master/csl-citation.json"} (“Save documents online in Word for Mac,” n.d.).
From there we can select “OneDrive” or any other available online forum to save the file.
References
ADDIN ZOTERO_BIBL {"uncited":[],"omitted":[],"custom":[]} CSL_BIBLIOGRAPHY Create a document in Word. (n.d.). Retrieved January 22, 2019, from https://support.office.com/en-us/article/create-a-document-in-word-aafc163a-3a06-45a9-b451-cb7250dcbaa1
Save documents online in Word for Mac. (n.d.). Retrieved January 22, 2019, from https://support.office.com/en-us/article/save-documents-online-in-word-for-mac-70adea1d-df17-416e-ac76-7eb7bd7abc24
Save your document to OneDrive in Word. (n.d.). Retrieved January 22, 2019, from https://support.office.com/en-us/article/save-your-document-to-onedrive-in-word-d7c23ed3-a80a-4ff4-ade5-91211a7614f3
What’s new in Word for Office 365. (n.d.). Retrieved January 22, 2019, from https://support.office.com/en-us/article/what-s-new-in-word-for-office-365-4219dfb5-23fc-4853-95aa-b13a674a6670
Subject: IT
Pages: 1 Words: 300
Short Essay
[Author’s Name]
Short Essay
Network security and cybersecurity are used interchangeably, as they provide a set of rules for securing both computers as well as networks. However, both of these terms are different. This essay will provide arguments regarding why network and cybersecurity are different. Network security comprises of policies and practices that are adopted to prevent and monitor unauthorized access, any misuse, and network-accessible resources. It also facilitates in preventing and protecting against the unauthorized intrusion into various corporate networks (Bishop, 2003). In short, network security is a set of particular rules and protocols that are designed to protect the integrity, accessibility, and confidentiality of computer networks. On the other hand, cybersecurity is a way of defending computers, servers, electronic systems, networks from multiple malicious attacks (Bishop, 2003).
Cybersecurity is a broader term while network security can be considered as the subset of cybersecurity responsible for protecting, not only network, but network-accessible resources from any unauthorized access. The role of network security is to safeguard an organization’s IT infrastructure from multiple cyber threats such as viruses, worms, spyware, adware and other service attacks. Typically, in many organizations, network security teams install hardware and software necessary to protect the security architecture. Several components of network security are there which work together in aiding and improving the security of the network. However, the most common components are Anti-Virus Software, Firewalls, Intrusion Detection & Prevention Systems also known as (IDS/IPS) and VPNs (Virtual Private Networks) (Orchier & Byreddy, 2000). During an attack, when network security is compromised, it is necessary to get the attackers out of the system, as quickly as possible, as the longer attackers stay in the system, the more time they have to steal confidential data.
While discussing cybersecurity, it is the subset of information security that facilitates in defending an organization’s computers, data, and networks from unauthorized digital access or damages, while implementing technologies and various processes and practices. The cybersecurity professionals are responsible for monitoring incoming and outgoing traffic on the network to minimize the risks of cyber-attacks, while protecting the organization from any unauthorized exploitation of systems. Cybersecurity provides a set of rules to not only protect the network but to provide updated information regarding multiple attacks and different methods of attacks that comes under cybersecurity (Craigen & Purse, 2014). It also safeguards the network from outside attacks and avoids unintended breaches from within the organization.
In the context of data, the critical component of both cyber and network security is data integrity, yet, cybersecurity takes monitoring data and threat detection to a greater degree as compared to network security. If an organization is considered a fortified castle, then network security can be considered responsible for maintaining peace and securing inside the castle, thus protecting the sovereignty of an organization from network-related threats. In contrast, cybersecurity is responsible for protecting an organization from various outside threats (Kisor & Calderwood, 2001). It facilitates in protecting an organization from digital attacks such as phishing, in which a hacker attacks through emails or chats to gain confidential information, or pretexting where attacks impersonate an authoritative figure to obtain personal data. Similarly, cybersecurity, also protects from attacks, such as baiting, in which an attacker leaves a malware-infected device that, if used, can facilitate the attacker to access the personal information (Craigen & Purse, 2014)
To conclude this subject, cybersecurity is considered a subset of information security, whereas, network security is considered as a subset of cybersecurity. Cybersecurity deals with the security of data at storage and transit, whereas, network security deals with the protection of the IT infrastructure of an organization while restricting access to the confidential data from any unauthorized entity. Although in many pieces of research, cybersecurity is a term used in a broader sense while network security is merely one aspect of information and cybersecurity.
References
Bishop, M. (2003). What is computer security?. IEEE Security & Privacy, 1(1), 67-69.
Craigen, D., Diakun-Thibault, N., & Purse, R. (2014). Defining cybersecurity. Technology Innovation Management Review, 4(10).
Kisor, G. H., & Calderwood, R. C. (2001). U.S. Patent No. 6,266,773. Washington, DC: U.S. Patent and Trademark Office.
Orchier, J., Soriano, R., Salvaterra, L., Ardito, D., & Byreddy, A. (2000). U.S. Patent No. 6,070,244. Washington, DC: U.S. Patent and Trademark Office.
Subject: IT
Pages: 2 Words: 600
Student
Professor
Course Code
Date
There are four other variables used in global infrastructure apart from people and cultures. It is worth noting that these variables operate dependently and the efficiency of one variable may determine that of the other. To start with, I would like to talk about network and network systems. Under these two variables, I shall major on security and communication aspects. Looking at security, it is observed that it consists of both the policies and practices put in place to monitor and to limit chances of unauthorized access, misuse, modification or network accessible resources. Security is, therefore, an important variable which aids in offering defense for the global infrastructure. It is through the use of security that a user may be able to install various passwords for authenticating information and allowing only the relevant persons to get access (DeHaan 52). Besides, security is vital in facilitating confidentiality, data accuracy and integrity as well as consistent data availability. There is also a possibility of the infrastructure being attacked by evil software such as malware. To prevent such incidences, security may be used in installing firewalls and other programs to prevent virus attacks. The second variable I would like to talk about is communication. This variable is a crucial component of IT infrastructure since it is what determines how information is dispatched, and how the information flows. This variable relates to the first variable, security, in that communication plays major roles in ensuring data confidentiality and privacy. The communication channel set in place determines whether or not the secured information may get to the public disposal or not. Communication works alongside security to foster integrity, data availability, and confidentiality. Looking at security, it may be observed that it has some relationship with the already mentioned variables, people and cultures, and has great impacts on them. I may argue that security plays important roles in shaping how people behave towards IT infrastructure. When security is well established, people end up understanding the demands for confidentiality and as such, they end up limiting themselves from providing the public with information relating to the infrastructure. In other words, security and communication have an impact on making people to avoid chances of data exposure and develop a culture of confidentiality and utmost integrity.
The third variable I would like to talk about is computer hardware and software. Basically, information system contains both hardware and software. Through definition, it is observed that hardware refers to the part of the information system that one may touch. In other words, hardware is the variable of IT infrastructure which represents the physical components of technology and may include flash drives, keyboards, etc. On the other hand, software refers to a set of instructions which guides the hardware on what actions to be executed. Software programs are created by typing the instructions which tell the hardware what to do and may include word processing and excel sheets amongst others. The relationship between the hardware and the software is clearly visible since the computer software controls the hardware. Besides, the two variables cannot operate independently since they are complimentary. For any computer to efficiently process data and give accurate output, it is vital that the hardware and the software work together. Without computer hardware, computer software is useless and conversely. Computer software may be categorized into two, which include operating system software and application software. Looking at the relationship between these two variables with the already mentioned variables, people and cultures, an observation is made that both the hardware and software may only operate when actions are initiated and effected by people. While the software is responsible for providing commands to be turned into actions by the hardware, it is noted that the influence of people is important in the process of converting these commands into actions. On the other hand, culture influences the behavior of people and therefore, when people live under a culture of applying technological practices, it positively influences the ease of using the hardware and the software variables.
The fundamentals of system development mentioned already include software development life cycle (SDLC), RA, Agile and extreme development methodologies. To start with is the SDLC which refers to a structure guiding the development team within a software organization and in which, all the details outlining how to develop, maintain and replace certain software are provided. Basically, it is observed that SDLC involves several activities which include planning, implementation, testing, documentation, deployment, and maintenance. Under the planning activity, the gathering of the requirements and development of important parts of the software are done by software engineers. Implementation stage involves the aspects of writing the code in accordance with the requirements of the client while testing involves finding out the defects of the developed software. Documentation is a process whereby all the steps undertaken in developing the project are recorded for purposes of improving the project in the future. It is noted that the documentation may include the writing of application programming interface (API) (Vijayasarathy, Leo, and Dan Turk 145). The software is then brought to application and maintenance enhanced for the future reference. On the other hand, registration authority (RA) serves the duty of verifying user’s requests for digital certificates and alerts the certificate authority (CA) to provide it. Registration authorities are networked systems facilitating the safe transfer of information and money amongst companies and users. Lastly, extreme programming (XP) is an agile framework intended to produce higher quality software as well as a higher quality of life for the team responsible for software development. It is noted that extreme programming is applicable when the requirements of software development are undergoing dynamic changes when there are risks brought forth by fixed times using technology when the development team is small and co-located and the technology being used allows for automated unit and, functional tests.
Block diagrams are very important in describing the processes in infrastructure due to many existent reasons. To start with, it has been argued that block diagrams provide a representation of all the functions performed by each of the components under any given scenario. Therefore, since it is important to compare and contrast the functions performed by different variables in the processes of infrastructure, block diagrams become significant. Secondly, block diagrams provide for the inter-linking of all system variables. This is an indication that comparison of the effects of the various variables on the output of the process may easily be determined from the block diagrams. Thirdly, block diagrams have an advantage of indicating more realistic signal flows of a system. I suggest that the use of block diagrams is important in understanding the layout of a company infrastructure majorly because it gives room for easy analyses and comparison of the different components involved in the process (Dingsøyr et al., 84). Global IS infrastructure is the developing communication framework intended to eventually connect all the telecommunications and computer networks across the world. For instance, the internet is considered a facto global IS infrastructure in the current times since it links people from all over.
Looking at the five levels of automation as discussed already, it is observed that within the first level, it is the human operator who does the task and turns it over for the computer for implementation. In my opinion, this is the most analog stage which was only applicable at the time computers and computing works were first invented. During that time, computers did less work than human operators. It was more of manual performances than of automation. Moving forward, looking at the second level, it is observed that the computer was able to help human operators by determining some of the options available for the task to be completed. This level was the real marked the real introduction of computing in the area of task completion. Human operators, therefore, seem relieved from the intensive tasks which they used to do during the level one era. However, even in this second level, still, automation is not realized to a greater extent since when a comparison is made, a realization obtained shows that still the human operators perform more tasks than the machines. The computers only determine options but the whole process of suggesting the options and determining which option to undertake relies on human operators. Therefore, we are also past level two in terms of automation. Level three, on the other hand, presents a scenario whereby the computer helps in determining options and also provides suggestions. The human operator may, therefore, make a choice out of the recommendations suggested by the computer. Ideally, it is observed that most of the computers in the near past did help in determining the options and giving more suggestions about the presented options. The human operator was left to make a choice of which option to take and decide on executing it. In my opinion, we have attained level 4 where a computer takes part in the selection of an action, leaving the human operator only with a task to decide whether the action should be done or not. It represents almost a full level of automation and the computers are now performing more tasks than human operators. Yes, I think we will achieve level 5 of automation. Looking at the faster rates at which technological advancements are taking place, it is evident that soon computers capable of selecting and implementing an action as long as human operator approves it will be invented.
Works Cited
DeHaan, Michael Paul, Adrian Karsten Likins, and Seth Kelby Vidal. "Discovery of network software relationships." U.S. Patent No. 8,990,368. 24 Mar. 2015.
Dingsøyr, Torgeir, Tore Dybå, and Nils Brede Moe, eds. Agile software development: current research and future directions. Springer Science & Business Media, 2010.
Vijayasarathy, Leo, and Dan Turk. "Drivers of agile software development use: the Dialectic interplay between benefits and hindrances." Information and Software Technology 54.2 (2012): 137-148.
Subject: IT
Pages: 5 Words: 1500
[Name of the Writer]
[Name of Instructor]
IT
[Date]
Skills Needed For Employment As A Software Engineer
Introduction
Software engineering forms the basis of the field of computer technology. Software engineers develop software that is installed on various hardware such as mobiles and laptops (Fitzgerald, Brian, and Klaas-Jan Stol, pp. 178). The hardware devices can be rendered purposeless should software is not installed on them (Fitzgerald, Brian, and Klaas-Jan Stol, pp. 180). Software engineers employ software design and engineering principles to design develop and deploy a piece of software. As software engineering is a scientific and technically-driven field evolving at a rapid pace, individuals need formal degrees to move into this field (Fitzgerald, Brian, and Klaas-Jan Stol, pp. 179). Once an individual receives a software engineering degree, one has the freedom to embark on any software engineering career based on one's preference. There are multiple fields in which a software engineering graduate can work. Of all the fields in which an individual can work after getting a degree in software engineering, mobile application development, system software development, and web development are of particular interest. A software engineer working in the field of mobile application development is tasked to create applications that are used on mobile devices (Ebert et.al, 105). So of these applications are installed from the factory and some are installed after the purchase of these devices. A software engineer working in a systems development field creates specialized software such as an operating system (Ebert et.al, 105). Different operating systems are Windows and iOS. Lastly, a software engineer working in the field of web development develops software and applications that are run on the web (Ebert et.al, 106). Although a software engineering degree provides a robust foundation for students to embark on a successful career, each field in software engineer requires different skills that would make an individual thrive in that field. These skills set individuals apart from each other. On the basis of hands-on experience of these skills decides the starting salary of a software engineer. This paper would discuss the different skills required to work in a particular area of software engineering. Additionally, a comparison of working hours and salaries would be discussed. Furthermore, growth opportunities in each field would also be discussed.
Discussion
The field of software engineering has become the most lucrative occupational field in the United States. Different fields require a different set of skills. Some skills are high in demand and pay quite well. On the contrary, some skills do not pay that much in the software engineering domain. Mobile application development, system software development, and web development are three fields that attract the most software engineers.
Mobile Application Development
No one was familiar with the term of mobile application development a decade ago. However, the field of mobile application development is widely known as the most well paying job. In mobile application development, software engineers, most of the time, work as a team to design and develop different applications. Candy Crush is a popular game among mobile phone users. Although it is a game, from the perspective of a software engineer, it is basically an application. Mobile applications that are created using software engineering principles can run on mobile devices of various types. These mobile devices include iPhone and Android. For a software engineer looking to pursue a career in the iOS applications built specifically for iPhones, one needs multiple skills in order to thrive. The foremost skill an iOS developer would need is proficiency in "Swift" language (Beecham et.al, 9). The language swift has been developed by Apple. Next skill to master is the integrated development environment (IDE) designed to create iOS applications using “Swift” language (Beecham et.al, 9). In order to enter the android development field, one needs to have command over “JAVA” language. Furthermore, a software engineer would need to be skillful using “Android Studio”. Android Studio is an IDE which can be used to create applications for android mobiles.
System Application Development
System application development is widely considered as the core of programming that the software engineers do. These type of applications are the one that is run generally on a desktop operating system. The desktop operating system can be Windows, Mac or Linux. System applications are the one which is operated in the operating system in which they are installed. The system applications are aimed at both an individual user and a business in order to assist them with routine operations. The skills required in order to enter the field of system application development are large in number. It depends upon the nature of the product o the organization. Besides possessing creativity, analytical skills and sharp attention to detail, a software engineer looking to opt for system application development needs an acquaintance with various tools and languages (Beecham et.al, 10). Languages that a software engineer would need to master are C# and JAVA (Beecham et.al, 10). JAVA language is a general-purpose programming language which is considered to be reliable and secure by many experts (Beecham et.al, 10). The tools that a software engineer would need to be proficient in are "Eclipse" and "Netbeans" (Beecham et.al, 10). The IDEs "Eclipse" and "Netbeans" are designed specifically for developing system applications based on JAVA language (Beecham et.al, 10). Similarly, C# is also a general-purpose programming language. However, unlike JAVA, C# is purely an object-oriented language (Beecham et.al, 10). C# language can be mastered using Microsoft Visual Studio.
Web Development
With ever increasing internet users, the number of websites is also burgeoning. Every day millions of people scroll through different web pages without noticing about the amount of effort and skills that go into the creation of these web pages. In order to excel in the field of web development, a software engineer would need numerous skill to master. The foremost skill a website developer needs to acquire is the responsiveness of the websites (Beecham et.al, 11). Responsiveness of web pages is important because of different devices having different screen ratios. Additionally, HTML 5 and JavaScript are needed to master designing web pages that please the eyes of the user (Beecham et.al, 11). PHP and MySQL are another two languages for web developers to master.
Comparison of Salaries
Although the salaries of different software engineers vary with companies. A national average can give an idea about the salaries of software engineers.
Job Title
Salary
Mobile application developer
$122,835
System application developer
$124,635
Web Developer
$ 114,745
The working hours are almost alike of all the companies. A software engineer is required to work 40 hours a week. This means that five days a week and eight hours a day.
Conclusion
There are multiple tools and languages that an individual needs to learn in order to get employed as a software engineer. Mobile developers need to master Swift and Java language. System application developers require to learn C# and Java. Lastly, web developers need to learn HTML 5, Javascript, PHP, and MySQL. Taking into account the discussion above, one can conclude that software engineering jobs are highly paid jobs. Additionally, there are ample opportunities for growth for the job holders. The mobile application developer can go onto becoming a software architect. The system application developer has an opportunity to become a solutions architect. Lastly, a web developer can become a security analyst.
Works Cited
Beecham, Sarah, et al. "Preparing tomorrow's software engineers for work in a global environment." IEEE Software34.1 (2017): 9-12.
Ebert, Christof, Marco Kuhrmann, and Rafael Prikladnicki. "Global software engineering: An industry perspective." IEEE Software 33.1 (2015): 105-108.
Fitzgerald, Brian, and Klaas-Jan Stol. "Continuous software engineering: A roadmap and agenda." Journal of Systems and Software 123 (2017): 176-189.
Subject: IT
Pages: 4 Words: 1200
More Subjects
