...Principles of Information Security Chapter 3 Review In: Computers and Technology Principles of Information Security Chapter 3 Review Chapter 3 Review 1. What is the difference between law and ethics? The difference between law and ethics is that law is a set of rules and regulations that are universal and should be accepted and followed by society and organizations. Ethics on the other hand was derived from the latin word mores and Greek word Ethos means the beliefs and customs that help shape the character of individuals and how people interact with one another 2. What is civil law, and what does it accomplish? A wide variety of laws that govern a nation or state and deal with the relationships and conflicts between organisational and entities and people. 3. What are the primary examples of public law? Criminal, administrative and constitutional law. 4. Which law amended the Computer Fraud and Abuse Act of 1986, and what did it change? The National Information Infrastructure Protection of 1996 amended the Computer Fraud and Abuse Act of 1986. It modified several sections of the CFA Act, and increased the penalties for selected crime. 5. Which law was specifically created to deal with encryption policy in the United States? The Security and Freedom through Encryption Act of 1999. 6. What is privacy in an information security context? Privacy is not absolute freedom from observation, but rather it is a more precise “State of being free from...
Words: 550 - Pages: 3
...SE571 Course Project: Security Assessment and Recommendations SE571 Course Project: Security Assessment and Recommendations Charlie Furze Professor: Eddie Wachter SE571 Principles of Information Security and Privacy Keller Graduate School of Management July 24, 2015 Table of Contents Executive Summary 1 Company Overview 1 Security Vulnerabilities 3 A Hardware Example Title 3 A Software Example Title 4 Recommended Solutions 5 A Hardware Example Solution 6 A Software Example Solution 8 Impact on Business Processes 9 Budget 10 Summary 11 References 12 Executive Summary The executive summary can’t really be completed until the course project is completed. This is because the section should summarize BRIEFLY the entire paper. There should be one or two sentences about the purpose of the report, a one to two-sentence description of the company and then a quick summary of the two vulnerabilities and the two solutions that you have identified. Company Overview Here you should identify which of the two company scenarios you are using and briefly summarize the organizations products or services, and business processes. Two Security Vulnerabilities Software Vulnerability Remember, you need to choose only two vulnerabilities from the three categories: hardware, software and policy. It is recommended that you make them limited in scope and very specific. Also, before starting on this section, be sure you have a very clear...
Words: 1180 - Pages: 5
...Security Assessment and Recommendations – Phase I Submitted to: Farhan Farrukh SE571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: March 18, 2012 Table of Contents Company Overview 1 Security Vulnerabilities 1 Policy Vulnerability 1 Hardware Vulnerability 2 Company Overview With three sites strategically located for global reach, headquarters in San Diego, California, The Defense Division (DD) in Santa Ana, California, and the Commercial Division (CD) 40 miles east of San Diego County, Aircraft Solutions has developed a dedicated and trained work force focused on providing its customers in the electronic, commercial, defense, and aerospace industry with great design and fabrication of component products and services. The mission of Aircraft Solutions is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. The company’s strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. Two Security Vulnerabilities Policy Vulnerability One of the major threats Aircraft Solution’s systems faces, under its current configuration, is its data vulnerability to unauthorized access. Data is consistently being accessed and modified by people such as employees, customers, suppliers, and contractors through...
Words: 605 - Pages: 3
...Withrow SE571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: July 25, 2011 Executive Summary To be completed once analysis and recommendations are completed Company Overview The United States Army Human Resources Command (AHRC) is comprised of many directorates that are data consumers. The command is broken down in areas of responsibility, the responsible directorate for the transmission of secure prospect information is the G6, this is the technology directorate, and this directorate has established an Information Assurance (IA) reasonable for the safe and secure and safe transmission of Personally Identifiable Information (PII) over the internet. Problem Statement The Army Selection Board system (ASBS) is the system the AHRC uses to conduct promotion, command, school, and other miscellaneous selection boards. The system allows the internal and external users to prepare, scrub, and accept the Official Military Personnel File in preparation for a selection board, as well as conducting the voting and during board operations. The timely and accurate board proceedings are the primary key to this application, the ASBS uses external users not a part of the AHRC team. The user’s are located around the globe and will be accessing the network in various means that are available to them. This secure transmission will need to have the security approval to access the AHRC data base for retrieval of information. Two...
Words: 673 - Pages: 3
...Running head: SECURITY ASSESSMENT AND RECOMMENDATIONS Security Assessment and Recommendations for Quality Web Design Mike Mateja October 9, 2011 Submitted to: Dean Farwood SE571 Principles of Information Security and Privacy Keller Graduate School of Management 1 SECURITY ASSESSMENT AND RECOMMENDATIONS 2 Table of Contents Executive Summary ............................................................................................ 3 Company Overview............................................................................................. 4 Security Vulnerabilities ....................................................................................... 4 Hardware Vulnerability: Unrestrained Components .................................................................. 4 Software Vulnerability: Unsecure Wireless Access Points .......................................................... 6 Recommended Security Solutions ....................................................................... 7 Hardware Solution: Physical Restraints ...................................................................................... 7 Impact: Hardware Solution ..................................................................................................... 8 Budget: Hardware Solution ..................................................................................................... 9 Software Solution: Configuring the Wireless access points for security ............
Words: 2829 - Pages: 12
...SE571 Principles of Information Security and Privacy Course Project FTP- File Transfer Protocol 12/02/2011 Company Overview MedAssets provides technology solutions and consulting services to cover the full spectrum of providers’ revenue cycle needs from patient access to claims denials. In addition, MedAssets’ decision support suite integrates financial, clinical and administrative information, and then distributes that data enterprise wide for timely analysis and decision making to positively impact future performance. All of these solutions help ensure your facility gets paid fairly, in a timely manner, for services rendered; which could potentially improve your net patient revenue 1-3%. Revenue Capture Solutions/ Value proposition MedAssets’ revenue capture solutions help establish and sustain revenue integrity by identifying missed charges, improving clinical documentation and providing tools for case management, all working to transform the revenue cycle and yield increases in the bottom line. Whether working with a large integrated delivery network or a small rural hospital, as a knowledgeable strategic business partner, MedAssets can replace multiple vendors and build a customized, multi-year program, using technology and know-how to help your facility achieve your financial and operational goals. File Transfer Protocol The File Transfer Protocol (FTP) allows clients to access remote file servers, list remote directories, and move files to or from...
Words: 738 - Pages: 3
...SE571 Principles of Information Security and Privacy James Smikonis Week 3 Project March 18, 2012 Professor George Danilovics Security Assessment and Recommendations A report needs to be assessed for Aircraft Solutions. This report consists of a security assessment that exhibits all founding flaws in their system, as well as giving AS a report regarding their current infrastructure. Aircraft Solutions is a component fabrication and equipment company that delivers different architectural designs. One of their specialties is establishing communications and solutions to defense, commercial, aerospace industries. The employees at AS are fully qualified for the tasks they entail hence making their workforce more efficient and supplying outstanding service. The purpose of this assessment is to investigate the weaknesses that are presented in the operations of Aircraft Solutions (AS). While conducting this assessment, we will expose vulnerabilities; give an analysis of any relative threats, risks that will be addressed and a comprehensive analysis of the relative threats and consequences pertaining to this mission. Assessment and Investigation After carefully examining the three sections pertaining to Aircraft Solutions, we found that policy and hardware related issues require special attention. We found that Aircraft Solutions does not utilize any firewall between the commercial division and the Internet Gateway. In fact, we exhibited that the Department Defense routes...
Words: 907 - Pages: 4
...SE571 Principles of Information Security and Privacy Table of Contents Executive Summary 1 Company Overview 2 Security Vulnerabilities 3 Hardware Vulnerability 3 Software Vulnerability 4 Policy………………………………………………………………………………...…5 Recommended Solutions 9 Hardware Solution……………………………………………………………………10 Software / policy Solution 10 Budget…...…………………………………………………………………………….11 Summary………………………………………………………………………………...11 References……………………………………………………………………………….12 Executive Summary Over the past 50 years, Boeing Aerospace Consulting (BAC) has dominated the Aerospace industry. Focusing more on client’s solution compromised BAC technology infrastructure. New technology inventions are frequently in the process of being developed, hackers formulate new ways to perform malicious attacks and fraud to take advantage of small and large companies. Today society has evolved in many ways, from the Roman Empire with modern electronic communication. Technologies, from those who discover the handiness, influence our lives with convenience, life, and many time horrible unforgiving acts. Maintaining security should always be the scope of a company priority. With those mental imperative in mind Boeing Aerospace Consulting (BAC) will focus to formulate solution for the growing Cyber, and other vulnerability attacks security policies have lacked within the company. ...
Words: 1288 - Pages: 6
...Two Vulnerabilities in QWD’s Network Design Pose a Threat to QWD’s Future Submitted to: Dean Farwood SE571 Principle of Information Security and Privacy Keller Graduate School of Management Submitted: January 23, 2011 Table of Contents Executive Summary 3 Company Overview 3 Company Vulnerabilities 4 Corporate Website accessible to customers should be on its own web server in a Demilitarized Zone (DMZ). 4 Microsoft SharePoint can potentially allow Remote Code Execution. 5 Works Cited 7 Executive Summary Purpose of this report is to inform of the possible threat that faces Quality Web Design (QWD) as it continues to improve it services to its customers and provide additional accommodation to its employees to meet and exceed the client’s needs in order to meet strategic goals. QWD specializes in Web site and Web content design for all types of businesses. With well over 250,000 proprietary images and graphic design that will enhance most web site’s appeal, QWD is poised to be the number one global leading brand in Web site and Web content design. Yet, two vulnerabilities in QWD’s network design seem to pose a security threat to QWD’s future leadership and competitiveness that must be address before exploited. First, customers are given access to the corporate website such design poses a security risk since the corporate intranet is hosted on the same web server. Should web server come under attack and be infected with a malware this can potentially disrupt...
Words: 1046 - Pages: 5
...Quality Web Design Submitted to: SE571 Principles of Information Security and Privacy Submitted: September 21, 2011 Executive Summary This report was commissioned to inspect and recommend solutions for Quality Web Designs (QWD) hardware equipment and software security concerns. QWD is a small local company concerned about the continual losses of hardware by employees travelling and stationary. The review of software solutions for the company revealed that they were lacking in several areas, the backup and recovery process, as well the lack of an antivirus solution. Hardware solutions were described as weak and require upgrade from the controls at the home and remote offices as well as the equipment that travels with employees to remote locations and on the road. With the commission of this report improvements would minimize the risks associated with these holes in security. Introduction Quality Web Design offers a variety of services such as web hosting, virtual addressing, and marketing just to name a few. The company was founded in 1995 and has over 50 years technical and business experience between the two partners. Based out of Connecticut, the company has made a worldwide positive impression with its site structure ease of access and clientele. The company has made an outstanding reputation for itself in the local community, by helping with local establishments businesses and churches as shown on their web site, in a small town setting. This assessment will...
Words: 1578 - Pages: 7
...AIRCRAFT SOLUTIONS SE571 Principles of Information Security and Privacy Phase II Course Project Company Overview Aircraft Solutions (AS) is a recognized leader in the design and fabrication of component products and services for companies in the electronics, commercial, defense, and aerospace industry. Located in Southern California, AS has a dedicated, trained workforce and maintains a large capacity plant and extensive equipment to meet customer requirements. Much of the equipment is automated to increase production while reducing costs. The company's workforce has a large skill base: design engineers, programmers, machinists, and assembly personnel to work its highly-automated production systems. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. The company strategy is to offer low-cost design and computer-aided modeling packages to customers to reduce their development expenses. AS will help the customer through all phases of new product deployment, from initial prototypes through final large-volume production and assembly. By involving itself in all phases of customer product development, AS hopes to establish long-term relationships and secure repeated follow-on business with its customers. In addition, AS continues to invest heavily in workforce education and training, so as to improve capability to serve its customers. Security Vulnerabilities Overall...
Words: 1895 - Pages: 8
...Running head: Security Assessment and Recommendations Week 6: Weaknesses Assignment Phase II- Security Assessment and Recommendations SE571 Principles of Information Security and Privacy Introduction Aircraft Solutions (AS) is a renowned equipment and component fabrication company with the capability to provide full range designs and implantation solutions to different sectors such as defense, aerospace, commercial and electronics industries. This paper discusses the possible recommendations based on the security assessment conducted in Phase 1, and proposes possible changes in order to ensure the safety of AS networks. The Company owns an enormous production plan which promises to deliver high quality solutions for targeted at various industries. It is equipped with a team of excellent and highly qualified professionals who cater to various needs of different industries. This paper intends to find possible solutions to bridge the gaps as found in the investigation in Phase 1. The weaknesses that are being addressed are the firewall configuration, virtualization of their hardware assets and defining and revisiting their security policy regarding firewall configuration and updated software at least twice a year. Brief overview of the Vulnerabilities in AS After a thorough investigation of the IT architecture and systems of the Aircraft Solutions, two main concerns were identified as the priority items that needed attention. The first was hardware related concern and was...
Words: 1692 - Pages: 7
...Course Project: Security Assessment Recommendations Vincent Hill DeVry University Keller Graduate School Principles of Information Security and Privacy SE571 Professor Krell April 15, 2012 Course Project: Security Assessment Recommendations INTRODUCTION An organization that specializes in making web site and providing web business solutions is known as Quality web design is. The company’s goal is to help its customers increase consumer generated revenue to Quality Web Design customer web sites. The other business solutions accompanied are accounting, payroll marketing, also parts of the business process and for which it assets are employed. Quality Web Design should be made aware of various security issues, even those that are not common. Identified are two of the potential security weaknesses that require improvement, and the possible remedies for each threat. The company Quality Web Design provides business solutions to the customers... The circuit used by the company may prove various flaws to security and the hardware and software used have various limitations as Microsoft share point which have limitations in supporting virtualization, up gradation whereas the web server provided by IBM provides various functionalities over the Microsoft web server. The company has a very good hardware, software, network system, the assets used by the company provide the support to the business process but there are many limitations of the hardware, software, assets and...
Words: 1453 - Pages: 6
...Security Concerns Regarding Quality Web Design Submitted to: SE571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: April 20, 2014 Table of Contents Executive Summary 1 Company Overview 1 Security Vulnerabilities 3 Threats Through Using VPN Tunnels 3 SQL Injections 4 Recommended Solutions 5 Threats Through Using VPN Tunnels 6 SQL Injections 8 Impact on Business Processes 9 Budget 10 Summary 11 References 12 Company Overview Quality Web Design (QWD) is a web development organization that creates client side web application that distributes web content to a user in order to improve an existing web site. They have a basic Microsoft shop that uses a Visual Studio Team Foundation Service to host the image repository as well as Visual Studio to design, QA and develop their site. They are also utilizing Microsoft SQL Server and Microsoft Exchange. Security Vulnerabilities The two Security vulnerabilities that I am going to document are VPN Tunnel potential security breaches as well as SQL Injection attacks. These are the two areas that I believe the organization has not looked at as potential risks for issues. Security Vulnerabilities The first threat that I want to elaborate on is a hardware vulnerability that is inherent in the use of VPN Tunnels. The main threat mostly lies with users not utilizing the same security precautions that are used in the office. Often users are unaware that they have a direct link straight...
Words: 1671 - Pages: 7
...Michalek SEC571 Principles of Information Security and Privacy Keller Graduate School of Management Submitted: April 21, 2013 Table of Contents Company Overview ……………………………………………1 Company Assets ………………………………………………..1 Vulnerabilities ………………………………………………….2 Hardware Vulnerability………………………………….......2 Policy Vulnerability …………………………..……………..3 Recommended Solutions…………………………………….... 5 Hardware Solutions ……………………...………………..…5 Policy Solutions ……………………………...……………...10 Budget ………………………………………………………….12 Summary ………………………………………………………13 References……………………………………………………...14 Company Overview Aircraft Solutions (AS) company located in Southern California design and fabricates component products and provide services for companies in the electronics, commercial, defense, and aerospace industry. The mission of AS is to provide customer success through machined products and related services, and to meet cost, quality, and schedule requirements. AS uses Business Process Management (BPM) to handle end-to-end processes. BPM system is designed to connect customers, vendors, and suppliers. Security Weakness In the communication between AS’s headquarter and its two departments make the AS’s headquarter assets are targeted, I will discuss here about the vulnerabilities in software and the policy. Company’s Assets The assets for AS are the Business Process Management, BPM, system and the servers used to store customer data such as project information, computer...
Words: 4091 - Pages: 17
